Building MPLS-based broadband access VPNs

Implement the design principles and configurations behind MPLS-based VPNs for broadband access networks The book discusses how MPLS and its VPN service are best used in a broadband environment, concentrating on key design issues and solutions, including How to manage tens of thousands of interfaces and host routes and hundreds of dynamic VPNs When a Virtual Home Gateway is necessary Why use dynamic address assignment How routes should be summarized into the core Deploy MPLS VPNs successfully in broadband networks with Building MPLS-Based Broadband Access VPNs. This book helps you understand why and how today's broadband networks function, covering the principal access technologies: DSL, Ethernet, and cable. The book also examines the different tunneling protocols used for VPN solutions today, namely GRE, IPSec, and L2TP, with examples of how these solutions are deployed and a discussion of their strengths and weaknesses. Building MPLS-Based Broadband Access VPNs also includes an in-depth description of the IOS VRF Lite, which helps you use VRF-aware features with an IP core. Detailed descriptions of the technologies, design principles, network configurations, and case studies are provided throughout the book, helping you develop a pragmatic understanding of MPLS-based broadband access VPNs. Obtain a realistic understanding of large-scale broadband access network design requirements Recognize the business impact of using MPLS to provide access VPN services, including the advantages of QoS, availability, and provisioning Use MPLS in access VPN and transport networks and deal with the unique scalability problems that such networks pose Leverage VRF-aware features to deploy IP-based VPNs Includes detailed Cisco IOS configuration examples based on real-world scenarios This book is part of the Networking Technology Series from Cisco Press? which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

Foreword Introduction Chapter 1 Introduction: Broadband Access and Virtual Private Networks Broadband Networks and Operators The Players in Broadband DSL Networks Metropolitan-Area Networks The Role of the Access Network Shifting the Location of the Processing Service Models: Who Buys What Business Subscribers Residential Subscribers IP Virtual Private Networks for Broadband A VPN Taxonomy Layer 2 and Layer 3 VPN Alternatives Overlay VPNs The Peer Model A Simplified Framework for Broadband VPN Data Confidentiality Efficient Operation Efficient Routing High Availability and Resiliency Device-Level Redundancy Network-Level Redundancy Multicast Quality of Service Fragmentation Authentication, Authorization, and Accounting (AAA) Service Selection Support for Any IP Addressing Plan Efficient Address Assignment Additional Layer 3 Services Summary Chapter 2 Delivering Broadband Access Today: An Access Technologies Primer Architecture 1: Bridged Access Networks Bridging in DSL Using RFC 2684 RBE Configuration RBE Quality of Service RBE Routing RBE Address Assignment More Bridged Access-Cable and DOCSIS DOCSIS Cisco IOS Configuration Cable Address Assignment Broadband Ethernet-Ethernet to the Home/Business (ETTX) Long Reach Ethernet ETTX Configuration ETTX Quality of Service ETTX Address Assignment Security Considerations for Bridged Broadband Architectures Security in DSL Broadband Networks Security in Cable Broadband Networks Security in Ethernet Broadband Networks Authentication and Accounting in Bridged Broadband Architectures Architecture 2: Point-to-Point Protocol Networks PPP over Ethernet-The CPE as a Bridge PPPoE Configuration PPPoE Service Selection and Discovery PPP over ATM: The CPE as a Router PPPoA Configuration PPP Address Assignments Use of On-Demand Address Pools PPP Quality of Service PPP Authentication, Accounting, and Security Port-Based Authentication PPP Security Summary Chapter 3 VPNs in Broadband Networks Tunnels, Hubs, and Spokes To Distribute or Centralize? Access VPN Requirements Reminder Case 1: A Site VPN with Non-IP Traffic-GRE GRE Protocol and Operation GRE Configuration GRE Design Considerations Case 2: VPN over Anything-IPSec IPSec Protocol and Operation AH and ESP Headers for Authentication and Encryption Key Exchange with IKE IPSec Tunnel and Transport Mode Encapsulations IPSec Configuration IPSec Configuration Examples Simple Site-to-Site IPSec Encrypted GRE Dynamic Multicast VPN IPSec for Remote Access IPSec Design Considerations Case 3: L2TP-For Open Access L2TP Protocol and Operation L2TP Tunnel Setup L2TP Session Setup L2TP Configuration Scaling L2TP Networks Data Plane: L2TP LNS Redundancy and Load Balancing Control Plane: AAA Redundancy and Load Balancing L2TP Tunnel Switching L2TP Design Considerations Other Open Access Solutions Open Access with Network Address Translation Open Access with Policy-Based Routing Summary Chapter 4 Introduction to MPLS Definition of MPLS IP and MPLS Packet Forwarding MPLS Encapsulation Label Distribution LDP Operation Traffic Engineering MPLS-TE Cisco IOS Configuration Layer 3 VPN Services (RFC 2547) MPLS-VPN Attributes MPLS-VPN Cisco IOS Configuration MPLS QoS QoS in MPLS Packet Headers Complication 1: DSCP Complication 2: ATM Tunnels and Pipes DiffServ-Aware Traffic Engineering Summary Chapter 5 Introduction to MPLS-Based Access VPN Architectures Architecture Overview of an MPLS-Based Access VPN The Role of the PE Mapping Cable Subscribers to VRFs Mapping Ethernet Subscribers to VRFs Mapping DSL Subscribers to VRFs Routed Interfaces Routed Bridge Encapsulation PPP Virtual Home Gateway VHG for Cable or Ethernet Examples of the Basic Architectures Direct PPP Termination Configuration Monitoring Direct PPP Termination Two-Box Virtual Home Gateway Example Monitoring the Two-Box VHG Solution Multi-VRF CE Configuration Comparison Using the Broadband VPN Framework Data Confidentiality Efficient Operation Efficient Routing High Availability and Resiliency Multicast Quality of Service Fragmentation Authentication, Authorization, and Accounting Service Selection Support Any IP Addressing Plan Efficient Address Management Additional L3 Services Summary Chapter 6 Wholesale MPLS-VPN Related Service Features Bindings Again-Dynamic VRF Allocation AAA Again-VRF Name and the AAA Attribute Direct PPP Termination and Aggregation with AAA VHG with AAA DHCP-Life Without AAA PBR-A Two-Box Solution Service Selection Gateway-Another Two-Box Solution VRF Select Proxy RADIUS and Per-VRF AAA Per-VRF AAA Configuration Per-VRF AAA Templates Per-VRF AAA Accounting Assigning and Managing Overlapping Addresses Overlapping Device-Local Pools On-Demand Address Pools The Host Route Solution ODAP and Address Assignments Summary Chapter 7 Implementing Network-Based Access VPNs Without MPLS Introduction to Virtual Routers Implementing Virtual Routing with Cisco IOS Using Tunnels to Build Network-Based IP VPN Using GRE for IP VPN Using IPSec for IP VPN Routing Between VRF-Lite PEs Campus Hop-to-Hop Topology RIP Between VRF-LITE RIP to BGP Summary Chapter 8 Case Studies for Using MPLS with Broadband VPNs Case Study 1: Managed LNS Service Definitions L2TP-Based Wholesale Service: Managed LNS Clients Circuit Aggregation: LAC IP Aggregation: LNS Control Plane: AAA Network and Service Availability MPLS-Based Wholesale Service Clients PTA PE ISP PE Address Allocation and Routing Control Plane: AAA QoS and Multicast Case Study 2: D/V/V Over Ethernet Service Definitions Network Design Clients Access Layer: Circuit Aggregation Distribution Layer: IP Aggregation Adding Open Access An Alternative Open Access Design Summary Chapter 9 Future Developments in Broadband Access Introduction to IPv6 Address Space Size Addressing Extensions Autoconfiguration Deployment Scenarios of IPv6 Enterprise Deploys IPv6 Internally but Uses an IPv4 VPN Service A Retail ISP Moves to IPv6 Only the Wholesaler Moves to IPv6 L2 Transport and L2VPN Pseudo-wires AToM L2 Transport over L2TPv3 Applications and Implications for Broadband Access Summary Appendix A References and Bibliography Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapters 5, 6, 7, and 8 Chapter 9 Indx