1 © 2002, Cisco Systems, Inc. All rights reserved. Power point presentation slides bundled from Cisco Systems, Inc. presentations MPLS IP-VPNs Featured

1© 2002, Cisco Systems, Inc. All rights reserved.

Power point presentation slides bundled from Cisco Systems, Inc. presentations

MPLS IP-VPNs Featured


MPLS based IP VPN Services in EMEA

Cisco Providing IP VPN Technology to 90%+ of Leading Service Providers in Europe, Middle East and Africa

Cisco Providing IP VPN Technology to 90%+ of Leading Service Providers in Europe, Middle East and Africa



MPLS : Network-based IP-VPN Services

Network based VPNNetwork based VPNVPN’s are “built-in” rather VPN’s are “built-in” rather

than “overlaid”than “overlaid”

Network based VPNNetwork based VPNVPN’s are “built-in” rather VPN’s are “built-in” rather

than “overlaid”than “overlaid”

VPN A

VPN B

VPN C

VPN AVPN B

VPN C

VPN A

VPN BVPN B

VPN CVPN CVPN AVPN A

VPN CVPN CVPN BVPN B

MPLS-NetworkFR, ATM, IP-Tunnel

CPE-based VPN’sCPE-based VPN’sDirect connectivity among Selected Sites

Network-based VPN’sNetwork-based VPN’sAny-to-Any Connectivity among ALL Sites


MPLS : New Industry Standard for Carrier Networks

• What is it ? Multi-Protocol Label Switching IETF industry standard (RFC’s 2702, 3031 – 3038, 3063)

based on Cisco’s Tag SwitchingTag Switching submission

• How does it work ? Forwards packets based on Labels

Packets are switched, not routed• Best of both worlds :

PrivacyPrivacy and and QoSQoS of ATM, Frame Relay of ATM, Frame Relay FlexibilityFlexibility and and ScalabilityScalability of IP of IP

• MPLS-VPN’s are a Cisco Value Added Feature (RFC 2547bis)


Positioning VPN Services and Technologies

Leased Lines

ATM

Frame Relay

Public Internet

Performance Availability Security

Scalabilitylow high Flexibility

Simplicity Coverage

Rel

iab

ilit

ylo

wh

igh

IPSec-based IP VPN

MPLS-based IP VPN


Positioning VPN Services and TechnologiesCosts versus Performance

Technology development is driving the adoption of lower cost services

Incr

ea

sin

g p

ric

e le

vel

s

Increasing performance and capabilities

MPLS based VPNFrame relay

ATM

Public Internet VPN

Leased lines

Performance is increasing as

technologies develop

Enterprises are seeking to reduce

WAN costs


MPLS based IP-VPN vs Frame-relayValue Proposition for Corporate Customer

• ScalabilityFrom Low to Very High speed access for Sites/Users

Can use Any Access Technology

Small to Very Large number of Sites

Ideal platform for SP Hosted Services

• Security GuaranteesFR/ATM equivalent without needing encryption

Protection from the open Internet

• FlexibilitySimple Any-to-Any communication

Easily Add or Remove Sites/Users

IP addressing freedom

Flexible Site Backup/resiliency options

Ready for Distributed Applications

• Performance GuaranteesMultiple Classes of Service for Data

Voice & Video Applications

SLA’s with Predictable Latency, Throughput, Availability, Packet Loss, Jitter

• Coverage & ReachONnet Coverage for highest

performance, functionality and SLA

OFFnet, Global coverage for far-away Sites, Extranet extensions and Remote Users

• Price/Cost EfficiencyLeverage IP’s Lower price per bit

Converged Network for Data/Voice/Video

Best access solution for every Site

Outsourced Solution


Ethernet VPN PositioningMPLS-VPN vs EMS vs ERS vs FR/ATM

Functionality L3 MPLS-VPN EMS ERS FR/ATM (Trad.) FR/ATM (AToM)Connectivity model Any-to-Any Any-to-Any Pt-to-Pt Pt-to-Pt Pt-to-PtAccess Technologies Any Ethernet over X Ethernet over X LL LL, DSL…Access Speeds 28,8 Kbit - Gigabit Mbit - Gbit Mbit - Gbit up to 2Mbit/34Mbit up to STM16Access Techno Interworking Yes No, except with EthoX No, except with EthoX No YesSmall VPN's (up to 25 Sites) Yes Yes Yes Yes YesMedium VPN's (up to 100 Sites) Yes Number of IGP adjacencies Yes Yes YesLarge VPN's (more than 100 Sites) Yes NO Yes Yes YesCPE Router Yes, Typical Yes, Typical Yes, Typical Yes, Typical Yes, TypicalCPE Bridge Yes, Limited E2E functionalityYes, Mind MAC scaling No No NoCPE Management 80% SP / 20% Ent 20% SP / 80% Ent 20% SP / 80% Ent 50% SP / 50% Ent 5% SP / 95% EntMultiprotocol support via GRE Tunnels Native Native Native NativeIGP Transparency NO Yes Yes Yes YesIP-COS Transparency via MPLS to Site Yes Yes Yes YesQos model Site-to-Cloud L3-Qos Site-to-Cloud L2-Qos Site-to-Site L2-Qos Site-to-Site L2-Qos Site-to-Site L2-QosLoadbalancing CE-PE / PE-CE Yes No (possible per VLAN) Yes Yes YesSite Access Line Backup Yes No Yes Yes YesMulticast Optimised (using mvpn) No Optimisation No Optimisation No Optimisation No OptimisationInternet Access support Yes NO Yes Yes YesMulti-tenant Solution Multi-VPN CE Hierarchical VPLSPE Intelligence Learn Customer IP add Learn Customer MAC add VLAN-to-PW map Edge circuit -to- Core circuitFR/ATM PVC-to-PW mapService Pricing BW/Origin BW/Origin BW/Origin-Destination/ BW/Origin-Destination/ BW/Origin-Destination/Bandwidth Guarantees Hose/COS Hose/COS Pt-to-Pt/CIR Pt-to-Pt/CIR Pt-to-Pt/CIRStandardisation RFC 2547bis No consensus yet (draft Lasserre/Kompella…)draft Martini Frame-relay Forum draft MartiniGeographic scope WAN MAN (focus), WAN possible MAN, WAN WAN WANCommercial success (current, potential) High, High Low, Medium Low, Medium High, Low Low, Low


What about Security

http://www.mier.com/reports/cisco/MPLS-VPNs.pdfIn addition : Cisco Security White Paper on MPLS http://www.cisco.com/warp/public/732/Tech/mpls/docs/0701_mpls_security_pu.fm.pdf

Cisco MPLS based IP-VPN provide EQUIVALENT Security to Frame-relay without Requiering the use of Encryption


IP-VPN Service Positioning

• Three important Service Characteristics

- Functionality (incl Security)

- Service Level Agreements & Management

- Price

• And a an Ace Card

- Cisco Powered Network (CPN)


Market Status Summary :Perception & Reality

• IPSec VPN’sThe most important application of IPSec in SP managed Services is Remote Access & Extranet VPN’s. These can be stand-alone services or complements to MPLS based Intranet VPN’s.

SP managed, Site-to-Site, IPSec VPN’s are percepted to be related to Internet VPN’s and therefore Cheap VPN’s.

• MPLS VPN’sThe most important application of MPLS is SP managed Site-to-Site VPN’s.

MPLS VPN’s offers a Highly Functional and Quality Service that can replace, SP managed Corporate Leased Line and FR/ATM VPN Networks (with managed CPE’s).


Service Roadmap : Value Added ServicesDeliver on Convergence

• Diversity of Managed Cisco CE’s

• Portfolio of Security Services (Mgd FW/IDS/Encryption)

• Managed VoIP (Legacy PBX integration)

• Managed LAN Services

• Managed and Hosted IP Telephony

• Managed IP-Video Conferencing

• VPN Multicast

• Move from 3/4 COS to 5/6 COS

• Flexible Colocation and Hosting Services

• Internet Access Integration (Same access line for VPN and Internet)

• Multi-VPN CPE

• Managed Internet/Intranet Caching

• Private Content Services

• Managed Extranet Services

• ASP Services (ex. Intranet Collaboration portal for SMB)

• End-to-End Service Level Agreements


MPLS based IP-VPN Services“The ideal platform for Value Added Services”

Site Backup and ResilienceSite Backup and Resilience

MulticastMulticast

Telecommuter ServicesTelecommuter Services

Private Content ServicesPrivate Content Services

Internet Access IntegrationInternet Access Integration

Voice VPN’sVoice VPN’s

Classes of ServiceClasses of Service

Site-to-Site Encryption ServicesSite-to-Site Encryption Services

Intranet Hosting/Coloc ServicesIntranet Hosting/Coloc Services

Managed Extranet ServicesManaged Extranet Services

Secure OFFnet AccessSecure OFFnet Access

Managed LANManaged LAN

Firewall & IDS ServicesFirewall & IDS Services

Travelling User ServicesTravelling User Services

Multi-VPN CEMulti-VPN CE

End-to-End SLA’sEnd-to-End SLA’s

Virtual ISP ServicesVirtual ISP Services

IP Telephony IntegrationIP Telephony Integration

Managed CEManaged CE

Managed Videoconf. ServicesManaged Videoconf. Services


West European Managed Data Services Connections by Type, 2000-2005 (000s)IDC 2000 2001 2002 2003 2004 2005 CAGR 01-05

IP VPN Connections Dedicated Site-to-Site (K) 107 172 256 352 463 588 50% % growth 62% 61% 57% 43% 41%

Ratio's for MPLS vs IPSec and National vs International VPNMPLS 80%IPSec 20%National 87%International 13%

# Connections (International managed VPN's)Intl Ded MPLS-VPN 11.077 17.920 26.624 36.608 48.152 61.152 Intl Ded IPSec-VPN 2.769 4.480 6.656 9.152 12.038 15.288

VPN Revenue per Site per Month IPSec $/month MPLS $/month

1 1.133 1700

MPLS rev premium 50%

International IP-VPN Opportunity in Emea

Source : IDC & Cisco


NetworksNetworks

SE

RV

ICE

SS

ER

VIC

ES

ATMATMSDHSDH IPIP MPLSMPLS

Frame-relayFrame-relay

ATMATM

Leased LineLeased Line

EthernetEthernet

IP-VPNIP-VPN

AT

oM

-bas

ed

AT

oM

-bas

ed

AToM = Any Transport over MPLS

SP’s are evolving to A Single IP/MPLS Network supporting ALL Services

© 2003 Cisco Systems, Inc. All rights reserved.


VPN Services“Cisco’s Key Differentiators for SPs”

• IP & MPLS Technology Leadership

• Breadth of Product Portfolio (CPE, Edge and Core)

• Breadth of integrated Layer3 and Layer2 VPN Solutions

• Proven, E2E QoS solutions

• Integrated OSS for L3 and L2 VPN

• Continuous Innovation with Investment protection

• Wide range of Value Added Service Solutions (Data, Voice, Video)

• Joint Sales and Marketing to common customer base

• Proven deployments and customer successes

• Partnership you can rely on for the long term


Network ArchitectureMPLS based IP-VPN Services

Corp ACorp ASite 1Site 1


CECE : Customer Edge Router: Customer Edge Router

PEPE : Provider Edge Router: Provider Edge Router

PP : Provider Core Router: Provider Core Router

Inter-Provider : Inter-Provider : Public & PrivatePublic & Private

MPLS-VPN PartnerMPLS-VPN Partner


Any AccessAny Access : : - LL/FR/ATM/LL/FR/ATM/- Ethernet …Ethernet …- Dial/DSL/Cable…Dial/DSL/Cable…- IPSec…IPSec…

OSS OSS

InternetInternetCorp ACorp ASite 4Site 4


Provider MPLS NetworkProvider MPLS NetworkProvider MPLS NetworkProvider MPLS Network

Privacy (VPN)Service Class (QoS)

Label IP Packet

MPLS Labels VPN Destination and Qos Attributes

• Customer Access Line is associated with VPN

• Labels are applied at the edge of the Network (PE)

• Forwarding based on Labels

• Labels Indicates Service attributes (VPN, Qos)

Corporate SiteCorporate SiteCorporate SiteCorporate Site IP P

acketPEPE

CECE


Application-aware VPN ServicesThe foundations for Convergence

FR/ATMFR/ATM

ApplicationsApplications

IP-VPN IP-VPN ServicesServices

IP-VPN Service Recognizes

Enterprise Applications ApplicationsApplications

Service doesn’t understand Applications


3 to 5 Typical Classes of Service (COS) Supporting Data/Voice and Video Applications

• Real-time Voice (# Voice Channels * NKbit/sec)

• Real-time Video (# simultaneous Video sessions * Mkbit/sec)

• Business Interactive = High Priority, Data Applications

- SNA, SAP R/3, Telnet

• Business Lan-to-Lan

- Intranet Web, Video (non-interactive)

• Best effort Data Applications

- File Transfer, Email, Internet, ...


Guaranteeing E2E Performance per ClassHow does it work (ex. 3 COS)

CustomerPremise

MPLS Ingress PE

CE Controlled Packet Classifier (=Colouring) CE Controlled Packet Classifier (=Colouring)

Egress PE

Key Qos Functions• Classification = Colouring• Low Latency Queuing (Access and/or Backbone)

- N*VoIP Channels : Priority Queue- Business Class Traffic- Best-Effort Traffic

Customer Classes

Customer Classes

ProviderClasses

CE

LLQ, Shaping, Fragmenting

LLQ, Shaping, Fragmenting

Mapping Mapping


MultipleVPNs

Report for Thu 1/15/98



SLA’s : PoP-to-PoP and CPE-to-CPE (Per COS)

CPE

SAA

SAA SAA

SAA SAA

SAA

SAA

SAA

SAA Benefits• Standard Available in

Cisco IOS.• Leverages large installed

base of Cisco routers.• Measures Delay, Jitter,

Packet Loss & Availability per Class of Service

Advanced Reporting


Value Added Services for IP-VPN’s

Site Backup and ResilienceSite Backup and Resilience

Unified CommunicationsUnified Communications

Telecommuter ServicesTelecommuter Services

Private Content ServicesPrivate Content Services

Internet Access IntegrationInternet Access Integration

Voice VPN’sVoice VPN’s

Classes of ServiceClasses of Service

Site-to-Site Encryption ServicesSite-to-Site Encryption Services

Intranet Hosting/Coloc ServicesIntranet Hosting/Coloc Services

Managed Extranet ServicesManaged Extranet Services

Secure OFFnet AccessSecure OFFnet Access

ASP ServicesASP Services

Firewall ServicesFirewall Services

Travelling User ServicesTravelling User Services

E-commerceE-commerce

End-to-End SLA’sEnd-to-End SLA’s

Virtual ISP ServicesVirtual ISP Services

IP Telephony IntegrationIP Telephony Integration

Managed CEManaged CE

Video Services (Multicast)Video Services (Multicast)


Ethernet based VPN Services

24

Jaak DefourBusiness DevelopmentEmea [email protected]


Small /Medium & Large Sites

Small /Medium & Large Sites

VoiceVoice VideoVideoDataData

1001100110011001

Customers/Partners & PublicCustomers/Partners & Public

Telecommuters & Mobile Users

Telecommuters & Mobile Users

Universal ConnectivityUniversal Connectivity

Platform Independence

Platform Independence

Immediate UserCompetence

Immediate UserCompetence

Reduced Capital and Operational Costs

Reduced Capital and Operational Costs

Convergence on the IP Protocol

Convergence on the IP Protocol

Reduced ApplicationDevelopment Time

Reduced ApplicationDevelopment Time

JANFEB

MARAPR

MAYJUN

JUL

Enterprise requirements lead to IP-VPNSupporting Convergence and Universal Connectivity


What are the reasons for An Enterprise to consider Ethernet VPN Services

• Need a Scalable High Bandwidth Infrastructure for new business applications like LAN-Interconnect, SAN, Business Continuity, Disaster Recovery, Data Warehousing, Video, … between Key Sites.

Need lower Cost, High-bandwidth Services

Need higher Flexibility and Granularity of High-bandwidth Services (=> Bandwidth-on-Demand promise)

Want to use lower Cost, L3 and L2 Switches, as CPE

Want Shorter Initial and Upgrade Provisioning Times

Want Easier Management, by removing the need to interwork between LAN and different WAN technologies (LL, FR, ATM…)


Ovum enterprise VPN - Global Forecast

-500

1,0001,5002,0002,5003,0003,500

2002 2003 2004 2005 2006

Co

nn

ec

tio

ns

00

0s

Frame Relay/ATM

IPVPN


MPLS-VPN Services in EmeaWhere are we now ?

• Numerous players

More than 50 MPLS-VPN Service Providers in Europe

Largest providers have 25.000+ Sites deployed (each)

• Domestic vs. International MPLS-VPN players :

Domestic: ALL Incumbents + « surviving » Alternate(s)

ex. FT – Cegetel, BT – C&W, DT – Arcor, …

International: ex. EQ, BT, ATT, Infonet, MCI, COLT, C&W, …

• MPLS represents 80% of the IP-VPN Services market

Rest is IPSec

• 80%+ of the MPLS-VPN Sites have SP Managed CE


MPLS-VPN Services in EmeaWhere are we now (continued)

• Access characteristics

Access lines are mix of LL/FR/ATM/xDSL/Eth…

Connection Volume growth will be driven by xDSL

• Remote Access is going IPSec.

SP’s use Network-based gateways for integration with MPLS

• MPLS-VPN Adoption happens in ALL segments

- MNC, Large Corporations, SMB, Teleworker

- Banking, Retail, Manufacturing, …

- SI’s, VNO’s…

• Most SP’s offer a MPLS-VPN with extensive set of VAS

Mgt CE, COS, IA, Mgt FW/IDS, Hosted IPT, Video, Content, SLA, Multicast…

• VoIP/IPT adoption is starting to become important

~15% of customer base in some SP’s

~80% of the New IP-VPN propositions contain a VoIP/IPT element


Virtual Private Network Defined

Customer Connectivity Deployed on a Shared Infrastructure with the Same Policies as a Private Network

SP SharedNetwork

VPNVPN

• Intranet Site-to-Site VPNIntranet Site-to-Site VPN Branch offices

• Access VPNAccess VPNTelecommuters and Travelling users

• Extranet VPNExtranet VPNBusiness-to-business


MPLS : New Industry Standard for Carrier Networks

• What is it ? Multi-Protocol Label Switching

IETF industry standard (RFC’s 2702, 3031 – 3038, 3063)

based on Cisco’s Tag SwitchingTag Switching submission

• How does it work ? Forwards packets based on Labels

Packets are switched, not routed

• Best of both worlds : PrivacyPrivacy and and QoSQoS of ATM, Frame Relay of ATM, Frame Relay FlexibilityFlexibility and and ScalabilityScalability of IP of IP

• MPLS-VPN’s are a Cisco Value Added Feature (RFC 2547bis)


Network ArchitectureMPLS based IP-VPN Services



CECE : Customer Edge Router: Customer Edge Router

PEPE : Provider Edge Router: Provider Edge Router

PP : Provider Core Router: Provider Core Router

Inter-Provider : Inter-Provider : Public & PrivatePublic & Private

MPLS-VPN PartnerMPLS-VPN Partner


Any AccessAny Access : : - LL/FR/ATM/LL/FR/ATM/- Ethernet …Ethernet …- Dial/DSL/Cable…Dial/DSL/Cable…- IPSec…IPSec…

OSS OSS

InternetInternetCorp ACorp ASite 4Site 4


In the Beginning …3 Classes of Service is all we need …

• Real-time applications

- Voice over IP, Video over IP

• Mission Critical, Interactive, Data Applications

- SNA, SAP R/3, Oracle, Peoplesoft, Telnet, Intranet Web (selected URL’s)...




End-to-End Quality of Service

CustomerPremise

IP Backbone with/without COS Ingress PE

CE Controlled Packet Classifier (=Colouring) CE Controlled Packet Classifier (=Colouring)

Egress PE

Key Qos Functions• Packet Classification = Colouring• LLQ : Low Latency Queuing (Access and/or Backbone)

- N*VoIP Channels : Priority Queue ! (Up to ~25%)- 80% Business Class Traffic- 20% Best-Effort Traffic

Customer Classes

Customer Classes

ProviderClasses

CE


IP-VPN Port Profiles Optimising the network for Class of Service Performance

Voice

RTRTClassClass

PO

RT

SP

EE

D

SNA

Messaging

Intranet Web

HTTP / FTP

Real-Time Class

Business Class

Best-Effort Class

Actual Site Traffic

BUSBUSClassClass

80%*80%*

20%*20%* BEBEClassClass

25%25%

Port Ressource Reservations

* % of the remaining bandwidth


Maximising the use of the Access Line with IN and OUT of Profile Traffic.

In-Profile VoiceOut-of-Profile BUS & BE

In-Profile BUSOut-of-Profile BE

In-Profile BEOut-of-Profile BUS

PORTSpeed

Time


After a few years of SP deployment…Evolution to 5 Typical Classes of Service

• Real-time Voice (# Voice Channels * NKbit/sec)

• Real-time Video (# simultaneous Video sessions * Mkbit/sec)

• Business Interactive = High Priority, Data Applications

- SNA, SAP R/3, Telnet

• Business Lan-to-Lan

- Intranet Web, Video (non-interactive)




Best practices in Application to COS mapping

Application Class of Service Requirement Application Class of Service RequirementACSIS (SAP) Business Class - Interactive LOTUS NOTES Business Class - Lan2Lan

AGILE Best-Effort MFG PRO Business Class - Lan2Lan

BAAN Business Class - Interactive MICROSOFT EXCHANGE Best-Effort

CADENZA Business Class - Lan2Lan MIMI (SAP) Business Class - Interactive

CLARIFY Business Class - Interactive NA4 Business Class - Lan2Lan

CERES Business Class - Lan2Lan NOVELL GROUPWISE Business Class - Lan2Lan

CFMS Business Class - Lan2Lan ORACLE Business Class - Interactive

CITRIX Business Class - Interactive PEOPLESOFT Business Class - Interactive

CODA Business Class - Lan2Lan PIN Business Class - Lan2Lan

DOCUMENTUM Business Class - Lan2Lan SAGA Business Class - Lan2Lan

ENERGY SYSTEM Business Class - Interactive SALES/SERVICES EDGE Business Class - Lan2Lan

FIN WEB Best-Effort SAP Business Class - Interactive

FRIGATE Business Class - Lan2Lan SCALA Business Class - Lan2Lan

FTP Best-Effort SIEBEL 2000 Business Class - Interactive

HTTP WEB Best-Effort SIEBEL 7 Business Class - Interactive

I2 DEMAND PLANNER Business Class - Lan2Lan SMTP Best-Effort

IS LOGISTICS Business Class - Interactive TELNET Business Class - Interactive

JD EDWARDS Business Class - Interactive VANTIVE Business Class - InteractiveVideo Real-Time Video Voice Real-Time Voice


Integrated AccessOpportunity to reduce Access Costs

• The use of a Single Access Line from the Customer premises to the Service Provider PoP to offer multiple Data/Voice and Video Services.

VoiceVoice

Video

InternetInternet

DataData

CPE PoP

Local Access Line

Documents

1 © 2002, Cisco Systems, Inc. All rights reserved. Power point presentation slides bundled from Cisco Systems, Inc. presentations MPLS IP-VPNs Featured