gn3 sa3t3 multi domain vpn service collaboration of nren
play

GN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NRENs NOC 9 - PowerPoint PPT Presentation

GN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NRENs NOC 9 th TF NOC meeting (Prague) Thursday, 14 November 2013 Xavier Jeannin / RENATER, SA3T3 Task Leader Miguel Angel Sotos / RedIRIS Bojan Jakovljevic / AMRES Agenda MDVPN a


  1. GN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NREN’s NOC 9 th TF NOC meeting (Prague) – Thursday, 14 November 2013 Xavier Jeannin / RENATER, SA3T3 Task Leader Miguel Angel Sotos / RedIRIS Bojan Jakovljevic / AMRES

  2. Agenda MDVPN a seamless infrastructure for delivering VPN services to end users Role of the NOCs MDVPN service operation monitoring MDVPN deployment roadmap and footprint Conclusions on MDVPN operation 2 Connect | Communicate | Collaborate

  3. MDVPN: seamless infrastructure for delivering VPN services to end users MDVPN objective Deliver multi-domain VPN as easily and as quickly as you do in your own domain SSP = Service Stitching Point SDP = Service Demarcation Point VPN provider and VPN provider VPN transit provider VPN transit provider VPN transport provider 3 Connect | Communicate | Collaborate

  4. MDVPN: seamless infrastructure for delivering VPN services to end users • A joint service delivered by GEANT-NRENs GEANT provides VPN transport service • • NRENs subscribe once to the VPN transport service then get as many ImaginLab ImaginLab ImaginLab P2P L3VPN P2P L2VPN L2VPN as you want VPNs. SDP SDP SDP ImaginLab L3VPN PE SDP PE VPN proxy ABR RR ABR SSP DFN PE RR  Only configuration at edge is required RENATER ImaginLab ABR PE ABR L3VPN SSP SDP SSP PE PE SSP PE SSP ABR VPN Other Partners PE proxy RR PE PE SDP GEANT Regional PE Network PE ImaginLab PE P2P L2VPN ImaginLab PE SSP P2P L2VPN VPN SDP SDP PE proxy PE SSP PE ImaginLab • MDVPN service is an ’umbrella’: PE ABR L3VPN NORDUnet RR FUnet PE PE  L3VPN, P2P-L2VPN , MP-L2VPN (VPLS) VPN provider and VPN provider VPN transit provider VPN transit provider VPN transport provider 4 Connect | Communicate | Collaborate

  5. One Use case: XiFi project https://www.fi-xifi.eu/about-xifi/what-is-xifi.html XIFI is a project of the European Public-Private-Partnership on Future Internet 5 Connect | Communicate | Collaborate

  6. MDVPN a efficient solution … A set of services useful for end users Cover a wide scope of user needs: from the long-term infrastructure with intensive network usage to quick point-to-point for a conference demonstration Scientist DMZ concept – Cost Reduction for international collaboration at site level VPN is deployed much more faster Based on MPLS and BGP standard Easy to configure It's flexible and quick to deploy No investment, no Cost in terms of CAPEX CAPEX saving thanks VPN multiplexing (no dedicate interface, ….) OPEX cost reduction for NREN and DANTE A service that you can not find in commercial ISP offer/portfolio because multi-domain 6 Connect | Communicate | Collaborate

  7. Role of the NOCs Provision the VPN on end-user requests Provisioning process Support end-users Communication with partners DANTE, NRENs, Regional Net… Provide efficient communication channel VPN-ASTRO- providers@ … VPN-ASTRO- operation@ … Ensure the day-to-day working monitor the service Troubleshooting Provide statistics monitoring to end-users and to partners Ensure OLA commitment are achieved 7 Connect | Communicate | Collaborate

  8. What to monitor Underlying principle behind this Multi-Domain VPN technology The LSP is extended from a PE up to the remote PE in another domain Monitoring is decentralized: monitor SDPs and SSPs state Labeled unicast BGP peering Multi-hop BGP VPNv4 peering Peerings to be monitored 8 Connect | Communicate | Collaborate

  9. Day-to-day monitoring Objective: detect problems that may affect the service level specification. VPN1 PE VPN2 SDP VPN1 SDP ABR PE RR VPN2 SSP PE SDP ABR RR 1. Availability of each PE ABR NREN B NREN A PE VPN1 SSP ABR SDP A specific L3 VPN instance SDP VPN3 PE PE SSP ( ‘ ping_VPN ’ instance) will be setup on PE SSP NREN E VPN proxy PE (non MPLS) PE all PEs for diagnostic purposes SDP GEANT PE PE VPN2 SSP A central tool (kind of smokeping) to ABR VPN1 check the availability of the PE through Regional SDP PE NREN C Network RR VPN2 RR the ‘ ping_VPN ’. ABR PE ABR SSP PE PE SDP SDP VPN3 SDP VPN2 VPN3 2. A Looking Glass service for the VPN Reflector will help to troubleshoot the VPNs signalling (route announcement and reception). 9 Connect | Communicate | Collaborate

  10. Statistics Monitoring The VPN transport provider (GÉANT) is not able to distinguish the different VPNs . At GÉANT level, only SSP availability and usage (throughput statistics) will be provided. The traffic carried by a particular VPN instance can be monitored, at least at interface (SDP) level. It is up to the NREN to provide statistics on their SDP NRENs and GÉANT cannot provide a general view of VPN usage, so it will be on the responsibility of end users to manage this. The list of the different statistics that should be collected at SSP level and at SDP level is not totally specified. 10 Connect | Communicate | Collaborate

  11. SA3T3: MDVPN work status Prove of concept demonstrated on SAT3 testbed Pioneer, DFN, NORDunet, RENATER, AMRES, LITnet, FCCN, FUnet … NREN involved into MDVPN Project Current state  Deployment phase Multi-domain operation validation 1. ( 4th quarter 2013 – end of 1st quarter 2014 ) Technical Pilot Phase 2. a. Setting-up GEANT pilot (1st quarter 2014) b. Pilot generalization phase (2nd and 3rd quarter 2014) MDVPN service officially added to 3. GEANT portfolio 11 Connect | Communicate | Collaborate

  12. Conclusions on MDVPN operation Service description: https://intranet.geant.net/SA3/Shared%20Documents/Deliverables/D7.1_DS%203%2 03%201-MDVPN-service-architecture.pdf Operation is a key point for the deployment of MDVPN Lake of coordination could endanger the rolling-out process of MDVPN Crucial points Dissemination toward NREN’s NOC Coordination between DANTE, NRENs, Regional Network (communication channel) NOC training – Technical cookbook / configuration for different stuff vendors – Operational cookbook Would it be possible to collaborate on this MDVPN operation topic? Improve and implement an innovative operational model – Reuse but new points (incorporation of regional network ….) Dissemination toward NREN’s NOC 12 Connect | Communicate | Collaborate

  13. Connect | Communicate | Collaborate www.geant.net www.twitter.com/GEANTnews | www.facebook.com/GEANTnetwork | www.youtube.com/GEANTtv 13 Connect | Communicate | Collaborate

Recommend


More recommend