Building MPLS-Based Broadband Access VPNs (Hardcover)

Kumar Reddy

  • 出版商: Cisco Press
  • 出版日期: 2004-11-25
  • 售價: $2,275
  • 貴賓價: 9.5$2,161
  • 語言: 英文
  • 頁數: 408
  • 裝訂: Hardcover
  • ISBN: 1587051362
  • ISBN-13: 9781587051364
  • 立即出貨(限量) (庫存=1)

買這商品的人也買了...

商品描述

Description:

Implement the design principles and configurations behind MPLS-based VPNs for broadband access networks

The book discusses how MPLS and its VPN service are best used in a broadband environment, concentrating on key design issues and solutions, including

  • How to manage tens of thousands of interfaces and host routes and hundreds of dynamic VPNs
  • When a Virtual Home Gateway is necessary
  • Why use dynamic address assignment
  • How routes should be summarized into the core

Deploy MPLS VPNs successfully in broadband networks with Building MPLS-Based Broadband Access VPNs. This book helps you understand why and how today's broadband networks function, covering the principal access technologies: DSL, Ethernet, and cable. The book also examines the different tunneling protocols used for VPN solutions today, namely GRE, IPSec, and L2TP, with examples of how these solutions are deployed and a discussion of their strengths and weaknesses.

Building MPLS-Based Broadband Access VPNs also includes an in-depth description of the IOS VRF Lite, which helps you use VRF-aware features with an IP core.

Detailed descriptions of the technologies, design principles, network configurations, and case studies are provided throughout the book, helping you develop a pragmatic understanding of MPLS-based broadband access VPNs.

  • Obtain a realistic understanding of large-scale broadband access network design requirements
  • Recognize the business impact of using MPLS to provide access VPN services, including the advantages of QoS, availability, and provisioning
  • Use MPLS in access VPN and transport networks and deal with the unique scalability problems that such networks pose
  • Leverage VRF-aware features to deploy IP-based VPNs
  • Includes detailed Cisco IOS configuration examples based on real-world scenarios

This book is part of the Networking Technology Series from Cisco Press‚ which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

 

 

Table of Contents:

Foreword

Introduction

Chapter 1            Introduction: Broadband Access and Virtual Private Networks

Broadband Networks and Operators

The Players in Broadband

DSL Networks

Metropolitan-Area Networks

 The Role of the Access Network

Shifting the Location of the Processing

 Service Models: Who Buys What

Business Subscribers

Residential Subscribers

IP Virtual Private Networks for Broadband

A VPN Taxonomy

Layer 2 and Layer 3 VPN Alternatives

Overlay VPNs

The Peer Model

A Simplified Framework for Broadband VPN

Data Confidentiality

Efficient Operation

Efficient Routing

 High Availability and Resiliency

Device-Level Redundancy

Network-Level Redundancy

Multicast

Quality of Service

Fragmentation

Authentication, Authorization, and Accounting (AAA)

Service Selection

Support for Any IP Addressing Plan

Efficient Address Assignment

Additional Layer 3 Services

Summary

Chapter 2            Delivering Broadband Access Today: An Access Technologies Primer

Architecture 1: Bridged Access Networks

Bridging in DSL Using RFC 2684

RBE Configuration

RBE Quality of Service

RBE Routing

RBE Address Assignment

 More Bridged Access—Cable and DOCSIS

DOCSIS Cisco IOS Configuration

Cable Address Assignment

 Broadband Ethernet—Ethernet to the Home/Business (ETTX)

Long Reach Ethernet

ETTX Configuration

ETTX Quality of Service

ETTX Address Assignment

Security Considerations for Bridged Broadband Architectures

Security in DSL Broadband Networks

Security in Cable Broadband Networks

Security in Ethernet Broadband Networks

Authentication and Accounting in Bridged Broadband Architectures

Architecture 2: Point-to-Point Protocol Networks

PPP over Ethernet—The CPE as a Bridge

PPPoE Configuration

PPPoE Service Selection and Discovery

PPP over ATM: The CPE as a Router

PPPoA Configuration

PPP Address Assignments

Use of On-Demand Address Pools

PPP Quality of Service

PPP Authentication, Accounting, and Security

Port-Based Authentication

PPP Security

 Summary

Chapter 3            VPNs in Broadband Networks

Tunnels, Hubs, and Spokes

To Distribute or Centralize?

Access VPN Requirements Reminder

Case 1: A Site VPN with Non-IP Traffic—GRE

GRE Protocol and Operation

GRE Configuration

GRE Design Considerations

Case 2: VPN over Anything—IPSec

IPSec Protocol and Operation

AH and ESP Headers for Authentication and Encryption

Key Exchange with IKE

IPSec Tunnel and Transport Mode Encapsulations

IPSec Configuration

 IPSec Configuration Examples

Simple Site-to-Site IPSec

Encrypted GRE

Dynamic Multicast VPN

IPSec for Remote Access

 IPSec Design Considerations

 Case 3: L2TP—For Open Access

L2TP Protocol and Operation

L2TP Tunnel Setup

L2TP Session Setup

L2TP Configuration

Scaling L2TP Networks

Data Plane: L2TP LNS Redundancy and Load Balancing

Control Plane: AAA Redundancy and Load Balancing

L2TP Tunnel Switching

 L2TP Design Considerations

Other Open Access Solutions

Open Access with Network Address Translation

Open Access with Policy-Based Routing

Summary

Chapter 4            Introduction to MPLS

 Definition of MPLS

IP and MPLS Packet Forwarding

MPLS Encapsulation

Label Distribution

LDP Operation

Traffic Engineering

MPLS-TE Cisco IOS Configuration

Layer 3 VPN Services (RFC 2547)

MPLS-VPN Attributes

MPLS-VPN Cisco IOS Configuration

MPLS QoS

QoS in MPLS Packet Headers

Complication 1: DSCP

Complication 2: ATM

 Tunnels and Pipes

DiffServ-Aware Traffic Engineering

Summary

Chapter 5            Introduction to MPLS-Based Access VPN Architectures

 Architecture Overview of an MPLS-Based Access VPN

The Role of the PE

Mapping Cable Subscribers to VRFs

Mapping Ethernet Subscribers to VRFs

Mapping DSL Subscribers to VRFs

Routed Interfaces

Routed Bridge Encapsulation

PPP

 Virtual Home Gateway

 VHG for Cable or Ethernet

Examples of the Basic Architectures

Direct PPP Termination Configuration

Monitoring Direct PPP Termination

Two-Box Virtual Home Gateway Example

Monitoring the Two-Box VHG Solution

Multi-VRF CE Configuration

 Comparison Using the Broadband VPN Framework

Data Confidentiality

Efficient Operation

Efficient Routing

High Availability and Resiliency

Multicast

Quality of Service

Fragmentation

Authentication, Authorization, and Accounting

Service Selection

Support Any IP Addressing Plan

Efficient Address Management

Additional L3 Services

Summary

Chapter 6            Wholesale MPLS-VPN Related Service Features

Bindings Again—Dynamic VRF Allocation

AAA Again—VRF Name and the AAA Attribute

Direct PPP Termination and Aggregation with AAA

 VHG with AAA

DHCP—Life Without AAA

PBR—A Two-Box Solution

Service Selection Gateway—Another Two-Box Solution

VRF Select

Proxy RADIUS and Per-VRF AAA

Per-VRF AAA Configuration

Per-VRF AAA Templates

Per-VRF AAA Accounting

Assigning and Managing Overlapping Addresses

 Overlapping Device-Local Pools

 On-Demand Address Pools

The Host Route Solution

ODAP and Address Assignments

Summary

Chapter 7            Implementing Network-Based Access VPNs Without MPLS

Introduction to Virtual Routers

Implementing Virtual Routing with Cisco IOS

Using Tunnels to Build Network-Based IP VPN

Using GRE for IP VPN

Using IPSec for IP VPN

Routing Between VRF-Lite PEs

Campus Hop-to-Hop Topology

RIP Between VRF-LITE

RIP to BGP

Summary

Chapter 8            Case Studies for Using MPLS with Broadband VPNs

Case Study 1: Managed LNS

Service Definitions

L2TP-Based Wholesale Service: Managed LNS

Clients

Circuit Aggregation: LAC

IP Aggregation: LNS

Control Plane: AAA

Network and Service Availability

MPLS-Based Wholesale Service

Clients

PTA PE

ISP PE

Address Allocation and Routing

Control Plane: AAA

QoS and Multicast

Case Study 2: D/V/V Over Ethernet

Service Definitions

Network Design

Clients

Access Layer: Circuit Aggregation

Distribution Layer: IP Aggregation

Adding Open Access

An Alternative Open Access Design

Summary

Chapter 9            Future Developments in Broadband Access

Introduction to IPv6

Address Space Size

Addressing

Extensions

Autoconfiguration

Deployment Scenarios of IPv6

Enterprise Deploys IPv6 Internally but Uses an IPv4 VPN Service

A Retail ISP Moves to IPv6

Only the Wholesaler Moves to IPv6

L2 Transport and L2VPN

Pseudo-wires

AToM

L2 Transport over L2TPv3

 Applications and Implications for Broadband Access

Summary

Appendix A            References and Bibliography

Chapter 1

Chapter 2

Chapter 3

Chapter 4

Chapters 5, 6, 7, and 8

Chapter 9

Indx 

商品描述(中文翻譯)

描述:
實現基於MPLS的寬頻接入網絡的設計原則和配置。
本書討論了MPLS及其VPN服務在寬頻環境中的最佳應用,重點關注關鍵的設計問題和解決方案,包括:
- 如何管理數萬個接口和主機路由以及數百個動態VPN
- 何時需要虛擬家庭網關
- 為什麼使用動態地址分配
- 如何將路由總結到核心網絡中

使用《基於MPLS的寬頻接入VPN構建》在寬頻網絡中成功部署MPLS VPN。本書幫助您了解當今寬頻網絡的運作原理,涵蓋主要的接入技術:DSL、以太網和有線電視。本書還探討了用於VPN解決方案的不同隧道協議,包括GRE、IPSec和L2TP,並提供了這些解決方案的部署示例以及其優點和缺點的討論。

《基於MPLS的寬頻接入VPN構建》還包括對IOS VRF Lite的詳細描述,幫助您在IP核心網絡中使用VRF-aware功能。

本書全書提供了技術、設計原則、網絡配置和案例研究的詳細描述,幫助您對基於MPLS的寬頻接入VPN有實用的理解。

目錄:
- 前言
- 引言
- 第1章:引言:寬頻接入和虛擬私有網絡
- 寬頻網絡和運營商
- 寬頻中的參與者
- 第2章:MPLS和VPN基礎知識
- MPLS和VPN的基本概念
- MPLS和VPN的設計原則
- 第3章:寬頻接入網絡設計
- 寬頻接入網絡的需求
- 寬頻接入網絡的設計原則
- 第4章:MPLS在寬頻接入網絡中的應用
- MPLS在寬頻接入網絡中的優勢
- MPLS在寬頻接入網絡中的部署
- 第5章:VRF Lite
- VRF Lite的基本概念
- VRF Lite的設計和配置
- 第6章:案例研究
- 寬頻接入網絡的案例研究
- MPLS VPN的案例研究
- 第7章:結論
- 寬頻接入網絡的未來發展
- MPLS VPN的未來發展

本書是Cisco Press的Networking Technology Series系列的一部分,為網絡專業人士提供構建高效網絡、了解新技術和建立成功職業的寶貴信息。