You are previewing Building MPLS-Based Broadband Access VPNs.
O'Reilly logo
Building MPLS-Based Broadband Access VPNs

Book Description

Implement the design principles and configurations behind MPLS-based VPNs for broadband access networks

The book discusses how MPLS and its VPN service are best used in a broadband environment, concentrating on key design issues and solutions, including

  • How to manage tens of thousands of interfaces and host routes and hundreds of dynamic VPNs

  • When a Virtual Home Gateway is necessary

  • Why use dynamic address assignment

  • How routes should be summarized into the core

  • Deploy MPLS VPNs successfully in broadband networks with Building MPLS-Based Broadband Access VPNs. This book helps you understand why and how today's broadband networks function, covering the principal access technologies: DSL, Ethernet, and cable. The book also examines the different tunneling protocols used for VPN solutions today, namely GRE, IPSec, and L2TP, with examples of how these solutions are deployed and a discussion of their strengths and weaknesses.

    Building MPLS-Based Broadband Access VPNs also includes an in-depth description of the IOS VRF Lite, which helps you use VRF-aware features with an IP core.

    Detailed descriptions of the technologies, design principles, network configurations, and case studies are provided throughout the book, helping you develop a pragmatic understanding of MPLS-based broadband access VPNs.

  • Obtain a realistic understanding of large-scale broadband access network design requirements

  • Recognize the business impact of using MPLS to provide access VPN services, including the advantages of QoS, availability, and provisioning

  • Use MPLS in access VPN and transport networks and deal with the unique scalability problems that such networks pose

  • Leverage VRF-aware features to deploy IP-based VPNs

  • Includes detailed Cisco IOS configuration examples based on real-world scenarios

  • This book is part of the Networking Technology Series from Cisco Press¿ which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

    Table of Contents

    1. Copyright
      1. Dedication
    2. About the Author
    3. About the Technical Reviewers
    4. Acknowledgments
    5. Icons Used in This Book
      1. Command Syntax Conventions
    6. Foreword
    7. Introduction
    8. Goals and Methods
    9. Who Should Read This Book?
      1. Required Knowledge
      2. How This Book Is Organized
    10. 1. Introduction: Broadband Access and Virtual Private Networks
      1. Broadband Networks and Operators
        1. The Players in Broadband
          1. DSL Networks
          2. Metropolitan-Area Networks
        2. The Role of the Access Network
        3. Shifting the Location of the Processing
      2. Service Models: Who Buys What
        1. Business Subscribers
        2. Residential Subscribers
      3. IP Virtual Private Networks for Broadband
        1. A VPN Taxonomy
        2. Layer 2 and Layer 3 VPN Alternatives
        3. Overlay VPNs
        4. The Peer Model
      4. A Simplified Framework for Broadband VPN
        1. Data Confidentiality
        2. Efficient Operation
        3. Efficient Routing
        4. High Availability and Resiliency
          1. Device-Level Redundancy
          2. Network-Level Redundancy
        5. Multicast
        6. Quality of Service
        7. Fragmentation
        8. Authentication, Authorization, and Accounting (AAA)
        9. Service Selection
        10. Support for Any IP Addressing Plan
        11. Efficient Address Assignment
        12. Additional Layer 3 Services
      5. Summary
    11. 2. Delivering Broadband Access Today: An Access Technologies Primer
      1. Architecture 1: Bridged Access Networks
        1. Bridging in DSL Using RFC 2684
          1. RBE Configuration
          2. RBE Quality of Service
          3. RBE Routing
          4. RBE Address Assignment
        2. More Bridged Access—Cable and DOCSIS
          1. DOCSIS Cisco IOS Configuration
          2. Cable Address Assignment
        3. Broadband Ethernet—Ethernet to the Home/Business (ETTX)
          1. Long Reach Ethernet
          2. ETTX Configuration
          3. ETTX Quality of Service
          4. ETTX Address Assignment
        4. Security Considerations for Bridged Broadband Architectures
          1. Security in DSL Broadband Networks
          2. Security in Cable Broadband Networks
          3. Security in Ethernet Broadband Networks
        5. Authentication and Accounting in Bridged Broadband Architectures
      2. Architecture 2: Point-to-Point Protocol Networks
        1. PPP over Ethernet—The CPE as a Bridge
          1. PPPoE Configuration
          2. PPPoE Service Selection and Discovery
        2. PPP over ATM: The CPE as a Router
          1. PPPoA Configuration
          2. PPP Address Assignments
            1. Download of a Single Address
            2. Download of a Pool Name
            3. Download of a Pool at Startup
          3. Use of On-Demand Address Pools
        3. PPP Quality of Service
        4. PPP Authentication, Accounting, and Security
          1. Port-Based Authentication
          2. PPP Security
      3. Summary
    12. 3. VPNs in Broadband Networks
      1. Tunnels, Hubs, and Spokes
        1. To Distribute or Centralize?
        2. Access VPN Requirements Reminder
      2. Case 1: A Site VPN with Non-IP Traffic—GRE
        1. GRE Protocol and Operation
        2. GRE Configuration
        3. GRE Design Considerations
      3. Case 2: VPN over Anything—IPSec
        1. IPSec Protocol and Operation
          1. AH and ESP Headers for Authentication and Encryption
          2. Key Exchange with IKE
          3. IPSec Tunnel and Transport Mode Encapsulations
        2. IPSec Configuration
        3. IPSec Configuration Examples
          1. Simple Site-to-Site IPSec
          2. Encrypted GRE
        4. Dynamic Multicast VPN
        5. IPSec for Remote Access
        6. IPSec Design Considerations
      4. Case 3: L2TP—For Open Access
        1. L2TP Protocol and Operation
          1. L2TP Tunnel Setup
          2. L2TP Session Setup
        2. L2TP Configuration
        3. Scaling L2TP Networks
          1. Data Plane: L2TP LNS Redundancy and Load Balancing
          2. Control Plane: AAA Redundancy and Load Balancing
          3. L2TP Tunnel Switching
            1. Fan-in Tunnel Switch
            2. Fan-out Tunnel Switch
        4. L2TP Design Considerations
      5. Other Open Access Solutions
        1. Open Access with Network Address Translation
        2. Open Access with Policy-Based Routing
      6. Summary
    13. 4. Introduction to MPLS
      1. Definition of MPLS
        1. IP and MPLS Packet Forwarding
        2. MPLS Encapsulation
        3. Label Distribution
        4. LDP Operation
      2. Traffic Engineering
      3. MPLS-TE Cisco IOS Configuration
      4. Layer 3 VPN Services (RFC 2547)
        1. MPLS-VPN Attributes
        2. MPLS-VPN Cisco IOS Configuration
      5. MPLS QoS
        1. QoS in MPLS Packet Headers
          1. Complication 1: DSCP
          2. Complication 2: ATM
        2. Tunnels and Pipes
        3. DiffServ-Aware Traffic Engineering
      6. Summary
    14. 5. Introduction to MPLS-Based Access VPN Architectures
      1. Architecture Overview of an MPLS-Based Access VPN
        1. The Role of the PE
        2. Mapping Cable Subscribers to VRFs
        3. Mapping Ethernet Subscribers to VRFs
        4. Mapping DSL Subscribers to VRFs
          1. Routed Interfaces
          2. Routed Bridge Encapsulation
          3. PPP
        5. Virtual Home Gateway
        6. VHG for Cable or Ethernet
      2. Examples of the Basic Architectures
        1. Direct PPP Termination Configuration
        2. Monitoring Direct PPP Termination
        3. Two-Box Virtual Home Gateway Example
        4. Monitoring the Two-Box VHG Solution
        5. Multi-VRF CE Configuration
      3. Comparison Using the Broadband VPN Framework
        1. Data Confidentiality
        2. Efficient Operation
        3. Efficient Routing
        4. High Availability and Resiliency
        5. Multicast
        6. Quality of Service
        7. Fragmentation
        8. Authentication, Authorization, and Accounting
        9. Service Selection
        10. Support Any IP Addressing Plan
        11. Efficient Address Management
        12. Additional L3 Services
      4. Summary
    15. 6. Wholesale MPLS-VPN Related Service Features
      1. Bindings Again—Dynamic VRF Allocation
        1. AAA Again—VRF Name and the AAA Attribute
          1. Direct PPP Termination and Aggregation with AAA
        2. VHG with AAA
        3. DHCP—Life Without AAA
        4. PBR—A Two-Box Solution
        5. Service Selection Gateway—Another Two-Box Solution
        6. VRF Select
      2. Proxy RADIUS and Per-VRF AAA
        1. Per-VRF AAA Configuration
        2. Per-VRF AAA Templates
        3. Per-VRF AAA Accounting
      3. Assigning and Managing Overlapping Addresses
        1. Overlapping Device-Local Pools
        2. On-Demand Address Pools
          1. The Host Route Solution
          2. ODAP and Address Assignments
      4. Summary
    16. 7. Implementing Network-Based Access VPNs Without MPLS
      1. Introduction to Virtual Routers
      2. Implementing Virtual Routing with Cisco IOS
      3. Using Tunnels to Build Network-Based IP VPN
      4. Using GRE for IP VPN
      5. Using IPSec for IP VPN
      6. Routing Between VRF-Lite PEs
        1. Campus Hop-to-Hop Topology
        2. RIP Between VRF-LITE
        3. RIP to BGP
      7. Summary
    17. 8. Case Studies for Using MPLS with Broadband VPNs
      1. Case Study 1: Managed LNS
        1. Service Definitions
        2. L2TP-Based Wholesale Service: Managed LNS
          1. Clients
          2. Circuit Aggregation: LAC
          3. IP Aggregation: LNS
          4. Control Plane: AAA
          5. Network and Service Availability
        3. MPLS-Based Wholesale Service
          1. Clients
          2. PTA PE
          3. ISP PE
          4. Address Allocation and Routing
          5. Control Plane: AAA
          6. QoS and Multicast
      2. Case Study 2: D/V/V Over Ethernet
        1. Service Definitions
        2. Network Design
          1. Clients
          2. Access Layer: Circuit Aggregation
          3. Distribution Layer: IP Aggregation
        3. Adding Open Access
        4. An Alternative Open Access Design
      3. Summary
    18. 9. Future Developments in Broadband Access
      1. Introduction to IPv6
        1. Address Space Size
        2. Addressing
        3. Extensions
        4. Autoconfiguration
      2. Deployment Scenarios of IPv6
        1. Enterprise Deploys IPv6 Internally but Uses an IPv4 VPN Service
        2. A Retail ISP Moves to IPv6
        3. Only the Wholesaler Moves to IPv6
      3. L2 Transport and L2VPN
        1. Pseudo-wires
          1. AToM
          2. L2 Transport over L2TPv3
        2. Applications and Implications for Broadband Access
      4. Summary
    19. A. References and Bibliography
      1. Chapter 1
        1. Cisco Systems Publications, Available Online at Cisco.com
        2. In-Stat/MDR Resources, Available Online at www.instat.com
        3. IETF Draft RFCs, Available Online at www.ietf.org
        4. Miscellaneous Online Resources
        5. Useful Websites
      2. Chapter 2
        1. Cisco Systems Publications, Available Online at www.cisco.com
        2. CableLabs Online Resources, Available Online at www.cablelabs.com
        3. Miscellaneous Online Resources
        4. RFCs, Available Online at www.ietf.org
      3. Chapter 3
        1. Cisco Systems Publications, Available Online at www.cisco.com
        2. RFCs, Available Online at www.ietf.org
      4. Chapter 4
        1. Cisco Systems Internal Documents
        2. Cisco Systems Publications, Available Online at www.cisco.com
        3. Miscellaneous Online Resources
        4. RFCs, Available Online at www.ietf.org
      5. Chapters 5, 6, 7, and 8
        1. Cisco Systems Internal Documents
        2. Cisco Systems Publications, Available Online at www.cisco.com
        3. Miscellaneous Online Resources
        4. RFCs, Available Online at www.ietf.org
        5. IETF Draft, Available Online at www.ietf.org
      6. Chapter 9
        1. Cisco Systems Internal Documents
        2. Cisco Systems Publications, Available Online at www.cisco.com
        3. Miscellaneous Online Resources
        4. Useful Website
        5. IETF Drafts, Available Online at http://www.ietf.org
        6. RFCs, Available Online at www.ietf.org