Overview of VPN

Private Networks
Organization A
Site 4
Organization B
Site 1

Organization A
Site 3
Organization A
Site 1

Organization B
Site 3
Organization B
Site 2

Leased Lines
Organization A
Site 2
2

Private Network
Advantages:
Leased lines are secured
Privacy and QoS Guarnteed

Disadvantages
Leased lines are very expensive
No of links required grows exponentially if full mesh
connectivity is required and network expands.
More nos of CPE ports are required
Network complexity increases as network grows. All existing
sites requires reconfiguration in case of a new site addition.

Internet Based Private Network

Organization A
Site 4
Organization B
Site 1

Internet

Organization A
Site 3

Shared Infrastructure
Organization A
Site 1

Organization B
Site 3
Organization B
Site 2
Organization A
Site 2
4

Internet Based Private Network

Advantages:
Single physical connectivity at each site.
No reconfiguration required at existing sites in case
of addition of new site to the network.
Saving on CPE ports
Huge saving in annual connectivity charges.

Disadvantages:
Highly insecure environment
No guarantee of Privacy and QoS
Any unauthorized traffic can enter in private network
5

Virtual Private Network

Different solutions are available to make
communication over internet safe, secure and it can
also ensure desired grade of quality of service.
These solutions are known as VPN solutions.
Different protocols like L2TP, PPTP, IPSec etc are
available to provide VPN solutions to customers.
These Protocols take care of data authenticity, data
integrity, and if required data confidentiality.

Virtual Private Network

Organization A
Site 4

Firewalls

Organization B
Site 1

Internet

Organization A
Site 3

Organization A
Site 1

Organization B
Site 3
Organization B
Site 2
Organization A
Site 2
7

Deploying VPNs in the 21st Century

Corporate
Headquarters

Intranet
Internet

Remote Access

Extranet

Branch
Office
Mobile Users and
Telecommuters

Suppliers, Partners
and Customers

Uses IP Infrastructure
May be shared with Internet services
Increasing importance of IP/MPLS (not ATM/FR)
Subscriber requirements
Lower operational expenses
A single network connection for multiple services
Provider requirements
Multiservice infrastructure
Create additional source of revenue
8

Virtual Private Network Categories

VPN can be classified in two categories
Customer Provisioned
VPN Tunnels originate and terminate at customer premises
Provisioning of equipment and allied activities is the responsibility of
the customer
Provider may not be aware of the VPN tunneling through his network

Provider Provisioned
VPN Tunnels originate and terminate at the service providers edge
Responsibilities of creating and maintaining these tunnels lies with
the provider

Customer Provisioned VPNs

Secured
Tunnels

Organization B
Site 1

Internet
Organization A
Site 1

Organization B
Site 3

Organization B
Site 2

10

Provider Provisioned VPNs

Secured
Tunnels

Organization B
Site 1

Internet
Organization A
Site 1

Organization B
Site 3

Organization B
Site 2

11

MPLS Based VPNs

MPLS Based Layer 3 VPNs
Providers router participates incustomers layer 3 routing
Provider router manages VPN-specific routing tables,
distributes routes to remote sites
CPE routers advertise their routes to the provider

MPLS Based Layer 2 VPNs

Customer maps their layer 3 routing to the circuit mesh
Provider delivers Layer 2 circuits to the customer, one for
each remote site
Customer routes are transparent to provider
12

MPLS Based Layer 3 VPN

A VRF is created
for each VPN
connected to the PE

VPN A
Site 1

VPN A
Site2

CEA2

VPN B
Site2

CEA1

VPN B
Site 1

Static
Routes

OSPF
PE 2 Routing

CEB2

PE 1
CEB1

VPN C
Site 1

PE 3

CEA3
E-BGP

VPN A
Site 3

CEB3

CEC1

CEC2
VPN B
Site3

VPN C
Site 2

13

MPLS Based Layer 3 VPNs

Each VRF is populated with:
Routes received from directly connected CE
routers associated with the VRF
Routes received from other PE routers
with acceptable BGP attributes

Only the VRF associated with a VPN is used

for packets from a site of that VPN
Provides isolation between VPNs
14

MPLS Based Layer 3 VPNs

Customers can use overlapping IP addresses
Customers are free to use any IP address even
private IP addresses.
Very little manual configuration. Auto discovery of new
sites. No reconfiguration of existing sites in case of
new site addition.
Cheaper than leased lines as it works on MPLS based
IP infrastructure which is a shared infrastructure.
QoS can be assured as MPLS has the capability to
provide differentiated QoS
15

MPLS Based Layer 3 VPNs

Customers can create intranet as well as
extranet with the help of layer 3 VPNs.
Extranet allows the customers to allow business
partners, suppliers to access their network.
100 % secured intranet as well as extranet.
Single physical connectivity at every site
resulting in very simple network topology.
Provider participates in customers routing
process.
16

MPLS Based Layer 2 VPNs

Provider edge device delivers Layer 2 circuit IDs
(DLCI, VPI/VCI, or VLAN ID) to the customer
Customer sees standard FR or ATM PVCs
From my site, one for each reachable site

Provider edge device maps the circuit ID to an MPLS

LSP to traverse the provider core
Label stacking could be used to improve scalability

Customer maps their own routing architecture to the

circuit mesh
Customer routes are transparent to provider
Separation of administrative responsibility
17

MPLS Based Layer 2 VPNs

A VFT is created
for each CE
connected to the PE

VPN A
Site 1

VPN A
Site2
CEA2

CEA1

ATM

VPN B
Site 1

VPN B
Site2

ATM

PE 2

FR

CEB2

PE 1

FR
CEB1

PE 3

ATM

CEA3

VPN A
Site 3

Each VFT is populated with:

The information provisioned for the local CEs

VPN Connection Tables received from other PEs via BGP or LDP
18

MPLS Based Layer 2 VPNs

Layer 2 VPN supported Technologies
Frame Relay
ATM
Ethernet
Ethernet VLANs
HDLC
PPP

19

MPLS Based Layer 2 VPNs

Separation of customers and providers routing
provides extra confidence to customer about
security of his network.
Customer can choose any layer 2 connectivity
which is supported by layer 2 VPN.

20

Virtual Private LAN Service VPLS

Different sites of customers network can get
connected to MPLS network on Ethernet just like they
connect with any LAN switch.
With auto discovery of MAC addressed of devices
each site can learn about the machines connected
with VPLS service.
To customer it appears very much like a ordinary
Ethernet connectivity.
To customer MPLS network appears like a huge LAN
switch with which its different site are connected just
like connected with Ethernet LAN switch.
21

Virtual Private LAN Service

VPN A
Site 1

VPN A
Site2

CEA2

VPN B
Site2

CEA1

PE 2

PE 1

CEB2

VPN B
Site 1

P
CEB1

PE 3

VPN A
Site 3

CEA3

A private Ethernet network constructed over a shared

infrastructure which may span several metro areas
Multipoint to Multipoint Ethernet connectivity where the SP
network looks like an Ethernet broadcast domain
Compliments Layer 3 2547 and Layer 2 VPNs
22

What is Quality of Service

Desktop
Conferencing,
Distance Learning
Mission-Critical
Applications

E-Mail

FTP
23

Role of QoS
Protect mission-critical applications
Voice, ERP, data warehouse,
sales force automation

Prioritize groups of users

Finance, sales, suppliers

Enable multimedia applications

Distance learning, desktop video conferencing

Quality of Service (QoS)

MPLS has got very powerful tools like traffic
prioritization, traffic scheduling, traffic shaping,
traffic policing etc to ensure proper grade of
quality of service to customer.
Broadly three grades of services are available
at present in MPLS VPN Service
Gold (Guaranteed bandwidth, delivery, Jitter and
latency)
Silver (Guaranteed delivery)
Bronze (Best effort)
25

Three Classes of Service

Three class of service according to the
customers requirement (Gold, Silver & Bronze)
If customer requirement is more than 2 Mbps then
tariff will be n x tariff for 2 Mbps.
Class
of
Service

Comitted
Bandwidth
(%)

1.

Gold

2.
3.

Sl No.

Tariff per Annum (Rs in Lakhs)

64
kbps

128
kbps

256
kbps

512
kbps

1 Mbps

2 Mbps

99

0.77

1.38

2.38

3.69

5.84

12.32

Silver

50

0.58

1.04

1.79

2.76

4.38

9.24

Bronze

25

0.38

0.69

1.19

1.84

2.92

6.16

26

Service Tax & Discount

Service tax @ 10% will be charged w.e.f
10/9/2004 and
Education cess @ 2 % of the service tax will
also be levied in addition to service tax
No of Ports

Discount on VPN Port

2 to 5

10 %

6 to 10

12 %

11 to 15

15 %

16 and above

20 %

27

Tariff for Leased Line Data Circuits

S.N.

Distance
(kms)

64 Kbps
(Rs.)

2 Mbps
(Rs.)

8 Mbps
(Rs.)

34 Mbps
(Rs.)

140 Mbps
(Rs.)

50

34,319

3,48,642

13,94,568

55,78,272

2,23,13,088

100

40,646

5,38,454

21,53,816

86,15,264

3,44,61,056

200

54,412

9,51,431

38,05,724

1,52,22,896

6,08,91,584

300

68,178

13,64,407

54,57,628

2,18,30,512

8,73,22,048

400

81,944

17,77,384

71,09,536

2,84,38,144

11,37,52,576

500

95,710

21,90,360

87,61,440

3,50,45,760

14,01,83,040

Beyond
500

96,000
(Fixed)

22,00,000
(Fixed)

88,00,000
(Fixed)

3,52,00,000
(Fixed)

14,08,00,000
(Fixed)

28

Tariff for 128 kbps to 960 kbps

The tariffs for 128 kbps to 960 kbps is equal to
the tariff for 64 kbps x by the coefficients as below
Capacity

Coefficient

960 kbps

7.6

768 kbps

6.4

512 kbps

4.8

384 kbps

4.0

320 kbps

3.6

256 kbps

3.1

192 kbps

2.5

128 kbps

1.8

29

ICICI Bank Case Study

Total nos of Leased Lines of Various capacities
across the Country 82
Total Annual charges paid Rs 142604651/ 75 links were possible to be shifted on VPN
Cost of 75 VPNs of different capacities
Rs- 7,30,00,000/ Cost of rest 7 leased lines Rs-50,00,000/
Total cost 7,80,00,000/30