hierarchical vpns, neighbor discovery and broadcast links in virtual router approach

26 April 2001 ©2001, Lucent Technologies

Hierarchical VPNs, Neighbor Discovery and Broadcast Links in Virtual Router Approach

Karthik MuthukrishnanSenior Consulting Engineer

Thomas WalshPrincipal Network Consultant

Lucent Technologies

26 April 2001 2© 2001, Lucent Technologies

IP VPN Motivation

Realization of multiple private, geographically dispersed IP Networks (transparent and secure private IP interconnection) over a shared provider infrastructure


Shared IP Network

IP MPLS VPNs Emulate a Private Network Over a Shared IP Network

Branch/RegionalOffices

CorporateHeadquarters

Customers,Suppliers

RemoteWorkers

Internet

• Layer 3 - Any to Any connectivity• Security, reliability, performance, management• No manual configuration of PVCs or tunnels

IP VPNsMotivation


VNP 20000

VNP 10

VNP 10000

VNP 10

VNP 100

VNP10

VNP 1000

VNP 10

VNP 10

VNP 100

VNP 20000

VNP 10

VNP 20000

VNP 100

Multiple IP VPNs

Logical VPN View

HQ

LABoston

Customer AVPN

HQ

LADallas

Customer BVPN

Physical Topology ViewCustomer B

HeadquartersCustomer B

Dallas Branch

CE Router

Customer A Boston Branch

Customer A LA Branch

CE Router

Customer AHeadquarters

CE Router

CE Router

Customer B LA Branch

CE Router

CE Router

PE PE

PEPE

P P


IP VPN Features

• Private Addressing• Intranet• Extranet• Privacy• Multiple sites• Traffic engineering• IP enabled services

(including voice)


What are Virtual Routers?• Each Virtual Router (VR) is a cross sectional slice of

the hardware and software resources.• Each VR is NOT a separate operating system“task”• Resides only at edge of SP network• Logically equivalent to a physical router (filters,

interfaces, routing ports, access lists, configuration, management, monitoring,)

• VRs and physical routers in a VPN represent a private routing domain with defined points of connection to the rest of the world

• VRs discover each other in the same way physical routers discover each other over a LAN

• Use standard link level multicast• No need for an additional membership discovery scheme


Hierarchical VPNs [Carrier’s carrier]


Berlin Office Green Foods

Boston Office Green Foods

IP VPN - Green Foods

Paris Office Green Foods

RemoteWorkers

PSTN/Cable/DSL/Wireless

Omni Present Provider


Internet

IP VPN - Red Foods

Omni Present Provider

London Office

Red Foods

Paris Office

Red FoodsPSTN/DSL/Cable/Wireless


Problem Statement

• Omni present provider rarely present..• Regional providers provide last mile

service• National/International carriers provide

global connectivity• Need bridge to connect regional and

global carriers


Hierarchical VPNs - Business Model

Boston Provider


International Provider

Paris Provider

Berlin Provider



London Provider

London Office

Red Foods

Paris Office

Red Foods


Hierarchical VPNs - Network Model

Boston Provider



Paris Provider

Berlin Provider



London Provider

London Office

Red Foods

Paris Office

Red Foods

VR

VR

VR

VR

VR VR

VR

VR

VRVR

VR

VR

VR

VRVR

VR

VR

VR


Multi-Level Hierarchical VPNs

Level 1 VPNs Level 1 VPNsLevel 0 VPN

VPN A

VPN X

VPN Z

VPN Y

VPN X

VPN Y

VPN Z

Data within a Level 1 VPN is transported transparently across the Level 0 VPN

Hierarchies can be extended to more than two Levels


Hierarchical VPNs

Boston Provider



Paris Provider

Berlin Provider



London Provider

London Office

Red Foods

Paris Office

Red Foods

VR

VR

VR

VR

VR VR

VR

VR

VRVR

VR

VR

VR

VR

VR

VR

VR

VR


VPN LSP Tunnels

VR

VR

VR

VR

VRInter VR link

Purple VPN’s LSP Tunnel Inter VR link

Inter VR link


Inter VR Links

VR

VR

VR

Inter VR link

Inter VR link

VR

VR

VR

Level 1 VPN

Level 2 VPN

Level 2 VPN


Inter VR Links

• Supports hierarchical relationship• Level 1 .. Level 2 .. Level N VPNs

• Supports peering relationship• Internet connectivity• Inter VPN [controlled] connectivity

– Controlled by standard routing policies at both ends


Neighbor Discovery via Broadcast Links


Service Provider’sNetwork

Switch-C internal Backbone address =150.202.79.12

Switch-A Backbone address =150.202.78.12

Switch-B Backbone address =150.202.77.2

Inter VR Broadcast LinkIP Interface(150.1.1.2)

IP Interface(150.1.1.3)

IP Interface(150.1.1.1)

Neighbor Discovery

Customer A HQ (Chicago)

VR-A

VR-B

Customer A Branch (Boston)

Parts DB165.1.1.1

Customer A’sVendor

VR-C

185.1.1.1


For more information

• Muthukrishnan, K. et al, “A Core MPLS IP VPN Architecture”, RFC-2917, September 2000

• Muthukrishnan, K. et al, “A Core MPLS IP VPN Architecture”, <draft-muthukrishnan-rfc2917bis-00.txt>, work in progress in IETF

• Kathirvelu, C. et al, “A Core MPLS IP VPN Link Broadcast and Virtual Router Discovery”, <draft-kathirvelu-corevpn-disc-00.txt>, work in progress in IETF

• Kathirvelu, C. et al, “Hierarchical VPN over MPLS Transport”, <draft-kathirvelu-hiervpn-corevpn-00.txt>, work in progress in IETF

• Draft ITU-T Recommendation Y.1311.1, Network Based IP VPN over MPLS Architecture


Thank you!Karthik [email protected]

Thomas [email protected]

hierarchical vpns, neighbor discovery and broadcast links in virtual router approach

Documents