Selecting MPLS VPN Services (Hardcover)

Chris Lewis, Steve Pickavance

  • 出版商: Cisco Press
  • 出版日期: 2006-02-23
  • 售價: $2,030
  • 貴賓價: 9.5$1,929
  • 語言: 英文
  • 頁數: 456
  • 裝訂: Hardcover
  • ISBN: 1587051915
  • ISBN-13: 9781587051913
  • 立即出貨(限量) (庫存=2)





A guide to using and defining MPLS VPN services

  • Analyze strengths and weaknesses of TDM and Layer 2 WAN services
  • Understand the primary business and technical issues when evaluating IP/MPLS VPN offerings
  • Describe the IP addressing, routing, load balancing, convergence, and services capabilities of the IP VPN
  • Develop enterprise quality of service (QoS) policies and implementation guidelines
  • Achieve scalable support for multicast services
  • Learn the benefits and drawbacks of various security and encryption mechanisms
  • Ensure proper use of services and plan for future growth with monitoring and reporting services
  • Provide remote access, Internet access, and extranet connectivity to the VPN supported intranet
  • Provide a clear and concise set of steps to plan and execute a network migration from existing ATM/Frame Relay/leased line networks to an IP VPN

IP/MPLS VPNs are compelling for many reasons. For enterprises, they enable right-sourcing of WAN services and yield generous operational cost savings. For service providers, they offer a higher level of service to customers and lower costs for service deployment.


Migration comes with challenges, however. Enterprises must understand key migration issues, what the realistic benefits are, and how to optimize new services. Providers must know what aspects of their services give value to enterprises and how they can provide the best value to customers.


Selecting MPLS VPN Services helps you analyze migration options, anticipate migration issues, and properly deploy IP/MPLS VPNs. Detailed configurations illustrate effective deployment while case studies present available migration options and walk you through the process of selecting the best option for your network. Part I addresses the business case for moving to an IP/MPLS VPN network, with a chapter devoted to the business and technical issues you should review when evaluating IP/MPLS VPN offerings from major providers. Part II includes detailed deployment guidelines for the technologies used in the IP/MPLS VPN.


This book is part of the Networking Technology Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.


Table of Contents:

Part I      Business Analysis and Requirements of IP/MPLS VPN

Chapter 1   Assessing Enterprise Legacy WANs and IP/VPN Migration
Current State of Enterprise Networks 

Evolutionary Change of Enterprise Networks 

Acme, a Global Manufacturer 

      Acme’s Global Span 

      Business Desires of Acme’s Management 

      Acme’s IT Applications Base 

      Acme’s IT Communications Infrastructure 

New WAN Technologies for Consideration by Acme 

      Layer 3 IP/MPLS VPN Services 

      Layer 2 IP/MPLS VPN Services 

Convergence Services 

      Internet Access 

      Mobile Access and Teleworker Access 

      Voice Services: Service Provider Hosted PSTN Gateway 

      Voice Services: Service Provider Hosted IP Telephony 


Chapter 2   Assessing Service Provider WAN Offerings  

Enterprise/Service Provider Relationship and Interface 

Investigation Required in Selecting a Service Provider 

      Coverage, Access, and IP 

      Financial Strength of the Service Provider 



      IP Version 6 

      Provider Cooperation/Tiered Arrangements 

      Enhanced Service-Level Agreement 

      Customer Edge Router Management 

Service Management 

      Customer Reports and SLA Validation 


Chapter 3   Analyzing Service Requirements  

Application/Bandwidth Requirements 

Backup and Resiliency 

Enterprise Segmentation Requirements 

      Mapping VLANs to VPNs in the Campus 

Access Technologies 

      Frame Relay 


      Dedicated Circuit from CE to PE 

      ATM PVC from CE to PE 

      Frame Relay PVC from CE to PE 

      Metro Ethernet 

QoS Requirements 


      Packet Delay and Jitter 

      Packet Loss 

      Enterprise Loss, Latency, and Jitter Requirements 

      QoS at Layer 2 

Subscriber Network QoS Design 

      Baseline New Applications 

      Develop the Network 

Security Requirements 

      Topological and Network Design Considerations 

      SP-Managed VPNs 

Multiprovider Considerations 


Case Study: Analyzing Service Requirements for Acme, Inc. 

      Layer 2 Description 

      Existing Customer Characteristics That Are Required in the New    Network 

      DefenseCo’s Backbone Is a Single Autonomous System 

      Reasons for Migrating to MPLS 

      Evaluation Testing Phase 

      Routing Convergence 

      Jitter and Delay 

      Congestion, QoS, and Load Testing 

      Vendor Knowledge and Technical Performance 

      Evaluation Tools 


      Lessons Learned  

      Transition and Implementation Concerns and Issues 

      Post-Transition Results 



Part II     Deployment Guidelines  

Chapter 4   IP Routing with IP/MPLS VPNs  

Introduction to Routing for the Enterprise MPLS VPN 

      Implementing Routing Protocols 

      Network Topology 

      Addressing and Route Summarization 

      Route Selection 


      Network Scalability 




Site Typifying WAN Access: Impact on Topology 

      Site Type: Topology 

      WAN Connectivity Standards 

      Site Type A Attached Sites: Dual CE and Dual PE 

      Site Type B/3 Dual-Attached Site–Single CE, Dual PE  

      Site Type B/3 Dual-Attached Site–Single CE, Single PE 

      Site Type D Single-Attached Site–Single CE with Backup 

      Convergence: Optimized Recovery 

      IP Addressing 

      Routing Between the Enterprise and the Service Provider 

      Using EIGRP Between the CE and PE 

      How EIGRP MPLS VPN PE-to-CE Works 

      PE Router: Non-EIGRP-Originated Routes 

      PE Router: EIGRP-Originated Internal Routes 

      PE Router: EIGRP-Originated External Routes 

      Multiple VRF Support 

      Extended Communities Defined for EIGRP VPNv4 

      Metric Propagation 

      Configuring EIGRP for CE-to-PE Operation 

      Using BGP Between the CE and PE 

      Securing CE-PE Peer Sessions 

      Improving BGP Convergence 

Case Study: BGP and EIGRP Deployment in Acme, Inc. 

      Small Site–Single-Homed, No Backup 

      Medium Site–Single-Homed with Backup 

      Medium Site–Single CE Dual-Homed to a Single PE 

      Large Site–Dual-Homed (Dual CE, Dual PE) 

      Load Sharing Across Multiple Connections 

      Very Large Site/Data Center–Dual Service Provider MPLS VPN 

      Site Typifying Site Type A Failures 

      Solutions Assessment 



      Cisco Press 

Chapter 5   Implementing Quality of Service  

Introduction to QoS 

      Building a QoS Policy: Framework Considerations 

QoS Tool Chest: Understanding the Mechanisms 

      Classes of Service 

      Hardware Queuing 

      Software Queuing 

      QoS Mechanisms Defined 

      Pulling It Together: Build the Trust 

Building the Policy Framework 

      Classification and Marking of Traffic 

      Trusted Edge 

      Device Trust 

      Application Trust 

      CoS and DSCP 

      Strategy for Classifying Voice Bearer Traffic 

      QoS on Backup WAN Connections 

      Shaping/Policing Strategy 

      Queuing/Link Efficiency Strategy 

IP/VPN QoS Strategy 

      Approaches for QoS Transparency Requirements for the Service Provider


      QoS CoS Requirements for the SP Network 

      WRED Implementations 

Identification of Traffic 

      What Would Constitute This Real-Time Traffic? 

QoS Requirements for Voice, Video, and Data 

      QoS Requirements for Voice 

      QoS Requirements for Video 

      QoS Requirements for Data 

The LAN Edge: L2 Configurations 

      Classifying Voice on the WAN Edge 

      Classifying Video on the WAN Edge 

      Classifying Data on the WAN Edge 

Case Study: QoS in the Acme, Inc. Network 

      QoS for Low-Speed Links: 64 kbps to 1024 kbps 

QoS Reporting 



Chapter 6   Multicast in an MPLS VPN  

Introduction to Multicast for the Enterprise MPLS VPN 

      Multicast Considerations 

Mechanics of IP Multicast 


      Source Trees Versus Shared Trees 

      Protocol-Independent Multicast 

      Interdomain Multicast Protocols 

      Source-Specific Multicast 

      Multicast Addressing 

      Administratively Scoped Addresses 

      Deploying the IP Multicast Service 

      Default PIM Interface Configuration Mode 

      Host Signaling 


Multicast Deployment Models 

      Any-Source Multicast 

      Source-Specific Multicast 

      Enabling SSM  206
Multicast in an MPLS VPN Environment: Transparency 

      Multicast Routing Inside the VPN 

Case Study: Implementing Multicast over MPLS for Acme 

      Multicast Addressing 

      Multicast Address Management 

      Predeployment Considerations 

      MVPN Configuration Needs on the CE 

      Boundary ACL 

      Positioning of Multicast Boundaries 

      Configuration to Apply a Boundary Access List 

      Rate Limiting 

      MVPN Deployment Plan 

      Preproduction User Test Sequence 

What Happens When There Is No MVPN Support? 

      Other Considerations and Challenges 



Chapter 7   Enterprise Security in an MPLS VPN Environment  

Setting the Playing Field 

Comparing MPLS VPN Security to Frame Relay Networks 

      Security Concerns Specific to MPLS VPNs 

Issues for Enterprises to Resolve When Connecting at Layer 3 to Provider Networks 

      History of IP Network Attacks 

      Strong Password Protection 

      Preparing for an Attack 

      Identifying an Attack  

      Initial Precautions 

      Basic Attack Mitigation 

Basic Security Techniques 

      Remote-Triggered Black-Hole Filtering 

      Loose uRPF for Source-Based Filtering 

      Strict uRPF and Source Address Validation 

      Sinkholes and Anycast Sinkholes 

      Backscatter Traceback 

      Cisco Guard 

Distributed DoS, Botnets, and Worms 

      Anatomy of a DDoS Attack 


      Worm Mitigation 

Case Study Selections 



      Comparing MPLS VPN to Frame Relay Security 

      ACL Information 

      Miscellaneous Security Tools 

      Cisco Reference for MPLS Technology and Operation 

      Cisco Reference for Cisco Express Forwarding 

      Public Online ISP Security Bootcamp 

      Tutorials, Workshops, and Bootcamps 

      Original Backscatter Traceback and Customer-Triggered Remote-     Triggered Black-Hole Techniques 

      Source for Good Papers on Internet Technologies and Security 

      Security Work Definitions 

      NANOG SP Security Seminars and Talks 

      Birds of a Feather and General Security Discussion Sessions at NANOG 

Chapter 8   MPLS VPN Network Management  

The Enterprise: Evaluating Service Provider Management Capabilities 


      SLA Monitoring 

      Fault Management 


      Root Cause Analysis 

The Enterprise: Managing the VPN 






The Service Provider: How to Meet and Exceed Customer Expectations 


      Fault Monitoring 

      OAM and Troubleshooting 

      Fault Management 

      SLA Monitoring 




Chapter 9   Off-Net Access to the VPN  

Remote Access 

      Dial Access via RAS 

      Dial Access via L2TP 

      Connecting L2TP Solutions to VRFs 

      DSL Considerations 

      Cable Considerations 

IPsec Access 

      GRE + IPsec on the CPE 

      CE-to-CE IPsec 

      The Impact of Transporting Multiservice Traffic over IPsec 

      Split Tunneling in IPsec 

Supporting Internet Access in IP VPNs 

Case Study Selections 



      General PPP Information 

      Configuring Dial-In Ports 


      Layer 2 Tunnel Protocol Fact Sheet 

      Layer 2 Tunnel Protocol 

      VPDN Configuration Guide 

      VPDN Configuration and Troubleshooting 

      Security Configuration Guide 

      RADIUS Configuration Guide 

      Broadband Aggregation to MPLS VPN 

      Remote Access to MPLS VPN 

      Network-Based IPsec VPN Solutions 


      GRE + IPsec 


      Split Tunneling 

      Prefragmentation  373

Chapter 10  Migration Strategies  

Network Planning 

      Writing the RFP 

      Architecture and Design Planning with the Service Providers 

      Project Management 

      SLAs with the Service Providers 

      Network Operations Training 

Implementation Planning 

      Phase 1  

      Phase 2 

      Phase 3 

      Phase 4 

On-Site Implementation 

Case Study Selections 


Part III Appendix  

Appendix Questions to Ask Your Provider Regarding Layer 3 IP/MPLS VPN Capability  


一本關於使用和定義MPLS VPN服務的指南。

- 分析TDM和Layer 2 WAN服務的優點和缺點
- 瞭解評估IP/MPLS VPN方案時的主要商業和技術問題
- 描述IP VPN的IP地址分配、路由、負載平衡、收斂和服務能力
- 制定企業的服務品質(QoS)政策和實施指南
- 實現可擴展的多播服務支持
- 瞭解各種安全和加密機制的優點和缺點
- 通過監控和報告服務確保服務的正確使用和未來增長的計劃
- 為VPN支持的內部網提供遠程訪問、互聯網訪問和外部網連接
- 提供一套明確簡潔的步驟,計劃和執行從現有的ATM/Frame Relay/租用線網絡遷移至IP VPN的網絡遷移。

IP/MPLS VPN具有許多吸引人之處。對於企業來說,它們可以實現WAN服務的合理外包,並節省大量運營成本。對於服務提供商來說,它們可以為客戶提供更高水平的服務,並降低服務部署成本。


《選擇MPLS VPN服務》幫助您分析遷移選項,預測遷移問題,並正確部署IP/MPLS VPN。詳細的配置示例展示了有效的部署,案例研究介紹了可用的遷移選項,並引導您選擇最佳選項來構建您的網絡。第一部分討論了轉向IP/MPLS VPN網絡的商業案例,其中一章專門介紹了評估主要供應商提供的IP/MPLS VPN方案時應該考慮的商業和技術問題。第二部分包括了IP/MPLS VPN中使用的技術的詳細部署指南。

本書是Cisco Press®的Networking Technology Series系列的一部分,為網絡專業人士提供構建高效網絡、瞭解新技術和建立成功職業的寶貴信息。

第一部分:IP/MPLS VPN的商業分析和需求