Professional Documents
Culture Documents
PLS VPN
V
Prepared by
Eng. Hussein M. Harb
MP
Agenda
• Why VPN
• VPN Definition
• VPN Categories
C t i
PLS VPN
• VPN Implementations
V
• VPN Models
MP
• E
Examples
l off applications
li ti th
thatt send
d ttraffic
ffi iin a clear
l ttextt
PLS VPN
h i traffic
their ffi and
d reduce
d h i costs.
their
VPN Definition
There
h are three
h basic
b i VPN categories:
i
• Intranet
PLS VPN
• Extranet
V
• Internet
MP
Intranet VPN
• An intranet VPN connects resources from the same company
across that company's infrastructure.
PLS VPN
MP V
network,
t k to t connectt two
t sites
it ttogether
th or hhave ttelecommuters
l t
use their local ISPs to set up a VPN connection to the
corporate
p network (remote
( access connections).
)
MP
VPN Components
• Provider network:
SP devices to which the CE routers were directly attached
were
e e called
ca ed provider
p o de edge (PE)
( ) routers.
oute s.
MP
• IPsec
V
• PPTP
• L2TP
MP
• MPLS
MPLS VPN
• MPLS VPNs are enhancement to MPLS
• Peer-to-peer model
MP V
Overlay model
• The provider did not participate in customer routing. It
provides the customer with transport of data using virtual
point-to-point links (PVC or SVC).
PLS VPN
MP V
Overlay model (Continue)
• The drawback of an Overlay model was the full mesh of
virtual circuits between all customer sites for optimal
connectivity. N sites need N(N-l )/2 circuits.
PLS VPN
• Th
The peer-to-peer
t model,
d l consequently,
tl d does nott require
i ththe
PLS VPN
L
to Layer VPN also
2 VPNs l supports Virtual
Vi l Private
Pi LAN Services
S i
(VPLS).
L3 MPLS VPN Architecture
• MPLS VPN is an implementation of the peer-to-peer model.
• Th
The onlyl requirement
i on the
h CE router is i a routing
i protocoll
or a static route that enables the router to exchange IPv4
routing information with the connected PE router.
L3 MPLS VPN Routing Model
PLS VPN
MP V
• M
Multiprotocol
li l BGP is
i configured
fi dbbetween PE routers to carry
customer routes.
L3 MPLS VPN Routing Model
PLS VPN
MP V
2c. P2-AS1 uses the label (L1) received from PI-AS1 as its
outbound label value
value, allocates a label (L2) to prefix
10.10.10.101/32, and sends this label value to PE2-AS1 via
LDP.
PLS VPN
MP V
Example-Control Plane Operation
5. PE1-AS1 pops the VPN label and forwards the data packet
to CE1
CE1-A
A where the 172.16.10.0 network is located.
PLS VPN
MP V
Layer 2 VPN
• Customers may desire to extend their current Layer 2
infrastructure ((frame relay,
y, ATM,, Ethernet,, VLANs,, TDM,,
transparent LAN services, etc.).
PLS VPN
• Provider (P) routers still will not be aware of the VPNs. They
PLS VPN
Ethernet – Type 05
V
HDLC – Type 06
PPP – Type 07
CEM – Type 08
MP
MAC address.
address
MP
called Virt
Virtual
al Forwarding
For arding Instance (VFI),
(VFI) for each VPN that it
carries.
MP
Virtual Private LAN Services (VPLS)
• PE router does not learn all the MAC addresses in all the
VPNs carried by the provider network. A PE router learns
MAC addresses related only to the VPNs that it carries. P
routers do not learn any MAC addresses, they just perform
l b l switching.
label i hi
PLS VPN
MP V
MP
PLS VPN
V
Thank You