| < Day Day Up > |
|
In Figure 7.11, we see an example of what is called the customer-equipment-to-customer-equipment model (CE to CE); it is also referred to as the overlay model. IP VPN traffic is overlaid onto end-to-end tunnels. Frame Relay (FR) and ATM services are two examples of the overlay model. The IP protocol is tunneled from CE to CE (or overlaid) on top of Layer-2 carriers, where these carriers maintain virtual backbones for the VPNs. In Figure 7.11, we see how customer sites 1, 2, 3, and 4 (Blue) are connected via tunnels. The data is encapsulated so that the IP data is not exposed across the networks.
Figure 7.11: VPN Overlay Model
In Figure 7.12, we see that if we add an additional customer (Bold) that a level of complexity is added. Configuration engineers and network managers must keep the traffic of the Blue customer separate from the traffic of the Bold customer and vice versa.
Figure 7.12: Hub-and-Spoke Configuration with 4 Sites (Original Configuration)
The overlay model can offer the ultimate in security, but it is not without its challenges:
A company has two choices when using this option: to manage and maintain its own tunnels or to allow its service provider to manage its tunnels for them. In either case there is a cost for maintaining the tunnels and encryption keys.
As the number of sites grows within the network grows, the complexity of hardware and software increases, which in turn increases the cost of maintenance and configuration.
Hardware and capital expenditures are also an issue. For a customer with n-sites, the number of routers required is n-1. When adds, moves and changes are made to the configuration, each site must be reconfigured.
Let’s looks at two examples of how Site 5 can be added. For a hub and spoke design, we change Site 1 and Site 5. Using the example in Figures 7.12–7.14, we are going to add Site 5 to the configuration. Currently the table is as follows:
Site 1 talks to Sites 2, 3, 4 (Blue only)
Site 2 talks to Site 1 (Blue only)
Site 3 talks to Site 1 (Blue only)
Site 4 talks to Site 1 (Blue only)
Figure 7.13: Adding Site 5 with a Hub and Spoke Design
Figure 7.14: Adding Site 5 with a Fully Meshed Network
The following illustrates the modifications that are required for adding Site 5:
Add Site 5 (Blue)
Site 1 talks to Sites 2, 3, 4, 5 (Blue only)
Site 5 talks to Site 1 (Blue only)
Notice that with a full matrix configuration the complexity grows.
The following is the configuration before Site 5 is added.
Site 1 talks to Sites 2, 3, 4 (Blue only)
Site 2 talks to Sites 1, 3, 4 (Blue only)
Site 3 talks to Sites 1, 2, 4 (Blue only)
Site 4 talks to Sites 1, 2, 3 (Blue only)
All of the following configuration at all sites must be modified in order to communicate with the new Site 5.
Add Site 5 (Blue)
Site 1 talks to Sites 2, 3, 4, 5 (Blue only)
Site 2 talks to Sites 1, 3, 4, 5 (Blue only)
Site 3 talks to Sites 1, 2, 4, 5 (Blue only)
Site 4 talks to Sites 1, 2, 3, 5 (Blue only)
Site 5 talks to Sites 1, 2, 3, 4 (Blue only)
| < Day Day Up > |
|