Selecting MPLS VPN services : a guide to using and defining MPLS VPN services

A guide to using and defining MPLS VPN services Analyze strengths and weaknesses of TDM and Layer 2 WAN services Understand the primary business and technical issues when evaluating IP/MPLS VPN offerings Describe the IP addressing, routing, load balancing, convergence, and services capabilities of the IP VPN Develop enterprise quality of service (QoS) policies and implementation guidelines Achieve scalable support for multicast services Learn the benefits and drawbacks of various security and encryption mechanisms Ensure proper use of services and plan for future growth with monitoring and reporting services Provide remote access, Internet access, and extranet connectivity to the VPN supported intranet Provide a clear and concise set of steps to plan and execute a network migration from existing ATM/Frame Relay/leased line networks to an IP VPN IP/MPLS VPNs are compelling for many reasons. For enterprises, they enable right-sourcing of WAN services and yield generous operational cost savings. For service providers, they offer a higher level of service to customers and lower costs for service deployment. Migration comes with challenges, however. Enterprises must understand key migration issues, what the realistic benefits are, and how to optimize new services. Providers must know what aspects of their services give value to enterprises and how they can provide the best value to customers. Selecting MPLS VPN Services helps you analyze migration options, anticipate migration issues, and properly deploy IP/MPLS VPNs. Detailed configurations illustrate effective deployment while case studies present available migration options and walk you through the process of selecting the best option for your network. Part I addresses the business case for moving to an IP/MPLS VPN network, with a chapter devoted to the business and technical issues you should review when evaluating IP/MPLS VPN offerings from major providers. Part II includes detailed deployment guidelines for the technologies used in the IP/MPLS VPN. This book is part of the Networking Technology Series from Cisco Press (R), which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

Part I Business Analysis and Requirements of IP/MPLS VPN Chapter 1 Assessing Enterprise Legacy WANs and IP/VPN Migration Current State of Enterprise Networks Evolutionary Change of Enterprise Networks Acme, a Global Manufacturer Acme's Global Span Business Desires of Acme's Management Acme's IT Applications Base Acme's IT Communications Infrastructure New WAN Technologies for Consideration by Acme Layer 3 IP/MPLS VPN Services Layer 2 IP/MPLS VPN Services Convergence Services Internet Access Mobile Access and Teleworker Access Voice Services: Service Provider Hosted PSTN Gateway Voice Services: Service Provider Hosted IP Telephony Summary Chapter 2 Assessing Service Provider WAN Offerings Enterprise/Service Provider Relationship and Interface Investigation Required in Selecting a Service Provider Coverage, Access, and IP Financial Strength of the Service Provider Convergence Transparency IP Version 6 Provider Cooperation/Tiered Arrangements Enhanced Service-Level Agreement Customer Edge Router Management Service Management Customer Reports and SLA Validation Summary Chapter 3 Analyzing Service Requirements Application/Bandwidth Requirements Backup and Resiliency Enterprise Segmentation Requirements Mapping VLANs to VPNs in the Campus Access Technologies Frame Relay ATM Dedicated Circuit from CE to PE ATM PVC from CE to PE Frame Relay PVC from CE to PE Metro Ethernet QoS Requirements Bandwidth Packet Delay and Jitter Packet Loss Enterprise Loss, Latency, and Jitter Requirements QoS at Layer 2 Subscriber Network QoS Design Baseline New Applications Develop the Network Security Requirements Topological and Network Design Considerations SP-Managed VPNs Multiprovider Considerations Extranets Case Study: Analyzing Service Requirements for Acme, Inc. Layer 2 Description Existing Customer Characteristics That Are Required in the New Network DefenseCo's Backbone Is a Single Autonomous System Reasons for Migrating to MPLS Evaluation Testing Phase Routing Convergence Jitter and Delay Congestion, QoS, and Load Testing Vendor Knowledge and Technical Performance Evaluation Tools TTCP Lessons Learned Transition and Implementation Concerns and Issues Post-Transition Results Summary References Part II Deployment Guidelines Chapter 4 IP Routing with IP/MPLS VPNs Introduction to Routing for the Enterprise MPLS VPN Implementing Routing Protocols Network Topology Addressing and Route Summarization Route Selection Convergence Network Scalability Memory CPU Security Site Typifying WAN Access: Impact on Topology Site Type: Topology WAN Connectivity Standards Site Type A Attached Sites: Dual CE and Dual PE Site Type B/3 Dual-Attached Site-Single CE, Dual PE Site Type B/3 Dual-Attached Site-Single CE, Single PE Site Type D Single-Attached Site-Single CE with Backup Convergence: Optimized Recovery IP Addressing Routing Between the Enterprise and the Service Provider Using EIGRP Between the CE and PE How EIGRP MPLS VPN PE-to-CE Works PE Router: Non-EIGRP-Originated Routes PE Router: EIGRP-Originated Internal Routes PE Router: EIGRP-Originated External Routes Multiple VRF Support Extended Communities Defined for EIGRP VPNv4 Metric Propagation Configuring EIGRP for CE-to-PE Operation Using BGP Between the CE and PE Securing CE-PE Peer Sessions Improving BGP Convergence Case Study: BGP and EIGRP Deployment in Acme, Inc. Small Site-Single-Homed, No Backup Medium Site-Single-Homed with Backup Medium Site-Single CE Dual-Homed to a Single PE Large Site-Dual-Homed (Dual CE, Dual PE) Load Sharing Across Multiple Connections Very Large Site/Data Center-Dual Service Provider MPLS VPN Site Typifying Site Type A Failures Solutions Assessment Summary References Cisco Press Chapter 5 Implementing Quality of Service Introduction to QoS Building a QoS Policy: Framework Considerations QoS Tool Chest: Understanding the Mechanisms Classes of Service Hardware Queuing Software Queuing QoS Mechanisms Defined Pulling It Together: Build the Trust Building the Policy Framework Classification and Marking of Traffic Trusted Edge Device Trust Application Trust CoS and DSCP Strategy for Classifying Voice Bearer Traffic QoS on Backup WAN Connections Shaping/Policing Strategy Queuing/Link Efficiency Strategy IP/VPN QoS Strategy Approaches for QoS Transparency Requirements for the Service Provider Network QoS CoS Requirements for the SP Network WRED Implementations Identification of Traffic What Would Constitute This Real-Time Traffic? QoS Requirements for Voice, Video, and Data QoS Requirements for Voice QoS Requirements for Video QoS Requirements for Data The LAN Edge: L2 Configurations Classifying Voice on the WAN Edge Classifying Video on the WAN Edge Classifying Data on the WAN Edge Case Study: QoS in the Acme, Inc. Network QoS for Low-Speed Links: 64 kbps to 1024 kbps QoS Reporting Summary References Chapter 6 Multicast in an MPLS VPN Introduction to Multicast for the Enterprise MPLS VPN Multicast Considerations Mechanics of IP Multicast RPF Source Trees Versus Shared Trees Protocol-Independent Multicast Interdomain Multicast Protocols Source-Specific Multicast Multicast Addressing Administratively Scoped Addresses Deploying the IP Multicast Service Default PIM Interface Configuration Mode Host Signaling Sourcing Multicast Deployment Models Any-Source Multicast Source-Specific Multicast Enabling SSM 206 Multicast in an MPLS VPN Environment: Transparency Multicast Routing Inside the VPN Case Study: Implementing Multicast over MPLS for Acme Multicast Addressing Multicast Address Management Predeployment Considerations MVPN Configuration Needs on the CE Boundary ACL Positioning of Multicast Boundaries Configuration to Apply a Boundary Access List Rate Limiting MVPN Deployment Plan Preproduction User Test Sequence What Happens When There Is No MVPN Support? Other Considerations and Challenges Summary References Chapter 7 Enterprise Security in an MPLS VPN Environment Setting the Playing Field Comparing MPLS VPN Security to Frame Relay Networks Security Concerns Specific to MPLS VPNs Issues for Enterprises to Resolve When Connecting at Layer 3 to Provider Networks History of IP Network Attacks Strong Password Protection Preparing for an Attack Identifying an Attack Initial Precautions Basic Attack Mitigation Basic Security Techniques Remote-Triggered Black-Hole Filtering Loose uRPF for Source-Based Filtering Strict uRPF and Source Address Validation Sinkholes and Anycast Sinkholes Backscatter Traceback Cisco Guard Distributed DoS, Botnets, and Worms Anatomy of a DDoS Attack Botnets Worm Mitigation Case Study Selections Summary References Comparing MPLS VPN to Frame Relay Security ACL Information Miscellaneous Security Tools Cisco Reference for MPLS Technology and Operation Cisco Reference for Cisco Express Forwarding Public Online ISP Security Bootcamp Tutorials, Workshops, and Bootcamps Original Backscatter Traceback and Customer-Triggered Remote- Triggered Black-Hole Techniques Source for Good Papers on Internet Technologies and Security Security Work Definitions NANOG SP Security Seminars and Talks Birds of a Feather and General Security Discussion Sessions at NANOG Chapter 8 MPLS VPN Network Management The Enterprise: Evaluating Service Provider Management Capabilities Provisioning SLA Monitoring Fault Management Reporting Root Cause Analysis The Enterprise: Managing the VPN Planning Ordering Provisioning Monitoring Optimization The Service Provider: How to Meet and Exceed Customer Expectations Provisioning Fault Monitoring OAM and Troubleshooting Fault Management SLA Monitoring Reporting Summary References Chapter 9 Off-Net Access to the VPN Remote Access Dial Access via RAS Dial Access via L2TP Connecting L2TP Solutions to VRFs DSL Considerations Cable Considerations IPsec Access GRE + IPsec on the CPE CE-to-CE IPsec The Impact of Transporting Multiservice Traffic over IPsec Split Tunneling in IPsec Supporting Internet Access in IP VPNs Case Study Selections Summary References General PPP Information Configuring Dial-In Ports L2TP Layer 2 Tunnel Protocol Fact Sheet Layer 2 Tunnel Protocol VPDN Configuration Guide VPDN Configuration and Troubleshooting Security Configuration Guide RADIUS Configuration Guide Broadband Aggregation to MPLS VPN Remote Access to MPLS VPN Network-Based IPsec VPN Solutions IPsec GRE + IPsec DMVPN Split Tunneling Prefragmentation 373 Chapter 10 Migration Strategies Network Planning Writing the RFP Architecture and Design Planning with the Service Providers Project Management SLAs with the Service Providers Network Operations Training Implementation Planning Phase 1 Phase 2 Phase 3 Phase 4 On-Site Implementation Case Study Selections Summary Part III Appendix Appendix Questions to Ask Your Provider Regarding Layer 3 IP/MPLS VPN Capability 1587051915TOC012406