Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Network tap wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Airborne Networking wikipedia , lookup
Net neutrality wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Deep packet inspection wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Net neutrality law wikipedia , lookup
MPLS for Private Networks Murat Ozdemir, Sr. Systems Engineer [email protected] Juniper Networks, Turkey Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1 Agenda MPLS Basics MPLS Applications Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 2 The WAN - more than just connectivity Impact on applications More rich content Lower-priority applications slow down critical ones Protocol chattiness Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential Inability to understand application and WAN performance www.juniper.net 3 Requirements for the modern network Consolidation Control Resiliency Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 4 Network Consolidation - Before Resilient Low latency PSTN Best effort FR/ATM Guaranteed delivery Synchronous data Video / CCTV Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential IP Fibre Channel Isochronous High bandwidth www.juniper.net 5 Network Consolidation- The Dream IP Resilient Low latency Guaranteed delivery Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential High bandwidth Synchronous Isochronous www.juniper.net 6 Now the problem IP is an open asynchronous datagram protocol Good at its job but it was never designed to support: • • • • Security Quality of service Synchronous working Isochronous operation IP We need to do something different Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 7 IP is Necessary but not sufficient MPLS adds traffic processing Security Quality of service Application intelligence Traffic Processing Transport Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential Connectivity Bandwidth LAN switching WLAN Optical www.juniper.net 8 Network Consolidation- The reality IP/MPLS Resilient Low latency Guaranteed delivery Fast re-routing Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential High bandwidth Synchronous Isochronous Congestion management www.juniper.net 9 IP Routing Traditional routing based on hop-by-hop behaviour • Each router in path makes a complex decision potentially based on full address and contents Murat Ozdemir Juniper Networks Beybi Giz Plaza Maslak-Istanbul Turkey Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 10 Multi-Protocol Label Switching Label switching path based on an end to end route (LSP) Simple decisions Murat Ozdemir Juniper Networks Beybi Giz Plaza Maslak-Istanbul Turkey Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 11 MPLS Multiservice Network L2 VPN MPLS Network L3 VPN Network acts like a router Network acts like a bridge Create network wide VLANs Multicast Support information feeds Broadcast TV Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 12 Requirements for the modern network Consolidation Control Resiliency Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 13 What do MPLS packets look like? IP Header SCP 20 Bits 3Bits 1Bit 8Bits Label EXP S ATM Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential TTL Defines Per Hop Behaviours Expedited Forwarding Assured Forwarding Best Effort www.juniper.net 14 DiffServ Mapping to MPLS TE BE AF EF E-LSP EXP inferred PHB scheduling class LSP Maps multiple DiffServ classes to 1 LSP Provides QoS within the LSP Each class follows the same route Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 15 Route determination in MPLS Networks E-LSP carrying all traffic Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential Constrained SPF can determine routes based on allocated bandwidth www.juniper.net 16 DiffServ Mapping to MPLS TE BE L-LSP AF L-LSP EF L-LSP Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential Label only inferred PHB scheduling class LSPs Maps DiffServ classes to individual LSPs Each class can take a different route www.juniper.net 17 Route determination in MPLS Networks L-LSP for Expedited Forwarding Constrained SPF can determine routes based on allocated bandwidth L-LSP for Assured Forwarding Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 18 Class of Service on an MPLS network L-LSP mapped with EF supporting voice traffic WEB Traffic WEB Traffic L-LSP mapped with AF supporting storage traffic Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 19 Requirements for the modern network Consolidation Control Resiliency Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 20 Resiliency: Provides fast routing and re-routing capabilities to ensure connectivity and support real-time applications Re-routes around link failures in sub50 msec to maintain real-time traffic Primary Route Failover Route Redundant MPLS connections (LSPs); Failover in less than 50 msec Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 21 Fast Re-Routing Bypass LSP Constrained SPF can determine routes based on required parameters Primary LSPs Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 22 Fast Re-Routing Bypass LSP Constrained SPF can determine routes based on required parameters Primary LSPs Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 23 Fast Re-Routing Bypass LSP Constrained SPF can determine routes based on required parameters Primary LSPs Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 24 Fast Re-Routing Bypass LSP Constrained SPF can determine routes based on required parameters Primary LSPs Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 25 Fast Re-Routing Bypass LSP Constrained SPF can determine routes based on required parameters Primary LSPs Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 26 Benefits of MPLS Network Backbones #1 Many VPNs to transparently support many different groups and protocols Backbone Router Branch Router MPLS VPN A MPLS VPN B Physical connection Copyright © 2003 Juniper Networks, Inc. #3 Redundant MPLS connections (LSPs); Failover in less than 50 msec Proprietary and Confidential #2 Converged network with Classes-of-Service supporting many different applications www.juniper.net 27 Agenda MPLS Basics MPLS Applications Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 28 Diverse requirements Guaranteed delivery and/or best effort with network engineered for performance Copyright © 2003 Juniper Networks, Inc. Layer 3 Proprietary and Confidential Best effort App Service provider Enterprise None Layer 2 Assured Experience Network IPsec or SSL applied at network or application level Trusted Content of the VPN tunnel. Untrusted Trusted or untrusted endpoints Ownership and management of equipment (in-house vs. outsourced) www.juniper.net 29 Juniper VPN toolkit A suite of VPNs to choose from including: Assured VPNs • Layer 3 MPLS • 2547 based VPNs (BGP based) • Layer 2 • Kompella (BGP based), Martini (LDP based) VPLS (BGP based) Secured VPNs • IPsec • SSL Secured and Assured VPNs • Hybrid Layered scenarios • IPsec over MPLS Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 30 Trusted Copyright © 2003 Juniper Networks, Inc. Layer 3 Proprietary and Confidential Best effort App Service provider Layer 2 VPN Enterprise None Layer 2 Assured Experience Network Consolidation Untrusted Assured VPNs www.juniper.net 31 Assured VPNs: Layer 2 MPLS VPN Corporate IT owned and managed Service Provider owned and managed PE Layer 2 VPN PE Ethernet Frame relay ATM PPP/HDLC Performance engineered Premise Copyright © 2003 Juniper Networks, Inc. Backbone Proprietary and Confidential Premise www.juniper.net 32 L2 MPLS VPNs OC3 ATM Access Network ATM Access Network Wholesale Application GE IP/MPLS Core T-Series PoP FE OC3 Wholesale VPNs OC3 OC3 T-Series GE Ethernet Access Network Ethernet Access Network GE Internet Leverage MPLS infrastructure to provide wholesale Layer 2 Services Circuit Cross Connect (CCC) supports ATM and Ethernet services Rich Layer 2 QoS capabilities for ATM, Ethernet Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 33 Assured VPNs: TCC VPNs Corporate IT owned and managed Service Provider owned and managed PE TCC VPN PE Ethernet Frame relay or ATM or PPP/HDLC Performance engineered Premise Copyright © 2003 Juniper Networks, Inc. Backbone Proprietary and Confidential Premise www.juniper.net 34 Virtual Private LAN Service VPN A Site 1 VPN A Site2 CE–A2 VPN B Site2 CE–A1 P P PE 2 PE 1 CE–B2 VPN B Site 1 P CE–B1 P PE 3 VPN A Site 3 CE–A3 A private Ethernet network constructed over a ‘shared’ infrastructure which may span several metro networks Service: Multipoint to Multipoint Ethernet connectivity • For the CE perspective, the core network looks like a private Ethernet broadcast domain Complements Layer 3 2547bis and Layer 2 Services Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 35 Trusted Copyright © 2003 Juniper Networks, Inc. Layer 3 Proprietary and Confidential Best effort App Service provider Layer 3 VPN Enterprise None Layer 2 Assured Experience Network Consolidation Untrusted Assured VPNs www.juniper.net 36 Assured VPNs: Layer 3 Service Provider owned and managed Corporate IT owned and managed PE IP Layer 3 MPLS VPN Performance engineered Premise Copyright © 2003 Juniper Networks, Inc. Backbone Proprietary and Confidential Premise www.juniper.net 37 Layer 3 VPNs - RFC 2547bis Static, BGP,RIP, OSPF Static, BGP,RIP, OSPF MPLS Core Ethernet VRF PE ATM/FR VRF VRF P Label Stacking xDSL PE Ethernet ATM/FR VRF xDSL Static, BGP,RIP, OSPF MP/BGP Signaling Static, BGP,RIP, OSPF Customer Benefits Outsourced routing Full mesh vs. hub & spoke More resilient Faster transactions Overlapping address space Flexible access technologies Access to rich layer 3 services Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 38 Assured VPNs: Benefits Service Provider: Enterprise: Cost savings: Increased ROI with multiple VPNs and customers over common IP core Seamless migration of customer services from legacy network to layer 3 network Ability to offer on-net services High availability/reliability With layer 2 VPNs, migration to layer 3 services is completely transparent Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential • No changes to existing legacy networks required Similar level of privacy offered, no cryptography • Traffic separation isolates customer’s data Visibility: abstracted views of shared resources High availability/reliability www.juniper.net 39 Copyright © 2003 Juniper Networks, Inc. Layer 3 Proprietary and Confidential App Service provider None Best effort IPsec VPN over internet Enterprise Trusted Fixed site to site Layer 2 Assured Experience Network Untrusted Secured VPNs www.juniper.net 40 Secured VPNs: CPE based IPsec Corporate IT owned and managed Service Provider OR Security Provider owned and managed Internet IPsec tunnel Not performance engineered Premise Copyright © 2003 Juniper Networks, Inc. Backbone Proprietary and Confidential Premise www.juniper.net 41 CPE based IPsec Retail Store Retail Store Offering VPN & Anti-Virus in more than 5,000 retail stores located throughout the U.S. Secure point of sale, inventory, cell phone activation,& other back office business applications between corporate & each store. Central management of security policies & devices Web & Email Servers Point of Sale Servers Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential DMZ NetScreen-Security Manager Fort Worth www.juniper.net 42 Secured VPNs: Network based IPsec Corporate IT owned and managed Service Provider owned and managed IPsec tunnel Performance engineered Premise Copyright © 2003 Juniper Networks, Inc. Backbone Proprietary and Confidential Premise www.juniper.net 43 Secured VPNs: Network based IPsec Corporate IT owned and managed Service Provider owned and managed Radius server IPsec tunnel Layer 3 MPLS VPN IPsec tunnel Performance engineered Premise Copyright © 2003 Juniper Networks, Inc. Backbone Proprietary and Confidential Premise www.juniper.net 44 Copyright © 2003 Juniper Networks, Inc. Trusted Remote access – mobile user Layer 3 Proprietary and Confidential Best effort App Service provider SSL VPN over internet Enterprise None Layer 2 Assured Experience Network Untrusted Secured VPNs www.juniper.net 45 Secured VPNs: SSL VPNs Corporate IT owned and managed Service Provider OR Security Provider owned and managed Internet SSL VPN Untrusted endpoint Not performance engineered Premise Copyright © 2003 Juniper Networks, Inc. Backbone Proprietary and Confidential Premise www.juniper.net 46 Copyright © 2003 Juniper Networks, Inc. Layer 3 Proprietary and Confidential Best effort App Service provider Enterprise None Layer 2 Assured Experience Network Fixed site to site Trusted Consolidation Untrusted Hybrid VPN deployment scenarios Hybrid IPsec and MPLS L3 VPN www.juniper.net 47 Secured and Assured VPNs: IPsec over MPLS Corporate IT or Security Provider Owned and managed Service Provider Owned and managed MPLS L3 VPN IPsec tunnel Performance engineered Premise Copyright © 2003 Juniper Networks, Inc. Backbone Proprietary and Confidential Premise www.juniper.net 48 Secured and Assured VPNs: Hybrid VPNs, IPsec into MPLS VPN 1 2 Corporate IT owned and managed 3 Service Provider owned and managed IPsec tunnel Internet MPLS VPN Security Provider owned and managed IPsec tunnel Internet Performance engineered Premise Copyright © 2003 Juniper Networks, Inc. Backbone Proprietary and Confidential Premise www.juniper.net 49 Layer 3 Proprietary and Confidential Best effort App Service provider Service provider hosted SSL VPN over internet Enterprise Trusted Extranets Copyright © 2003 Juniper Networks, Inc. None Layer 2 Assured Experience Network Untrusted Flexible VPN deployment scenarios www.juniper.net 50 Secured and Assured VPNs: Hybrid VPNs, Managed SSL service Corporate IT owned and managed Service Provider owned and managed Internet Performance engineered Premise Copyright © 2003 Juniper Networks, Inc. Backbone Proprietary and Confidential Extranet partner www.juniper.net 51 Introducing J-series Services Router Modular JUNOS Software with Standard-Hardware High System Stability Service Plane Routing Plane High Throughput with Features Predictable Performance Forwarding Plane Strong Security Ease of Operation and Support J2300 J4300 Multiprocessor Intel-based Hardware J6300 Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 52 Service-Built M7i router Leverages production proven technology Uses existing M5/M10 PIC’s • Broad set of interfaces available (45) • Provides investment protection Compact at 2 Rack Units high Four configurations to choose from: • • • • 2 x FE fixed , 4 open slots, adaptive services module 2 x FE fixed, 4 open slots 1 x GE fixed (SFP), 4 open slots, adaptive services module 1 x GE fixed (SFP), 4 open slots Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 53 Service-Built M10i router Internet Processor II ASIC allows Performance with services Line-rate throughput • 16 Mpps lookup engine with • +10 Gbps Aggregate throughput capacity Compact design • 2 slots (3.2 Gbps throughput per slot) • Up to 8 PICs per chassis Fully Redundant platform, Redundant Routing engine and forwarding engine board • Graceful RE Switchover supports • RE failover with ZERO packet loss • In Service Software upgrades • Redundant cooling • Redundant power Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 54 Leverages Production-Scaled JUNOS Gbps 320 160 40 Same feature-rich image across all platforms Consistent services to all sized PoPs Dramatic operational savings Proven multi-terabit scale Modular & stable Highly secure T320/T640 M320 M40e 20 5 M7i Security SNMP Chassis Mgmt M10i Protocols 10 Interface Mgmt M20 Operating System Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 55 FW/VPN Product Line Fit With SSG 500 Series Performance Small / Medium office / Remote site / Telecommuters Copyright © 2003 Juniper Networks, Inc. Medium to Large Site / Branch / Remote Office Proprietary and Confidential Internal Network, Service Provider, High Speed Gateway www.juniper.net 56 Thank you! Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 57