Selecting MPLS VPN Services (Hardcover)
暫譯: 選擇 MPLS VPN 服務 (精裝版)

Description:

A guide to using and defining MPLS VPN services

• Analyze strengths and weaknesses of TDM and Layer 2 WAN services
• Understand the primary business and technical issues when evaluating IP/MPLS VPN offerings
• Describe the IP addressing, routing, load balancing, convergence, and services capabilities of the IP VPN
• Develop enterprise quality of service (QoS) policies and implementation guidelines
• Achieve scalable support for multicast services
• Learn the benefits and drawbacks of various security and encryption mechanisms
• Ensure proper use of services and plan for future growth with monitoring and reporting services
• Provide remote access, Internet access, and extranet connectivity to the VPN supported intranet
• Provide a clear and concise set of steps to plan and execute a network migration from existing ATM/Frame Relay/leased line networks to an IP VPN

IP/MPLS VPNs are compelling for many reasons. For enterprises, they enable right-sourcing of WAN services and yield generous operational cost savings. For service providers, they offer a higher level of service to customers and lower costs for service deployment.

 

Migration comes with challenges, however. Enterprises must understand key migration issues, what the realistic benefits are, and how to optimize new services. Providers must know what aspects of their services give value to enterprises and how they can provide the best value to customers.

 

Selecting MPLS VPN Services helps you analyze migration options, anticipate migration issues, and properly deploy IP/MPLS VPNs. Detailed configurations illustrate effective deployment while case studies present available migration options and walk you through the process of selecting the best option for your network. Part I addresses the business case for moving to an IP/MPLS VPN network, with a chapter devoted to the business and technical issues you should review when evaluating IP/MPLS VPN offerings from major providers. Part II includes detailed deployment guidelines for the technologies used in the IP/MPLS VPN.

 

This book is part of the Networking Technology Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

 

Part I      Business Analysis and Requirements of IP/MPLS VPN

Chapter 1   Assessing Enterprise Legacy WANs and IP/VPN Migration
Current State of Enterprise Networks 

Evolutionary Change of Enterprise Networks 

Acme, a Global Manufacturer 

      Acme’s Global Span 

      Business Desires of Acme’s Management 

      Acme’s IT Applications Base 

      Acme’s IT Communications Infrastructure 

New WAN Technologies for Consideration by Acme 

      Layer 3 IP/MPLS VPN Services 

      Layer 2 IP/MPLS VPN Services 

Convergence Services 

      Internet Access 

      Mobile Access and Teleworker Access 

      Voice Services: Service Provider Hosted PSTN Gateway 

      Voice Services: Service Provider Hosted IP Telephony 

Summary 

Chapter 2   Assessing Service Provider WAN Offerings  

Enterprise/Service Provider Relationship and Interface 

Investigation Required in Selecting a Service Provider 

      Coverage, Access, and IP 

      Financial Strength of the Service Provider 

      Convergence 

      Transparency 

      IP Version 6 

      Provider Cooperation/Tiered Arrangements 

      Enhanced Service-Level Agreement 

      Customer Edge Router Management 

Service Management 

      Customer Reports and SLA Validation 

Summary 

Chapter 3   Analyzing Service Requirements  

Application/Bandwidth Requirements 

Backup and Resiliency 

Enterprise Segmentation Requirements 

      Mapping VLANs to VPNs in the Campus 

Access Technologies 

      Frame Relay 

      ATM 

      Dedicated Circuit from CE to PE 

      ATM PVC from CE to PE 

      Frame Relay PVC from CE to PE 

      Metro Ethernet 

QoS Requirements 

      Bandwidth 

      Packet Delay and Jitter 

      Packet Loss 

      Enterprise Loss, Latency, and Jitter Requirements 

      QoS at Layer 2 

Subscriber Network QoS Design 

      Baseline New Applications 

      Develop the Network 

Security Requirements 

      Topological and Network Design Considerations 

      SP-Managed VPNs 

Multiprovider Considerations 

Extranets 

Case Study: Analyzing Service Requirements for Acme, Inc. 

      Layer 2 Description 

      Existing Customer Characteristics That Are Required in the New    Network 

      DefenseCo’s Backbone Is a Single Autonomous System 

      Reasons for Migrating to MPLS 

      Evaluation Testing Phase 

      Routing Convergence 

      Jitter and Delay 

      Congestion, QoS, and Load Testing 

      Vendor Knowledge and Technical Performance 

      Evaluation Tools 

      TTCP 

      Lessons Learned  

      Transition and Implementation Concerns and Issues 

      Post-Transition Results 

Summary 

References 

Part II     Deployment Guidelines  

Chapter 4   IP Routing with IP/MPLS VPNs  

Introduction to Routing for the Enterprise MPLS VPN 

      Implementing Routing Protocols 

      Network Topology 

      Addressing and Route Summarization 

      Route Selection 

      Convergence 

      Network Scalability 

      Memory 

      CPU 

      Security 

Site Typifying WAN Access: Impact on Topology 

      Site Type: Topology 

      WAN Connectivity Standards 

      Site Type A Attached Sites: Dual CE and Dual PE 

      Site Type B/3 Dual-Attached Site–Single CE, Dual PE  

      Site Type B/3 Dual-Attached Site–Single CE, Single PE 

      Site Type D Single-Attached Site–Single CE with Backup 

      Convergence: Optimized Recovery 

      IP Addressing 

      Routing Between the Enterprise and the Service Provider 

      Using EIGRP Between the CE and PE 

      How EIGRP MPLS VPN PE-to-CE Works 

      PE Router: Non-EIGRP-Originated Routes 

      PE Router: EIGRP-Originated Internal Routes 

      PE Router: EIGRP-Originated External Routes 

      Multiple VRF Support 

      Extended Communities Defined for EIGRP VPNv4 

      Metric Propagation 

      Configuring EIGRP for CE-to-PE Operation 

      Using BGP Between the CE and PE 

      Securing CE-PE Peer Sessions 

      Improving BGP Convergence 

Case Study: BGP and EIGRP Deployment in Acme, Inc. 

      Small Site–Single-Homed, No Backup 

      Medium Site–Single-Homed with Backup 

      Medium Site–Single CE Dual-Homed to a Single PE 

      Large Site–Dual-Homed (Dual CE, Dual PE) 

      Load Sharing Across Multiple Connections 

      Very Large Site/Data Center–Dual Service Provider MPLS VPN 

      Site Typifying Site Type A Failures 

      Solutions Assessment 

Summary 

References 

      Cisco Press 

Chapter 5   Implementing Quality of Service  

Introduction to QoS 

      Building a QoS Policy: Framework Considerations 

QoS Tool Chest: Understanding the Mechanisms 

      Classes of Service 

      Hardware Queuing 

      Software Queuing 

      QoS Mechanisms Defined 

      Pulling It Together: Build the Trust 

Building the Policy Framework 

      Classification and Marking of Traffic 

      Trusted Edge 

      Device Trust 

      Application Trust 

      CoS and DSCP 

      Strategy for Classifying Voice Bearer Traffic 

      QoS on Backup WAN Connections 

      Shaping/Policing Strategy 

      Queuing/Link Efficiency Strategy 

IP/VPN QoS Strategy 

      Approaches for QoS Transparency Requirements for the Service Provider

      Network 

      QoS CoS Requirements for the SP Network 

      WRED Implementations 

Identification of Traffic 

      What Would Constitute This Real-Time Traffic? 

QoS Requirements for Voice, Video, and Data 

      QoS Requirements for Voice 

      QoS Requirements for Video 

      QoS Requirements for Data 

The LAN Edge: L2 Configurations 

      Classifying Voice on the WAN Edge 

      Classifying Video on the WAN Edge 

      Classifying Data on the WAN Edge 

Case Study: QoS in the Acme, Inc. Network 

      QoS for Low-Speed Links: 64 kbps to 1024 kbps 

QoS Reporting 

Summary 

References 

Chapter 6   Multicast in an MPLS VPN  

Introduction to Multicast for the Enterprise MPLS VPN 

      Multicast Considerations 

Mechanics of IP Multicast 

      RPF 

      Source Trees Versus Shared Trees 

      Protocol-Independent Multicast 

      Interdomain Multicast Protocols 

      Source-Specific Multicast 

      Multicast Addressing 

      Administratively Scoped Addresses 

      Deploying the IP Multicast Service 

      Default PIM Interface Configuration Mode 

      Host Signaling 

      Sourcing 

Multicast Deployment Models 

      Any-Source Multicast 

      Source-Specific Multicast 

      Enabling SSM  206
Multicast in an MPLS VPN Environment: Transparency 

      Multicast Routing Inside the VPN 

Case Study: Implementing Multicast over MPLS for Acme 

      Multicast Addressing 

      Multicast Address Management 

      Predeployment Considerations 

      MVPN Configuration Needs on the CE 

      Boundary ACL 

      Positioning of Multicast Boundaries 

      Configuration to Apply a Boundary Access List 

      Rate Limiting 

      MVPN Deployment Plan 

      Preproduction User Test Sequence 

What Happens When There Is No MVPN Support? 

      Other Considerations and Challenges 

Summary 

References 

Chapter 7   Enterprise Security in an MPLS VPN Environment  

Setting the Playing Field 

Comparing MPLS VPN Security to Frame Relay Networks 

      Security Concerns Specific to MPLS VPNs 

Issues for Enterprises to Resolve When Connecting at Layer 3 to Provider Networks 

      History of IP Network Attacks 

      Strong Password Protection 

      Preparing for an Attack 

      Identifying an Attack  

      Initial Precautions 

      Basic Attack Mitigation 

Basic Security Techniques 

      Remote-Triggered Black-Hole Filtering 

      Loose uRPF for Source-Based Filtering 

      Strict uRPF and Source Address Validation 

      Sinkholes and Anycast Sinkholes 

      Backscatter Traceback 

      Cisco Guard 

Distributed DoS, Botnets, and Worms 

      Anatomy of a DDoS Attack 

      Botnets 

      Worm Mitigation 

Case Study Selections 

Summary 

References 

      Comparing MPLS VPN to Frame Relay Security 

      ACL Information 

      Miscellaneous Security Tools 

      Cisco Reference for MPLS Technology and Operation 

      Cisco Reference for Cisco Express Forwarding 

      Public Online ISP Security Bootcamp 

      Tutorials, Workshops, and Bootcamps 

      Original Backscatter Traceback and Customer-Triggered Remote-     Triggered Black-Hole Techniques 

      Source for Good Papers on Internet Technologies and Security 

      Security Work Definitions 

      NANOG SP Security Seminars and Talks 

      Birds of a Feather and General Security Discussion Sessions at NANOG 

Chapter 8   MPLS VPN Network Management  

The Enterprise: Evaluating Service Provider Management Capabilities 

      Provisioning 

      SLA Monitoring 

      Fault Management 

      Reporting 

      Root Cause Analysis 

The Enterprise: Managing the VPN 

      Planning 

      Ordering 

      Provisioning 

      Monitoring 

      Optimization 

The Service Provider: How to Meet and Exceed Customer Expectations 

      Provisioning 

      Fault Monitoring 

      OAM and Troubleshooting 

      Fault Management 

      SLA Monitoring 

      Reporting 

Summary 

References 

Chapter 9   Off-Net Access to the VPN  

Remote Access 

      Dial Access via RAS 

      Dial Access via L2TP 

      Connecting L2TP Solutions to VRFs 

      DSL Considerations 

      Cable Considerations 

IPsec Access 

      GRE + IPsec on the CPE 

      CE-to-CE IPsec 

      The Impact of Transporting Multiservice Traffic over IPsec 

      Split Tunneling in IPsec 

Supporting Internet Access in IP VPNs 

Case Study Selections 

Summary 

References 

      General PPP Information 

      Configuring Dial-In Ports 

      L2TP 

      Layer 2 Tunnel Protocol Fact Sheet 

      Layer 2 Tunnel Protocol 

      VPDN Configuration Guide 

      VPDN Configuration and Troubleshooting 

      Security Configuration Guide 

      RADIUS Configuration Guide 

      Broadband Aggregation to MPLS VPN 

      Remote Access to MPLS VPN 

      Network-Based IPsec VPN Solutions 

      IPsec 

      GRE + IPsec 

      DMVPN 

      Split Tunneling 

      Prefragmentation  373

Chapter 10  Migration Strategies  

Network Planning 

      Writing the RFP 

      Architecture and Design Planning with the Service Providers 

      Project Management 

      SLAs with the Service Providers 

      Network Operations Training 

Implementation Planning 

      Phase 1  

      Phase 2 

      Phase 3 

      Phase 4 

On-Site Implementation 

Case Study Selections 

Summary 

Part III Appendix  

Appendix Questions to Ask Your Provider Regarding Layer 3 IP/MPLS VPN Capability