PDF《PPVPN Interworking》

March 23,

2001 The 50th IETF Kurakami Hiroshi Junichi Sumimoto, Muneyoshi Suzuki NTT PPVPN Interworking

2 Why PPVPN Interworking? ? Various technical approaches are already on the market.

Defining and specifying a limited number of approaches (BGP-VPN, VR, IPsec VPN, L2-VPN) as well as achieving interoperability within each approach are included in the working items of the ppvpn WG. ? Inter-AS VPN interconnections are explicitly stated to be considered in ppvpn WG. ? From the SPs' point of view, multi-vendor PPVPN interworking among different approaches must be supported since it significantly increases flexibility in deploying PPVPN. Reference Model for Layer

3 NBVPN PE router PE router Network management function SP network(s) single or multiple SP domains Network interface Customer interface Customer interface Access network Access network P router PE router Customer management function CE dev of VPN A CE dev of VPN B CE dev of VPN A CE dev of VPN B VPN tunnel VPN tunnel

3 Interworking Interface PE router Interworking interface to which the proposed method is to be applied PE router PE router SP Network(s) SP Network(s) PE router Tunnel for PPVPN A VPN tunnel for PPVPN B VPN tunnel for PPVPN A VPN tunnel for PPVPN A VPN tunnel for PPVPN B Tunnel for PPVPN B E.g., BGP-VPN E.g., VR

4 Difference among three types of interfaces PE router PE router PE router PE router VPN A VPN B CE CE

5 CE CE Interworking interface: Supported by a kind of tunnels, which are located on interconnections among SP networks based on different technologies. Customer interface: Supported by access links, each of which does not necessarily have an identifier of VPN. Network interface: Supported by VPN tunnels, which are not located in interconnections among SP networks based on different technologies.

6 User site (VPN A) ? Network

1 Network

2 User site (VPN B) User site (VPN B) User site (VPN A) - Each connection (tunnel) is mapped to one VPN. - Both data packets and routing packets (unicast, multicast) are transferred by connections for VPN interworking as tunnels between PE routers. GRE, IPsec, Frame relay, or ATM AAL5 is used at the interworking interface. Overview of Proposed Method VPN A G R E t u n n e l f o r V P N A F R t u n n e l f o r V P N A I P s e c t u n n e l f o r V P N B C Security/privacy (CUG) C Quality of service C Extranets (NAT, filtering) C Dynamic routing C Multicasting are supported.

7 Summary and Follow-up ? From the SPs' point of view, PPVPN interworking among different approaches is strongly demanded. ? The interworking interface, that is different from the customer/network interface, should be considered. ? Proposed simple method using GRE, IPsec, Frame relay, or ATM AAL5 for interworking connections which satisfies the typical VPN service requirements. ? We hope that PPVPN interworking will become a working item of ppvpn WG.