VPN Models

 < Day Day Up > 



The Overlay Model

In Figure 7.11, we see an example of what is called the customer-equipment-to-customer-equipment model (CE to CE); it is also referred to as the overlay model. IP VPN traffic is overlaid onto end-to-end tunnels. Frame Relay (FR) and ATM services are two examples of the overlay model. The IP protocol is tunneled from CE to CE (or overlaid) on top of Layer-2 carriers, where these carriers maintain virtual backbones for the VPNs. In Figure 7.11, we see how customer sites 1, 2, 3, and 4 (Blue) are connected via tunnels. The data is encapsulated so that the IP data is not exposed across the networks.

click to expand
Figure 7.11: VPN Overlay Model

In Figure 7.12, we see that if we add an additional customer (Bold) that a level of complexity is added. Configuration engineers and network managers must keep the traffic of the Blue customer separate from the traffic of the Bold customer and vice versa.

click to expand
Figure 7.12: Hub-and-Spoke Configuration with 4 Sites (Original Configuration)

The overlay model can offer the ultimate in security, but it is not without its challenges:

  • A company has two choices when using this option: to manage and maintain its own tunnels or to allow its service provider to manage its tunnels for them. In either case there is a cost for maintaining the tunnels and encryption keys.

  • As the number of sites grows within the network grows, the complexity of hardware and software increases, which in turn increases the cost of maintenance and configuration.

  • Hardware and capital expenditures are also an issue. For a customer with n-sites, the number of routers required is n-1. When adds, moves and changes are made to the configuration, each site must be reconfigured.

Let’s looks at two examples of how Site 5 can be added. For a hub and spoke design, we change Site 1 and Site 5. Using the example in Figures 7.12–7.14, we are going to add Site 5 to the configuration. Currently the table is as follows:

Site 1 talks to Sites 2, 3, 4 (Blue only)

Site 2 talks to Site 1 (Blue only)

Site 3 talks to Site 1 (Blue only)

Site 4 talks to Site 1 (Blue only)

click to expand
Figure 7.13: Adding Site 5 with a Hub and Spoke Design

click to expand
Figure 7.14: Adding Site 5 with a Fully Meshed Network

The following illustrates the modifications that are required for adding Site 5:

Add Site 5 (Blue)

Site 1 talks to Sites 2, 3, 4, 5 (Blue only)

Site 5 talks to Site 1 (Blue only)

Notice that with a full matrix configuration the complexity grows.

The following is the configuration before Site 5 is added.

Site 1 talks to Sites 2, 3, 4 (Blue only)

Site 2 talks to Sites 1, 3, 4 (Blue only)

Site 3 talks to Sites 1, 2, 4 (Blue only)

Site 4 talks to Sites 1, 2, 3 (Blue only)

All of the following configuration at all sites must be modified in order to communicate with the new Site 5.

Add Site 5 (Blue)

Site 1 talks to Sites 2, 3, 4, 5 (Blue only)

Site 2 talks to Sites 1, 3, 4, 5 (Blue only)

Site 3 talks to Sites 1, 2, 4, 5 (Blue only)

Site 4 talks to Sites 1, 2, 3, 5 (Blue only)

Site 5 talks to Sites 1, 2, 3, 4 (Blue only)



 < Day Day Up > 



Rick Gallagher's MPLS Training Guide. Building Multi-Protocol Label Switching Networks
Rick Gallahers MPLS Training Guide: Building Multi Protocol Label Switching Networks
ISBN: 1932266003
EAN: 2147483647
Year: 2003
Pages: 138

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net