|
Selecting MPLS VPN Services
A guide to using and defining MPLS VPN services
* Analyze strengths and weaknesses of TDM and Layer 2 WAN services
* Understand the primary business and technical issues when evaluating IP/MPLS VPN offerings
* Describe the IP addressing, routing, load balancing, convergence, and services capabilities of the IP VPN
* Develop
enterprise quality of service (QoS) policies and implementation guidelines
* Achieve scalable support for multicast services
* Learn the benefits and drawbacks of various security and encryption mechanisms
* Ensure proper use of services and plan for future growth with monitoring and reporting services
* Provide remote access, Internet access, and extranet connectivity to the VPN supported intranet
* Provide a clear and concise set of steps to plan and execute a network migration from existing ATM/Frame Relay/leased line networks to an IP VPN IP/MPLS VPNs are compelling for many reasons. For enterprises, they enable right-sourcing of WAN services and yield generous operational cost savings. For service providers, they offer a higher level of service to customers and lower costs for service deployment.
Migration comes with challenges, however. Enterprises must understand key migration issues, what the realistic benefits are, and how to optimize new services. Providers must know what aspects of their services give value to enterprises and how they can provide the best value to customers.
Selecting MPLS VPN Services helps you analyze migration options, anticipate migration issues, and properly deploy IP/MPLS VPNs. Detailed configurations illustrate effective deployment while case studies present available migration options and walk you through the process of selecting the best option for your network. Part I addresses the business case for moving to an IP/MPLS VPN network, with a chapter devoted to the business and technical issues you should review when evaluating IP/MPLS VPN offerings from major providers. Part II includes detailed deployment guidelines for the technologies used in the IP/MPLS VPN.
This book is part of the Networking Technology Series from Cisco Press(R), which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.
CONTENTS:
Part I Business Analysis and Requirements of IP/MPLS VPN
Chapter 1 Assessing Enterprise Legacy WANs and IP/VPN Migration
Current State of Enterprise Networks
Evolutionary Change of Enterprise Networks
Acme, a Global Manufacturer
Acme’s Global Span
Business Desires of Acme’s Management
Acme’s IT Applications Base
Acme’s IT Communications Infrastructure
New WAN Technologies for Consideration by Acme
Layer 3 IP/MPLS VPN Services
Layer 2 IP/MPLS VPN Services
Convergence Services
Internet Access
Mobile Access and Teleworker Access
Voice Services: Service Provider Hosted PSTN Gateway
Voice Services: Service Provider Hosted IP Telephony
Summary
Chapter 2 Assessing Service Provider WAN Offerings
Enterprise/Service Provider Relationship and Interface
Investigation Required in Selecting a Service Provider
Coverage, Access, and IP
Financial Strength of the Service Provider
Convergence
Transparency
IP Version 6
Provider Cooperation/Tiered Arrangements
Enhanced Service-Level Agreement
Customer Edge Router Management
Service Management
Customer Reports and SLA Validation
Summary
Chapter 3 Analyzing Service Requirements
Application/Bandwidth Requirements
Backup and Resiliency
Enterprise Segmentation Requirements
Mapping VLANs to VPNs in the Campus
Access Technologies
Frame Relay
ATM
Dedicated Circuit from CE to PE
ATM PVC from CE to PE
Frame Relay PVC from CE to PE
Metro Ethernet
QoS Requirements
Bandwidth
Packet Delay and Jitter
Packet Loss
Enterprise Loss, Latency, and Jitter Requirements
QoS at Layer 2
Subscriber Network QoS Design
Baseline New Applications
Develop the Network
Security Requirements
Topological and Network Design Considerations
SP-Managed VPNs
Multiprovider Considerations
Extranets
Case Study: Analyzing Service Requirements for Acme, Inc.
Layer 2 Description
Existing Customer Characteristics That Are Required in the New Network
DefenseCo’s Backbone Is a Single Autonomous System
Reasons for Migrating to MPLS
Evaluation Testing Phase
Routing Convergence
Jitter and Delay
Congestion, QoS, and Load Testing
Vendor Knowledge and Technical Performance
Evaluation Tools
TTCP
Lessons Learned
Transition and Implementation Concerns and Issues
Post-Transition Results
Summary
References
Part II Deployment Guidelines
Chapter 4 IP Routing with IP/MPLS VPNs
Introduction to Routing for the Enterprise MPLS VPN
Implementing Routing Protocols
Network Topology
Addressing and Route Summarization
Route Selection
Convergence
Network Scalability
Memory
CPU
Security
Site Typifying WAN Access: Impact on Topology
Site Type: Topology
WAN Connectivity Standards
Site Type A Attached Sites: Dual CE and Dual PE
Site Type B/3 Dual-Attached Site–Single CE, Dual PE
Site Type B/3 Dual-Attached Site–Single CE, Single PE
Site Type D Single-Attached Site–Single CE with Backup
Convergence: Optimized Recovery
IP Addressing
Routing Between the Enterprise and the Service Provider
Using EIGRP Between the CE and PE
How EIGRP MPLS VPN PE-to-CE Works
PE Router: Non-EIGRP-Originated Routes
PE Router: EIGRP-Originated Internal Routes
PE Router: EIGRP-Originated External Routes
Multiple VRF Support
Extended Communities Defined for EIGRP VPNv4
Metric Propagation
Configuring EIGRP for CE-to-PE Operation
Using BGP Between the CE and PE
Securing CE-PE Peer Sessions
Improving BGP Convergence
Case Study: BGP and EIGRP Deployment in Acme, Inc.
Small Site–Single-Homed, No Backup
Medium Site–Single-Homed with Backup
Medium Site–Single CE Dual-Homed to a Single PE
Large Site–Dual-Homed (Dual CE, Dual PE)
Load Sharing Across Multiple Connections
Very Large Site/Data Center–Dual Service Provider MPLS VPN
Site Typifying Site Type A Failures
Solutions Assessment
Summary
References
Cisco Press
Chapter 5 Implementing Quality of Service
Introduction to QoS
Building a QoS Policy: Framework Considerations
QoS Tool Chest: Understanding the Mechanisms
Classes of Service
Hardware Queuing
Software Queuing
QoS Mechanisms Defined
Pulling It Together: Build the Trust
Building the Policy Framework
Classification and Marking of Traffic
Trusted Edge
Device Trust
Application Trust
CoS and DSCP
Strategy for Classifying Voice Bearer Traffic
QoS on Backup WAN Connections
Shaping/Policing Strategy
Queuing/Link Efficiency Strategy
IP/VPN QoS Strategy
Approaches for QoS Transparency Requirements for the Service Provider
Network
QoS CoS Requirements for the SP Network
WRED Implementations
Identification of Traffic
What Would Constitute This Real-Time Traffic?
QoS Requirements for Voice, Video, and Data
QoS Requirements for Voice
QoS Requirements for Video
QoS Requirements for Data
The LAN Edge: L2 Configurations
Classifying Voice on the WAN Edge
Classifying Video on the WAN Edge
Classifying Data on the WAN Edge
Case Study: QoS in the Acme, Inc. Network
QoS for Low-Speed Links: 64 kbps to 1024 kbps
QoS Reporting
Summary
References
Chapter 6 Multicast in an MPLS VPN
Introduction to Multicast for the Enterprise MPLS VPN
Multicast Considerations
Mechanics of IP Multicast
RPF
Source Trees Versus Shared Trees
Protocol-Independent Multicast
Interdomain Multicast Protocols
Source-Specific Multicast
Multicast Addressing
Administratively Scoped Addresses
Deploying the IP Multicast Service
Default PIM Interface Configuration Mode
Host Signaling
Sourcing
Multicast Deployment Models
Any-Source Multicast
Source-Specific Multicast
Enabling SSM 206
Multicast in an MPLS VPN Environment: Transparency
Multicast Routing Inside the VPN
Case Study: Implementing Multicast over MPLS for Acme
Multicast Addressing
Multicast Address Management
Predeployment Considerations
MVPN Configuration Needs on the CE
Boundary ACL
Positioning of Multicast Boundaries
Configuration to Apply a Boundary Access List
Rate Limiting
MVPN Deployment Plan
Preproduction User Test Sequence
What Happens When There Is No MVPN Support?
Other Considerations and Challenges
Summary
References
Chapter 7 Enterprise Security in an MPLS VPN Environment
Setting the Playing Field
Comparing MPLS VPN Security to Frame Relay Networks
Security Concerns Specific to MPLS VPNs
Issues for Enterprises to Resolve When Connecting at Layer 3 to Provider Networks
History of IP Network Attacks
Strong Password Protection
Preparing for an Attack
Identifying an Attack
Initial Precautions
Basic Attack Mitigation
Basic Security Techniques
Remote-Triggered Black-Hole Filtering
Loose uRPF for Source-Based Filtering
Strict uRPF and Source Address Validation
Sinkholes and Anycast Sinkholes
Backscatter Traceback
Cisco Guard
Distributed DoS, Botnets, and Worms
Anatomy of a DDoS Attack
Botnets
Worm Mitigation
Case Study Selections
Summary
References
Comparing MPLS VPN to Frame Relay Security
ACL Information
Miscellaneous Security Tools
Cisco Reference for MPLS Technology and Operation
Cisco Reference for Cisco Express Forwarding
Public Online ISP Security Bootcamp
Tutorials, Workshops, and Bootcamps
Original Backscatter Traceback and Customer-Triggered Remote- Triggered Black-Hole Techniques
Source for Good Papers on Internet Technologies and Security
Security Work Definitions
NANOG SP Security Seminars and Talks
Birds of a Feather and General Security Discussion Sessions at NANOG
Chapter 8 MPLS VPN Network Management
The Enterprise: Evaluating Service Provider Management Capabilities
Provisioning
SLA Monitoring
Fault Management
Reporting
Root Cause Analysis
The Enterprise: Managing the VPN
Planning
Ordering
Provisioning
Monitoring
Optimization
The Service Provider: How to Meet and Exceed Customer Expectations
Provisioning
Fault Monitoring
OAM and Troubleshooting
Fault Management
SLA Monitoring
Reporting
Summary
References
Chapter 9 Off-Net Access to the VPN
Remote Access
Dial Access via RAS
Dial Access via L2TP
Connecting L2TP Solutions to VRFs
DSL Considerations
Cable Considerations
IPsec Access
GRE + IPsec on the CPE
CE-to-CE IPsec
The Impact of Transporting Multiservice Traffic over IPsec
Split Tunneling in IPsec
Supporting Internet Access in IP VPNs
Case Study Selections
Summary
References
General PPP Information
Configuring Dial-In Ports
L2TP
Layer 2 Tunnel Protocol Fact Sheet
Layer 2 Tunnel Protocol
VPDN Configuration Guide
VPDN Configuration and Troubleshooting
Security Configuration Guide
RADIUS Configuration Guide
Broadband Aggregation to MPLS VPN
Remote Access to MPLS VPN
Network-Based IPsec VPN Solutions
IPsec
GRE + IPsec
DMVPN
Split Tunneling
Prefragmentation 373
Chapter 10 Migration Strategies
Network Planning
Writing the RFP
Architecture and Design Planning with the Service Providers
Project Management
SLAs with the Service Providers
Network Operations Training
Implementation Planning
Phase 1
Phase 2
Phase 3
Phase 4
On-Site Implementation
Case Study Selections
Summary
Part III Appendix
Appendix Questions to Ask Your Provider Regarding Layer 3 IP/MPLS VPN Capability
1587051915TOC012406
|
