Integrating Internet Access with MPLS VPNs Introducing Internet
- Slides: 13
Integrating Internet Access with MPLS VPNs Introducing Internet Access Models with MPLS VPNs © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -1
Outline • • • Overview Customer Internet Connectivity Scenarios Internet Design Models for Service Providers Internet Access Through Global Routing Internet Access as a separate VPN Disadvantages of Providing Internet Access Through Route Leaking • Summary © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -2
Classical Internet Access • Customer connects to the Internet through a central site firewall. – Firewall provides NAT or proxy services as needed. • Since all Internet traffic goes across the central site, flow to Internet is not optimal. © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -3
Multisite Internet Access • Customers have Internet access directly from every site. • There is optimum traffic flow to and from Internet sites. • Each site has to be secured against unauthorized Internet access. © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -4
Wholesale Internet Access • Customers chose ISP and get address space from that ISP. • The wholesale Internet access provider may have to use a different address pool for every upstream service provider. © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -5
Service Provider Shared Backbone © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -6
Major Design Models Two major design models: • Internet access separate from VPN services • Internet access as a separate VPN © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -7
Internet Access Through Global Routing • Implementation via separate interfaces that are not placed in any VRF, via either: – Static default routing on a PE – BGP between CE and PE • Benefits: – Well-known setup; equivalent to classical Internet service – Easy to implement; offers a wide range of design options • Drawback: – Requires separate physical links or WAN encapsulation that supports subinterfaces © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -8
Internet Access Through a Separate VPN Service • Implementation through a separate VPN • Benefit: – The provider backbone is isolated from the Internet; increased security is realized. • Drawback: – All Internet routes are carried as VPN routes; full Internet routing cannot be implemented because of scalability problems. © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -9
Internet Access Through Route Leaking • Implementation through corporate VPN • Benefit: – Does not use a separate connection for Internet traffic • Drawback: – Insecure because Internet traffic is mingled with corporate traffic in the VPN – Harder to apply security policies on mingled traffic – Cannot implement full Internet routing because of scalability problems © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -10
Summary • Classical Internet access connects through a central firewall. You can use a centralized ISP managed firewall service. • Multisite Internet access connects the firewall of every site. You can use a centralized ISP-managed firewall service. • Wholesale Internet access service offers connectivity to multiple ISPs. © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -11
Summary (Cont. ) • There are two recommended service provider designs for combining Internet access with MPLS VPN services: – Global routing (Internet access not from a VPN), which uses separate interfaces that are not placed in any VRF – Internet services as a separate VPN, which allows for service provider separation of backbone and Internet traffic • Route leaking is insecure and not recommended because of this approach negates isolation of the corporate VPN. © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -12
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -13
- Mpls vpn internet access
- Who isp
- Mpls architecture
- Terminal access controller access-control system
- Terminal access controller access control system plus
- Solving 1st order differential equations
- Non exact ode calculator
- Integrating public health and primary care
- Internal and external assessment in strategic management
- Paragraph
- Integrating factor method
- Integrating factor of differential equation
- Integrating factor of linear differential equation
- Integrating qualitative and quantitative methods