×

Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Selecting MPLS VPN Services
     

Selecting MPLS VPN Services

by Chris Lewis, Steve Pickavance
 

ISBN-10: 1587051915

ISBN-13: 9781587051913

Pub. Date: 02/15/2006

Publisher: Cisco Press

A guide to using and defining MPLS VPN services

  • Analyze strengths and weaknesses of TDM and Layer 2 WAN services
  • Understand the primary business and technical issues when evaluating IP/MPLS VPN offerings
  • Describe the IP addressing, routing, load balancing, convergence, and services capabilities of the IP VPN
  • Develop enterprise quality of

Overview

A guide to using and defining MPLS VPN services

  • Analyze strengths and weaknesses of TDM and Layer 2 WAN services
  • Understand the primary business and technical issues when evaluating IP/MPLS VPN offerings
  • Describe the IP addressing, routing, load balancing, convergence, and services capabilities of the IP VPN
  • Develop enterprise quality of service (QoS) policies and implementation guidelines
  • Achieve scalable support for multicast services
  • Learn the benefits and drawbacks of various security and encryption mechanisms
  • Ensure proper use of services and plan for future growth with monitoring and reporting services
  • Provide remote access, Internet access, and extranet connectivity to the VPN supported intranet
  • Provide a clear and concise set of steps to plan and execute a network migration from existing ATM/Frame Relay/leased line networks to an IP VPN

IP/MPLS VPNs are compelling for many reasons. For enterprises, they enable right-sourcing of WAN services and yield generous operational cost savings. For service providers, they offer a higher level of service to customers and lower costs for service deployment.

Migration comes with challenges, however. Enterprises must understand key migration issues, what the realistic benefits are, and how to optimize new services. Providers must know what aspects of their services give value to enterprises and how they can provide the best value to customers.

Selecting MPLS VPN Services helps you analyze migration options, anticipate migration issues, and properly deploy IP/MPLS VPNs. Detailed configurations illustrate effective deployment while case studies present available migration options and walk you through the process of selecting the best option for your network. Part I addresses the business case for moving to an IP/MPLS VPN network, with a chapter devoted to the business and technical issues you should review when evaluating IP/MPLS VPN offerings from major providers. Part II includes detailed deployment guidelines for the technologies used in the IP/MPLS VPN.

This book is part of the Networking Technology Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

Product Details

ISBN-13:
9781587051913
Publisher:
Cisco Press
Publication date:
02/15/2006
Series:
Networking Technology Series
Pages:
456
Product dimensions:
7.56(w) x 9.42(h) x 1.28(d)

Table of Contents

Part I Business Analysis and Requirements of IP/MPLS VPN

Chapter 1 Assessing Enterprise Legacy WANs and IP/VPN Migration Current State of Enterprise Networks

Evolutionary Change of Enterprise Networks

Acme, a Global Manufacturer

Acme’s Global Span

Business Desires of Acme’s Management

Acme’s IT Applications Base

Acme’s IT Communications Infrastructure

New WAN Technologies for Consideration by Acme

Layer 3 IP/MPLS VPN Services

Layer 2 IP/MPLS VPN Services

Convergence Services

Internet Access

Mobile Access and Teleworker Access

Voice Services: Service Provider Hosted PSTN Gateway

Voice Services: Service Provider Hosted IP Telephony

Summary

Chapter 2 Assessing Service Provider WAN Offerings

Enterprise/Service Provider Relationship and Interface

Investigation Required in Selecting a Service Provider

Coverage, Access, and IP

Financial Strength of the Service Provider

Convergence

Transparency

IP Version 6

Provider Cooperation/Tiered Arrangements

Enhanced Service-Level Agreement

Customer Edge Router Management

Service Management

Customer Reports and SLA Validation

Summary

Chapter 3 Analyzing Service Requirements

Application/Bandwidth Requirements

Backup and Resiliency

Enterprise Segmentation Requirements

Mapping VLANs to VPNs in the Campus

Access Technologies

Frame Relay

ATM

Dedicated Circuit from CE to PE

ATM PVC from CE to PE

Frame Relay PVC from CE to PE

Metro Ethernet

QoS Requirements

Bandwidth

Packet Delay and Jitter

Packet Loss

Enterprise Loss, Latency, and Jitter Requirements

QoS at Layer 2

Subscriber Network QoS Design

Baseline New Applications

Develop the Network

Security Requirements

Topological and Network Design Considerations

SP-Managed VPNs

Multiprovider Considerations

Extranets

Case Study: Analyzing Service Requirements for Acme, Inc.

Layer 2 Description

Existing Customer Characteristics That Are Required in the New Network

DefenseCo’s Backbone Is a Single Autonomous System

Reasons for Migrating to MPLS

Evaluation Testing Phase

Routing Convergence

Jitter and Delay

Congestion, QoS, and Load Testing

Vendor Knowledge and Technical Performance

Evaluation Tools

TTCP

Lessons Learned

Transition and Implementation Concerns and Issues

Post-Transition Results

Summary

References

Part II Deployment Guidelines

Chapter 4 IP Routing with IP/MPLS VPNs

Introduction to Routing for the Enterprise MPLS VPN

Implementing Routing Protocols

Network Topology

Addressing and Route Summarization

Route Selection

Convergence

Network Scalability

Memory

CPU

Security

Site Typifying WAN Access: Impact on Topology

Site Type: Topology

WAN Connectivity Standards

Site Type A Attached Sites: Dual CE and Dual PE

Site Type B/3 Dual-Attached Site–Single CE, Dual PE

Site Type B/3 Dual-Attached Site–Single CE, Single PE

Site Type D Single-Attached Site–Single CE with Backup

Convergence: Optimized Recovery

IP Addressing

Routing Between the Enterprise and the Service Provider

Using EIGRP Between the CE and PE

How EIGRP MPLS VPN PE-to-CE Works

PE Router: Non-EIGRP-Originated Routes

PE Router: EIGRP-Originated Internal Routes

PE Router: EIGRP-Originated External Routes

Multiple VRF Support

Extended Communities Defined for EIGRP VPNv4

Metric Propagation

Configuring EIGRP for CE-to-PE Operation

Using BGP Between the CE and PE

Securing CE-PE Peer Sessions

Improving BGP Convergence

Case Study: BGP and EIGRP Deployment in Acme, Inc.

Small Site–Single-Homed, No Backup

Medium Site–Single-Homed with Backup

Medium Site–Single CE Dual-Homed to a Single PE

Large Site–Dual-Homed (Dual CE, Dual PE)

Load Sharing Across Multiple Connections

Very Large Site/Data Center–Dual Service Provider MPLS VPN

Site Typifying Site Type A Failures

Solutions Assessment

Summary

References

Cisco Press

Chapter 5 Implementing Quality of Service

Introduction to QoS

Building a QoS Policy: Framework Considerations

QoS Tool Chest: Understanding the Mechanisms

Classes of Service

Hardware Queuing

Software Queuing

QoS Mechanisms Defined

Pulling It Together: Build the Trust

Building the Policy Framework

Classification and Marking of Traffic

Trusted Edge

Device Trust

Application Trust

CoS and DSCP

Strategy for Classifying Voice Bearer Traffic

QoS on Backup WAN Connections

Shaping/Policing Strategy

Queuing/Link Efficiency Strategy

IP/VPN QoS Strategy

Approaches for QoS Transparency Requirements for the Service Provider

Network

QoS CoS Requirements for the SP Network

WRED Implementations

Identification of Traffic

What Would Constitute This Real-Time Traffic?

QoS Requirements for Voice, Video, and Data

QoS Requirements for Voice

QoS Requirements for Video

QoS Requirements for Data

The LAN Edge: L2 Configurations

Classifying Voice on the WAN Edge

Classifying Video on the WAN Edge

Classifying Data on the WAN Edge

Case Study: QoS in the Acme, Inc. Network

QoS for Low-Speed Links: 64 kbps to 1024 kbps

QoS Reporting

Summary

References

Chapter 6 Multicast in an MPLS VPN

Introduction to Multicast for the Enterprise MPLS VPN

Multicast Considerations

Mechanics of IP Multicast

RPF

Source Trees Versus Shared Trees

Protocol-Independent Multicast

Interdomain Multicast Protocols

Source-Specific Multicast

Multicast Addressing

Administratively Scoped Addresses

Deploying the IP Multicast Service

Default PIM Interface Configuration Mode

Host Signaling

Sourcing

Multicast Deployment Models

Any-Source Multicast

Source-Specific Multicast

Enabling SSM 206
Multicast in an MPLS VPN Environment: Transparency

Multicast Routing Inside the VPN

Case Study: Implementing Multicast over MPLS for Acme

Multicast Addressing

Multicast Address Management

Predeployment Considerations

MVPN Configuration Needs on the CE

Boundary ACL

Positioning of Multicast Boundaries

Configuration to Apply a Boundary Access List

Rate Limiting

MVPN Deployment Plan

Preproduction User Test Sequence

What Happens When There Is No MVPN Support?

Other Considerations and Challenges

Summary

References

Chapter 7 Enterprise Security in an MPLS VPN Environment

Setting the Playing Field

Comparing MPLS VPN Security to Frame Relay Networks

Security Concerns Specific to MPLS VPNs

Issues for Enterprises to Resolve When Connecting at Layer 3 to Provider Networks

History of IP Network Attacks

Strong Password Protection

Preparing for an Attack

Identifying an Attack

Initial Precautions

Basic Attack Mitigation

Basic Security Techniques

Remote-Triggered Black-Hole Filtering

Loose uRPF for Source-Based Filtering

Strict uRPF and Source Address Validation

Sinkholes and Anycast Sinkholes

Backscatter Traceback

Cisco Guard

Distributed DoS, Botnets, and Worms

Anatomy of a DDoS Attack

Botnets

Worm Mitigation

Case Study Selections

Summary

References

Comparing MPLS VPN to Frame Relay Security

ACL Information

Miscellaneous Security Tools

Cisco Reference for MPLS Technology and Operation

Cisco Reference for Cisco Express Forwarding

Public Online ISP Security Bootcamp

Tutorials, Workshops, and Bootcamps

Original Backscatter Traceback and Customer-Triggered Remote- Triggered Black-Hole Techniques

Source for Good Papers on Internet Technologies and Security

Security Work Definitions

NANOG SP Security Seminars and Talks

Birds of a Feather and General Security Discussion Sessions at NANOG

Chapter 8 MPLS VPN Network Management

The Enterprise: Evaluating Service Provider Management Capabilities

Provisioning

SLA Monitoring

Fault Management

Reporting

Root Cause Analysis

The Enterprise: Managing the VPN

Planning

Ordering

Provisioning

Monitoring

Optimization

The Service Provider: How to Meet and Exceed Customer Expectations

Provisioning

Fault Monitoring

OAM and Troubleshooting

Fault Management

SLA Monitoring

Reporting

Summary

References

Chapter 9 Off-Net Access to the VPN

Remote Access

Dial Access via RAS

Dial Access via L2TP

Connecting L2TP Solutions to VRFs

DSL Considerations

Cable Considerations

IPsec Access

GRE + IPsec on the CPE

CE-to-CE IPsec

The Impact of Transporting Multiservice Traffic over IPsec

Split Tunneling in IPsec

Supporting Internet Access in IP VPNs

Case Study Selections

Summary

References

General PPP Information

Configuring Dial-In Ports

L2TP

Layer 2 Tunnel Protocol Fact Sheet

Layer 2 Tunnel Protocol

VPDN Configuration Guide

VPDN Configuration and Troubleshooting

Security Configuration Guide

RADIUS Configuration Guide

Broadband Aggregation to MPLS VPN

Remote Access to MPLS VPN

Network-Based IPsec VPN Solutions

IPsec

GRE + IPsec

DMVPN

Split Tunneling

Prefragmentation 373

Chapter 10 Migration Strategies

Network Planning

Writing the RFP

Architecture and Design Planning with the Service Providers

Project Management

SLAs with the Service Providers

Network Operations Training

Implementation Planning

Phase 1

Phase 2

Phase 3

Phase 4

On-Site Implementation

Case Study Selections

Summary

Part III Appendix

Appendix Questions to Ask Your Provider Regarding Layer 3 IP/MPLS VPN Capability

1587051915TOC012406

Customer Reviews

Average Review:

Post to your social network

     

Most Helpful Customer Reviews

See all customer reviews