You are on page 1of 15

Virtual Private Networks

(VPN)

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

What Is a Virtual Private Network (VPN)?


The Term VPN can be Broken Down into Common Sense
Terms:
Network - A network consists of devices communicating through
some arbitrary method. Devices include computers, routers, etc.,
which may reside in geographically diverse locations.
Private Private" means communications between two (or more)
devices which is, in some fashion, secret. A private facility restricts
access to a defined set of entities, and third parties cannot gain
access. Devices NOT privy to the communicated content are
unaware of the private relationship altogether. Data privacy and
security are key aspects of a VPN. Conversely, a "public" facility is
one that is openly accessible.
Virtual The "virtualization" aspect is similar to the concept of
privacy. The private communication is shared by more than a single
organization, however, constructed by using logical partitioning of
an underlying common, shared resource. These private networks
are virtual creations with no private physical system.
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

What Is a Virtual Private Network (VPN)?


VPNs, while not physically separate, operate in a discrete fashion
across a shared infrastructure.
VPNs provide exclusive communication environments that do not
share any points of interconnection.

VPNs can be built between two end systems, between two


organizations, between several end systems within a single
organization, between individual applications or between multiple
organizations across the global Internet, or any combination.
Site may be in more than one VPN as VPNs may overlap.
Not all sites need be connected to the same service provider as a
VPN can span multiple providers.
VPNs exist in several flavors including Frame Relay and ATM
PVCs, IPSEC VPNs, Layer 2 VPNs, Layer 3 VPNs, and Tunneling
Protocols Such as Generic Route Encapsulation (GRE). There are
others.

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Why use VPNs?


Need to Virtualize Some Portion, or All, of a
Organizations Network
Render Communications Invisible to External
Observers
Support Economics of Communication by Bundling
Numerous Fixed High Cost and Variable Low Cost
Communication Services, into a Common
Communications Platform Amortize the High Cost
Components over a Larger Number of Clients
Support Communications Privacy
Ability to Create Heterogeneous Networks Across
Multiple Access Technologies and Service Providers

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

A VPN Example
Very Common VPN Model of Geographically Diverse Subnetworks
Belong to a Common Administrative Domain Sharing an
Infrastructure Outside Their Administrative Control

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Types of VPNs
Network Layer VPNs Based on IP (Layer 3 VPNs)
Overlay/Cut-Through VPNs (Layer 2 VPNs) ATM,
Frame Relay
Tunnels (Layer 2 and Layer 3) PPP, GRE, PPTP,
IPnIP, L2TP
Pseudo wires (Layer 2) TDM, Ethernet

MPLS VPNs (Layer 2 or Layer 3)


Transport and Application Layer VPNs
Non-IP VPNs IPX, AppleTalk, SNA

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Some VPN Types


Frame Relay Overlay VPN

L2TP Tunnel

GRE Tunnel
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

VPN Tunnels in Mobile Data


TCP/IP
TCP/IP/PPP
TCP/IP/

TCP/IP/PPP/GRE

PPP/GRE

TCP/IP/PPP/GRE/MLPPP

HA
PE-1A

IP/MPLS
PE-2A
PDSN

SONET
Channelized
MLPPP
OC-3/12
Working/
MLPPP
Protect

nxT1

MLPPP

IP Services
Internet

AAA

MLPPP

MLPPP

MLPPP

MLPPP

MLPPP
MLPPP

DO-DOM

DACS

MLPPP

Aggregation
Multilayer
Router
Switch
Cisco ESR10008 Cisco 6509-E

RNC
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

EMS/OMC

MPLS Layer 2 VPNs


Similar to existing circuit switched environment
Leverage the existing installed gear

Provide circuit-based services in addition to


packet/IP-based services
Provide any-to-any connectivity
Trunking Layer 2 over an MPLS network:
Ethernet, Frame Relay, ATM, PPP, HDLC, SONET,
TDM

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

MPLS Layer 2 VPNs


An L2VPN is comprised of switched
connections between subscriber
endpoints over a shared network
Non-subscribers do not have
access to those same endpoints

SP Interconnection

Provider
Edge

Remote Subscriber
Location

SP Network

Provider
Edge

Pseudowire

FR

ATM

Many subscriber
encapsulations
supportable

HDLC

PPP
Ethernet

Some Layer 1 frame encapsulations are transportable under the framework of L2VPN. This
is acceptable because (unlike native L1) Frames can be dropped due to congestion.
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

10

MPLS Layer 3 VPNs


Associate to one or more interfaces on PE to a VPN
Privatize an interface i.e., coloring of the interface
Each VPN has its own routing table and forwarding
table (CEF)
Each VPN has its own instance for the routing
protocol

(static, RIP, BGP, OSPF)


Customer router runs standard routing software
L3VPNs are similar to L2 VLANs in a switching
environment

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

11

MPLS Converges Layer 2 & Layer 3 VPNs


Traffic Segmentation/Isolation via VPN Routing and Forwarding (VRF)
QOS Enabled

IP/MPLS Core

Traffic Engineering

NOC
ADMIN

Secure

Network Management VRF


AAA VRF

SS7

SS7oIP VRF
Tandem Voice VRF

Si

Extranet VRF
Lawful Intercept VRF

LEA 1
LEA 2
LEA 3

Si

Internet VRF

Internet

Mobile Roaming Voice VRF


I/T

I/T Voice & Data VRF


Content Provider/Partner VRF
Corporation x VRF

APP1
APP 2
APP 3

Enterprise

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

12

MPLS Enabled Future Growth and Expansion


MPLS provides scalability, flexibility and modularity
to support constant and ongoing change
MPLS increases network reliability converged VPNs
becomes a system rather than collection of
disparate networks and components
MPLS VPNs enable ongoing convergence with secure
traffic segmentation between networks and strict traffic
controls
MPLS VPNs reduce costs while enabling and
accelerating new revenue streams

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

13

Pop Quiz!
Give two examples of what a VPN is.
Give four examples of different types of VPNs.
What are some benefits of using VPNs?

What VPN tunnel types are common in Mobile Data


networks?
What are two types of MPLS VPNs and what layers of
the OSI model can they transport?
What is key difference between the two types of MPLS
VPNs?
BONUS: Give four examples of VPNs in your network.
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

14

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

15