RTTC Pune presents

MPLS based Virtual Private Network

Private Network
Infosys Pune Wipro Mumbai

Infosys Hyderabad

Infosys Mumbai

Wipro Bangalore Wipro Chennai Infosys Bangalore Leased Lines

e.g. Leased Lines

Private Network
Advantages :
Security. Privacy and Guaranteed QoS.

Disadvantages :
Leased lines are very expensive. No. of links grows exponentially if full mesh connectivity is required and network expands. Network complexity increases as network grows. For a new site addition all existing sites requires reconfiguration.

Public Network
Connectionless network : Each IP packet is routed independently. Delay : Multiple packets originated from the same source for the single destination may follow different paths. Loss of Information : Some of the packets may also fail to reach the destination. Out of Sequence : bad for VoIP and Video.

Hence Quality of Service can not be assured by the internet network.

e.g. Internet

Internet : Weaknesses
An open and shared network. Any person from anywhere can access any part of network. It is not controlled by any single agency. No security mechanism, it is left to the customer who adopts different means for data protection depending upon how important the data is? L3-Routing protocols are used. Forwarding is based on the destination address only. Destination based Routing lookups are performed on every hop.

Internet Devices
Firewalls To avoid unauthorized intrusions
Switches To connect LANs Routers To route the traffic from Source to Destination

Customer Expectations
The customer today wants :
QoS Security

Speed or CIR / BOD

SLA

Cost effectiveness
Manageability.

VPN : Virtual Private Network

It is a technique of utilizing Public Network for Private (i.e. Secured) Communication. VPN simulates the operation of private WAN over the Public network. A private network constructed over a shared infrastructure like Internet. Virtual - not a separate physical network. Private - separate addressing and routing policies. Network - a collection of devices that communicate. VPNs reduce the cost of private networking.

VPN
VPN technologies :
IPSec, GRE, Socks, PPTP, L2TP and now MPLS.

MPLS emerged from IETFs effort to standardise set of proprietary multi layer switching solutions without compromising on Security . MPLS nicely integrates the control of IP routing with a simplicity of L2 switching. MPLS reduces the complexity of N/w operation and does Resource allocation to assure CIR.

VPN (FR/ATM)
City-B City-A

Org-X

FR/ATM Org-X Shared Infrastructure

PVCs
City-C

Org-X

City-D

Org-X

Permanent Virtual Circuits

VPN (FR/ATM)
Each office is connected to the network with a single physical line
Number of physical lines to connect n sites = n

Each office is connected with other offices by Virtual circuits, pre established by network administrator
Number of VCs to connect n sites = n(n-1)/2

Provide moderate amount of security and QoS. L2 devices have no knowledge of L3 routing information.Network administrator has to configure PVCs manually at every node involved in the network
Difficult to implement if number of sites are more.

VPN (FR/ATM)
To add a new office site, network administrator has to configure new virtual circuits at each every concerned node. Frame Relay & ATM technologies are very complex, expensive and so not deployed everywhere particularly in third world countries.

Internet Based VPN

Infosys Pune Wipro Pune Infosys Hyderabad

Internet
Shared Infrastructure
Infosys Mumbai

Wipro Bangalore Wipro Chennai Infosys Bangalore

Internet Based VPN

Advantages:
Single physical connectivity at each site. No reconfiguration required at existing sites in case of addition of new site to the network. Huge saving in annual connectivity charges.

Disadvantages:
Highly insecure environment. No guarantee of Privacy and QoS. Any unauthorized traffic can enter in private network.

VPN Tunnels
Tunneling is the mechanism to encapsulate IP datagrams inside another packet so that original datagram is not visible to network. Every packet is authenticated to ensure that it is coming from right source and optionally packets can be encrypted also for data confidentiality if required

X-Y X-Y X-Y X-Y A-B A-B X-Y X-Y X-Y X-YX-YX-YX-Y X-Y X-Y X-Y

Firewall

Internet

Firewall

Virtual Private Network

Infosys Pune Wipro Mumbai Infosys Hyderabad

Firewalls

Internet
Infosys Mumbai

Wipro Bangalore

Wipro Chennai

Infosys Bangalore

VPN Tunnel-Analogy
Encapsulating Protocol Original Packet

Carrier Protocol

VPN Tunnel
VPN Tunnel Encrypted Data

Authentication Information
Carrier Protocol

Advantages of VPN - Data Security

Authenticity
Ensures the identity of all communicating parties Each data packet was originated by the claimed sender

Data Integrity
Ensures that information being transmitted over the link is not altered in any way during transit

Data Confidentiality
Protects the privacy of information being exchanged between communicating parties

BSNLS MPLS Network

A1 Nodes - 5 Ajmer Ludhiana Ferozpur Bhopal Gwalior Amritsar Lucknow Jabalpur Mehsana Kalyan Rajkot Jaipur Patna Jullundar
Si Si

Ambala Faridabad Gurgaon Noida Jodhpur Kanpur

Ghaziabad Dehradun Meerut Agra Dimapur

A2+A3 Nodes - 9 A4 Nodes - 10 B1 + B2 Nodes - 47

Varanasi

Shimla

Si

Allahabad
Si

Chandigarh

Shilong

Guwahati Siliguri

Noida
Ahmedabad Indore

Ranchi Durgapur
Si

Mumbai
Si

Kolkata

Bhubneshwar Jamshedpur

Surat Vadodara Aurangabad Panjim

Nagpur
Si

Pune

Banglore

Chennai
Ernakulam

Si

Coimbtore

Manglore

Si

Vijaywada

Hyderabad

Si

Madurai Trichy
Pondicherry

Kolhapur

Raipur

Nashik Vizag Rajmundary Tirupati Belgaum Hubli Mysore Kalikat Palghat Trivandrum Trichur

Strength of BSNLs MPLS :

Widest presence : Over 300 cities covering terrestrial area at the most affordable price. Technology : Installed high end 12400 GSR Cisco and M40e-Juniper routers capable of handling very high traffic which offers QoS , application wise BW allocation and many other VA features. Dedicated Network : BSNL MPLS N/w exclusively carries only MPLS traffic.
All major nodes are Mesh connected on STM-16 ( 2.5 Gbps) pipe so no congestion. Complete MPLS Backbone is built on SDH platform

Strength of BSNLs MPLS :

MPLS is a new forwarding mechanism where packets are forwarded based on Label. Committed Bandwidth : BSNL offers 3 COS- Gold, Silver and Bronze offering 99.9%, 50% and 25% of committed bandwidth with inherent resource allocation feature. So customers will never get less than the committed BW. Bandwidth offered : From 16 Kbps to STM1. NOC : Complete MPLS N/w is monitored 24X7 from NOC at Bengalore. Cost effective solution for Corporate CUG.

MPLS Based VPNs

What is the need for new technology like MPLS?
In normal IP based network routing decisions are done on hop-by-hop basis (i.e. at every node/router). Leased Line based network is highly expensive and do not provide mesh connectivity among the sites by default. Hence a need of a ultra fast forwarding technology. MPLS changes the hop-by-hop paradigm by enabling devices (routers) to specify paths for a specific type of traffic to follow in the network based upon QoS and bandwidth needs of the applications.

MPLS : Multi Protocol Label Switching

A technology for speeding up data communication over combined IP (or ATM) networks. MPLS improves the speed of packet processing and enhances performance of the network. MPLS provide a connection-oriented service for transporting data across computer networks. Ability to use any physical transmission media allows higher backbone and interface capacity. Ultra Fast Forwarding Technology.

Complexity of Network with Leased Lines

Ahmedabad Mumbai Pune Delhi Lucknow

Leased lines from BSNL

Bangalore Kolkotta

Ernakulam Hyderabad Links

Chennai

The MPLS environment

Ahmedabad Lucknow Mumbai Pune Delhi

BSNLs MPLS VPN Network

Bangalore Kolkotta

Ernakulam Hyderabad

Chennai

Router Links

How does MPLS work ?

Only Edge routers perform Layer 3 header analysis/routing lookup (i.e. looking at Source and Destination IP Address). It is done just once when the packet enters the MPLS domain. MPLS Edge router attaches a label to Packet when it enters the MPLS domain. Core routers switch packets based on simple label lookups and swap labels. L2 devices run a L3 routing protocol and establish Vitual Circuits dynamically based on L3 information. No need to manually establish Virtual Circuits.

Advantages of MPLS
MPLS Labels usually corresponds to IP destination networks (equal to traditional IP forwarding) Labels can also correspond to other parameters such as QoS, FEC, Source address. Traffic can be forwarded based on these other parameters. Load sharing across unequal paths can be achieved. MPLS is designed to support forwarding of other protocols as well. MPLS gives network operators (BSNL) a great deal of flexibility to divert and route traffic around link failures, congestion, and bottlenecks.

Terminology used in MPLS

Label Switched Path (LSP) : The network path created by the MPLS protocol. LSP is an unidirectional entity

Label Switching Routers (LSR) : The routers which support the MPLS protocol. Types of LSRs : ingress, transit, penultimate, and egress.

MPLS Routers
Ingress Router :
The Entry point for user data traffic into MPLS. It is a start point of LSP. Egress Router : The Exit point for user data traffic from MPLS domain. It is a End point of LSP. Transit Router : The routers located along the LSP to swap the MPLS labels. Penultimate Router : One of the transit routers in an LSP which has a special function called Penultimate Hop Popping to perform.

MPLS : Terminology
Label :
Header created by the edge LSR and used by the LSRs to forward packets. Identifies the path a packet should traverse.

Forwarding Equivalence Class (FEC)

A group of IP packets which are forwarded in the same manner, over the same path, and with the same forwarding treatment. An FEC might correspond to a destination IP subnet. For example, all traffic with a certain value of IP precedence might constitute a FEC.

MPLS Network

MPLS Architecture
MPLS Architecture is divided into two planes: 1. Control Plane : Create Labels and LSPs 2. Data Plane : Forwarding Labeled Packets MPLS takes help of many Protocols: 1. Routing Protocols 2. Signaling Protocols LDP or RSVP

MPLS Label Format

Label (20-bits) CoS S TTL

L2 Header

MPLS Header
32-bits

IP Packet

Fields
20 bit Label. 3 bit Experimental field (CoS-Class of Service) 1 bit Bottom of the Stack bit. 8 bit TTL field (Time to live)

IP packet is encapsulated by ingress LSR IP packet is de-encapsulated by egress LSR

How MPLS works?

What is Quality of Service

Desktop Conferencing, Distance Learning Mission-Critical Applications

E-Mail

FTP

Role of QoS
Protect mission-critical applications
Voice, ERP, data warehouse, sales force automation

Prioritize groups of users

Finance, sales, suppliers

Enable multimedia applications

Distance learning, desktop video conferencing

Quality of Service (QoS)

MPLS has got very powerful tools like traffic prioritization, traffic scheduling, traffic shaping, traffic policing etc to ensure proper grade of quality of service to customer. Broadly three grades of services are available at present in MPLS VPN Service
Gold (Guaranteed bandwidth, delivery, Jitter and latency) Silver (Guaranteed delivery) Bronze (Best effort)