Why eduroam sucks, and how to fix it. Josh Howlett, UKERNA. TNC 2007, Copenhagen.
Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th -...
-
Upload
marylou-morgan -
Category
Documents
-
view
217 -
download
3
Transcript of Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th -...
![Page 1: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/1.jpg)
Connect. Communicate. Collaborate
VPNs in GÉANT2
Otto Kreiter, DANTE
UKERNA Networkshop 344th - 6th April 2006
![Page 2: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/2.jpg)
Connect. Communicate. Collaborate
Agenda
1. Brief presentation of GÉANT2
2. IP/MPLS VPN services inherited from GÉANT
3. Optical VPNs in GÉANT2
![Page 3: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/3.jpg)
Connect. Communicate. Collaborate
What is GÉANT2?
A European R&E Networking Model:
• 7th generation of pan-European research network infrastructure – continuation of a success story
• Project partners include 30 of Europe’s national research and education networks (NRENs), DANTE and TERENA
• Will connect 34 European countries and serve over 3500 research and education establishments across Europe
• Provides international connectivity to other world regions• Funded jointly by NRENs and European Commission• Project timescale September 2004 - August 2008
![Page 4: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/4.jpg)
Connect. Communicate. Collaborate
GÉANT2 Topology
![Page 5: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/5.jpg)
Connect. Communicate. Collaborate
GÉANT2 Objectives
• Provide a gigabit-speed infrastructure to support European research and education
• Deploy an international hybrid network: routed IP traffic combined with switched point-to-point circuits
• Implement end-to-end QoS provision
• Provide a research infrastructure for network technology developments
• Develop a wider range of network services– Performance monitoring– Security– Bandwidth on demand– Testbed facility– Mobility and roaming
![Page 6: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/6.jpg)
Connect. Communicate. Collaborate
Services inherited from GÉANT
IP Services using Juniper routers.
– Native Best Effort IPv4– Native Best Effort IPv6– Native Multicast v4 – Native Multicast v6– QoS Services
• Premium IP - PIP• Less than Best Effort IP - LBE
![Page 7: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/7.jpg)
Connect. Communicate. Collaborate
Services inherited from GÉANT
MPLS services– L2-VPNs
• Started with Juniper CCC, “migrated” to LDP signalled L2-circuits
• Multi-domain and multi-vendor L2-circuits in place. – Traffic engineered paths
• To enforce QoS• Part of multi-domain L2-VPNs
– Stitching
– Contiguous LSPs
![Page 8: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/8.jpg)
Connect. Communicate. Collaborate
LSP Stitching
Pro: We are in control of the “transit” LSPCons: Done manually at the GÉANT/GÉANT2 border
– Not flexible– Error prone
Multi-domain LSPs - I
Manual stitching point
Needs to know internal structure of transit domain
A B
![Page 9: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/9.jpg)
Connect. Communicate. CollaborateMulti-domain LSPs - II
Contiguous LSP
Pro: Easy to configure it
Cons: Hard to enforce any policy– TE across transit domain
– Bandwidth reservation across transit domain
– Possible solution nesting.
Needs to know internal structure of transit domain
A B
Traceroute AB
![Page 10: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/10.jpg)
Connect. Communicate. CollaborateMulti-domain LSPs - III
LSP nesting
A B
Needs to know IN/OUT of transit domains
C
Bandwidth constraints
Pro: We are in control of the “transit” LSPsCons: Not known yet !
![Page 11: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/11.jpg)
Connect. Communicate. CollaborateIP/MPLS services
• GÉANT2 will continue to provide the same IP/MPLS and L2-VPN services.
• Subsequently will look into possibilities to improve it• LSP nesting.
• Looking forward to deploy “new” services if they are required by the R&E community.
• L3-VPNs• VPLS• Point-to-Multipoint LSPs
![Page 12: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/12.jpg)
Connect. Communicate. CollaborateOptical VPNs in GÉANT2
Requirements of BoD services:
• Deterministic bandwidth• Deterministic delay• Ethernet• Automated provisioning• Advanced reservation (?)
Solution “Optical” VPNs.
![Page 13: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/13.jpg)
Connect. Communicate. CollaborateTechnological domains Connect. Communicate. Collaborate
IP/MPLS
SDH/EoSDH
Ethernet
Europe
![Page 14: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/14.jpg)
Connect. Communicate. Collaborate
GÉANT2 technological domains Connect. Communicate. Collaborate
SDH10GE1GE
![Page 15: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/15.jpg)
Connect. Communicate. Collaborate
GÉANT2 technological domains Connect. Communicate. Collaborate
SDH10GE1GE
Domain B
Domain A
VLANsGFP-FVCAT
VC-4 hand-over point
NMS
GFP-FVCAT
?
?
![Page 16: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/16.jpg)
Connect. Communicate. Collaborate
GMPLS the solution for Optical-VPNs ? Connect. Communicate. Collaborate
e2e pathEthernet LSPSDH LSP
Domain B
Domain A
GMPLSGMPLS
GMPLS
![Page 17: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/17.jpg)
Connect. Communicate. CollaborateGMPLS in GÉANT2
GÉANT2 OXC
Alcatel 1678MCC
GMPLS Interface Switching Capabilities:– TDM– Ethernet L2SC
GMPLS control plane available for the TDM region
![Page 18: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/18.jpg)
Connect. Communicate. CollaborateWhat is missing…
GMPLS controlled Ethernet Label Switching
A single GMPLS control plane instance for multiple regions (TDM and Ethernet) Multi Region Network – Would be nice to have "triggered signalling" for lower
layers.
![Page 19: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/19.jpg)
Connect. Communicate. Collaborate
They will form two separate service layers at the beginningThey may form a global TDM and packet (Ethernet/IP) traffic
engineering database in the future.
Where the GÉANT2 IP/MPLS network fits in this picture ?
NREN NREN
![Page 20: Connect. Communicate. Collaborate VPNs in GÉANT2 Otto Kreiter, DANTE UKERNA Networkshop 34 4th - 6th April 2006.](https://reader030.fdocuments.us/reader030/viewer/2022032612/56649e925503460f94b97afe/html5/thumbnails/20.jpg)
Connect. Communicate. CollaborateConclusion
GÉANT2 will continue to provide L2-VPN services in the IP/MPLS network.
New emerging inter-domain MPLS techniques to improve L2-VPN deployments.
GMPLS seems to be an answer for Optical-VPNs in GÉANT2 in support of BOD activities.