MPLSbased VPN

1
MPLS-based VPN
2
Agenda

• Why IONet ?

• VPN Solutions

• MPLS

• Case study Financial issues

• Thanks

3

• VPN Solutions

VPN simply To utilize WAN technologies for
connecting your distributed LAN (branches)
through a secure, reliable and flexible links.
Under that simple definition, a lot of solutions
and techniques can be presented. During this
presentation, we will present the Frame Relay VPN
then introduce the new Technology of MPLS, which
seems to be the next generation for VPN data
communication.
4

• Frame Raly (FR)

5

• Frame Raly (FR)

-Frame Relay is a packet-switched technology that
emerged in the early 1990s
-FR is used with a variety of network protocols,
such as IP, IPX,
-FR provides a communications interface between
Data Terminal Equipment (DTE) and Data
Circuit-terminating Equipment (DCE) devices FR
provides a connection-oriented Data-link layer
communication via Private Virtual Circuits (PVC).
6

• Frame Raly (FR)

-These virtual circuits are logical connections
created between two DTEs across a packet-switched
network, which is identified by a Data Link
Connection Identifier (DLCI). So to implement the
Frame Relay (FR) setup, you need dedicated Leased
Lines (LL).
-The high expense of maintaining dedicated LL
and the lack of flexibility with the FR network
will be solved by replacing FR with MPLS/VPN as
we can see later on.
7

• Multi Protocol Label Switching MPLS

MPLS is described in RFC2547. It provides a
common mechanism to combine the intelligence of
the routing environment with the power of
switching environment while also allowing the
implementation of router-based virtual private
network (VPNs).
8

• MPLS

How does MPLS Works?
- It works through the implementation of MPLS
labels, because the labels contain specific
routing (label switch path) information that
tells the router and switches in the network
where to forward the packets based on
predetermined IP routing information.
- The use of label is highly efficient because
the layer3 routing decision does not have to be
performed at each hop through the network. Labels
are inserted at the edge of the MPLS network and
removed when packets leave the MPLS network.
9

• MPLS

- MPLS forwarding can be done by switches that
are capable of doing label lookup and
replacement, but they are either not capable of
analyzing the network layer headers or are not
capable of analyzing the network layer headers at
adequate speed.
- One major benefit of MPLS is that it can be
layer2 independent, such as Ethernet, Frame
Relay, Point-to-Point Protocol (PPP) and
Asynchronous Transfer Mode (ATM). That means the
MPLS VPN is very cost effective if it utilizes
some shared links instead of using dedicated LL.
- The other major benefit of MPLS is its Layer3
independence, so that it can carry IP, IPX
traffic.
10

• MPLS Security

- This presentation assumes that the MPLS core
network is provided in a secure manner. Thus, it
does not address basic security concerns such as
securing the network elements against
unauthorized access, misconfigurations of the
core, internal (within the core) attacks, and so
on.
- If a customer does not wish to assume the
Service Providers network is secure, it becomes
necessary to run IP Security (IPSec) over the
MPLS infrastructure.
- These security vulnerabilities can occur on
both Frame Relay or MPLS-based VPN.
11

• MPLS Security

• Address Space and Routing Separation

• Hiding of the MPLS Core Structure

• Resistance to Attacks

• Impossibility of Label Spoofing

12

• Case Study Finansial Issues

13
MPLS VPN vs. Frame Relay in figures
This comparison based on the local price herein
Jordan shows how MPLS/VPN is cost effective.
Notes - Above FR prices are for national
circuits and just includes the price of the LL,
not the service of FR. - Above FR prices are for
the PVC (branch line), not for the Access line
(Head Quarter)
14
Budgetary price for XYZ connection scenario
1- MPLS over ADSL (1Meg) 400JD/y X 4 branches
1600 JD/y 2- Frame Relay over LL
(128k) 5750JD/y X 4 branches 23000 JD/y
15
Thanks for your time