《CRNET与城域网建设技术交流》由会员分享,可在线阅读,更多相关《CRNET与城域网建设技术交流(55页珍藏版)》请在金锄头文库上搜索。
1、Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.1 1 1CRNETCRNET与城域网建设与城域网建设技术交流技术交流思科北京公司思科北京公司喻超喻超CCIE #5329Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.2 2 2CRNET网络概况及建网思路和原则MPLS VPN的业务及关键技术L2 二层VPN的应用汇报提纲汇报提纲Presentation_ID 2001, Cisco Systems, Inc. All rights reser
2、ved.3 3 3广东省在CRNET 骨干网网络的位置Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.4 4 4CRNET CRNET 建网思路和城域网建设指导原则建网思路和城域网建设指导原则1.CRNET坚持全程全网,统一管理2.初期不建设独立的省网,城域网和CRNET直接相连3.各城域网为CRNET密不可分的组成部分,城域网是骨干网业务在城域的无缝延伸4.在CRNET的基础上,提供全国范围的MPLS VPN服务5.将CRNET扩展成可提供综合多业务的数据平台6.CRNET部分权力将下放到分公司,总部保留相对全力和监
3、管能力Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.5 5 5区域区域网络网络连接连接拓扑图拓扑图( (华南华南) )B类节点A类节点C类节点长沙怀化株州郴州常德衡阳娄底岳阳柳州深圳东莞肇庆 茂名 中山汕头佛山顺德华南区(广州)湛江桂林南宁155M622MCH3CH4昆明CH3CH3CH4CH4CH4CH4CH4CH4CH4CH4CH4武汉广州广州铁通网络与CRNET 骨干网Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.6 6 6A1类(上
4、海、广州)节点结构图类(上海、广州)节点结构图ATM/FRATM/FRDNS/NTP/CACHENETFOLW宽带接入拨号接入VLAN2-VLANnHSRP其它A类B类A1-CR1A1-CR2dGRAR2-1SW2MPLS PEMPLS PE带外管理电源控制口以太IP PhoneChinaNetChinaNet/GBN/GBNUUNET/AT&TUUNET/AT&T/./.POS155RR-1RR-2其它A类AR1VPNVPN用户接入用户接入AR2-2GECH3GEiGRGECH4CH4GEGEGEGECH4CH4CH4CH4CH4GECH1GSR12416GSR1240610G DWDM1G
5、 ethernet622M STM-4100BaseT155M STM-1图例:图例:CH3FECH4CH1GECisco 7200高速 接入/.Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.7 7 7B类节点结构图(深圳)带外管理电源控制口以太深圳深圳 CR-B拨号接入 专线接入(64K-8M)FR 接入IP Phone城域网业务类型:业务类型: 以太接入/宽带接入DNSFR/DDN/专线接入/.Cache/Netflow城域网/宽带接入MPLSMPLSPEPEVPN用户接入深圳深圳AR1AR4SW1SW3SW3D
6、LCIsubinterfaceIP Phone北京北京1G ethernet 622M STM-4100BaseT2M/V.35图例:图例:B-CRGSR12406AR1GSR12406AR4SW1说明:说明:1.图中实线框内设备为既有。2.图中虚框内设备不在本工程内提供。3.至C类节点通道采用STM-1或捆绑2M。Cisco7200Siwtch拨号接入NASAS 5300AS 5300B B类节点拓扑结构图类节点拓扑结构图CH3GE 155M STM-1FECH4CH3GECH4FEGEFEFEFEPresentation_ID 2001, Cisco Systems, Inc. All r
7、ights reserved.8 8 8说明说明:图中虚框内设备不在本工程内提供。图例图例:AR5SW4Cisco 7200Switch155M STM-1/N2M10/100BaseT2M/V.35/V.24用户网络VLAN2-VLANnAR5SW4DSU/CSUDSU/CSUVLAN1NAS拨号接入广州广州CRCR带外管理电源控制口以太1G ethernetC C类类节点节点网络拓扑图网络拓扑图CH4GEFEGEFEFECH4AR5CH4其他C类节点结构图Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.9 9 9城
8、域网建设的服务模式综合多业务服务Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.101010话音业务话音业务 200-300200-300元元/ /电话(企业)电话(企业)100 100 元元/ /电话电话 (个人)(个人)internetinternet接入接入 100100元元 / /家庭家庭10001000元元 / /企业企业VPNVPN业务业务1000-20001000-2000元元/ /节点节点VideoVideo业务业务6060元元/ /小时小时/ /节点节点 内容提供业务内容提供业务视内容来确定视内容来确
9、定提高在单一数据线路上的业务收入来源提高在单一数据线路上的业务收入来源/ /ARPUARPU电话电话传真传真单一数据线接入单一数据线接入视频会议终端视频会议终端IPIP电话电话个人用户个人用户/ /网上游戏服务网上游戏服务一线通一线通 多业务服务平台多业务服务平台VPNVPN业务业务/ /互联网业务互联网业务数据存储数据存储/ /信息共享信息共享综合多业务服务是电信网络的必然之路综合多业务服务是电信网络的必然之路Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.111111杭州杭州CNC案例案例Presentation_
10、ID 2001, Cisco Systems, Inc. All rights reserved.121212杭州杭州CNC网络状况网络状况开展的业务开展的业务企业企业虚拟专用内部网虚拟专用内部网/ /虚拟专用外部网虚拟专用外部网因特网访问因特网访问主机托管主机托管/ /虚拟主机虚拟主机VOD/VOD/远程教育远程教育/ /交互式电视交互式电视/ /远程医远程医疗疗呼叫中心呼叫中心IPIP电话电话/ /可视可视IPIP电话电话电子抄表电子抄表家庭保安家庭保安远程监控远程监控网上游戏网上游戏/ /网上炒股网上炒股信息点播(气象信息点播(气象/ /交通交通/ /旅游旅游/ /新闻)新闻)用户情况用
11、户情况有线电视用户有线电视用户150150万。市区万。市区4646万万目目前前上网人数:上网人数:6 6万多户万多户 30003000多企业虚拟网接入节点多企业虚拟网接入节点内容服务,内容服务, IDCIDC数据中心服务数据中心服务IPIP电话超市盈利电话超市盈利 10 10万万/ /天天绑定销售绑定销售/ /销售电脑赠宽带销售电脑赠宽带目前目前10001000万万/ /月的盈利月的盈利Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.131313CNC Connect案例案例Presentation_ID 2001,
12、Cisco Systems, Inc. All rights reserved.141414城域网建设的服务模式多业务服务Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.151515城域网建设的服务模式多业务服务Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.161616全业务提供铁通城域网全业务提供铁通城域网服务质量保证服务质量保证应用托管应用托管内容托管内容托管无线互联网无线互联网主机托管主机托管视频会议视频会议软交换软交换从接入层到骨干网
13、从接入层到骨干网业务业务业务业务汇聚汇聚汇聚汇聚点点点点IP IP IP IP 语音语音语音语音数据专线数据专线数据专线数据专线互联网接入互联网接入互联网接入互联网接入内容推送内容推送内容推送内容推送铁通城域网铁通城域网铁通城域网铁通城域网DSLDSL无线无线帧中继帧中继ATMATM专线专线以太网以太网接入层接入层长途多业务平台长途多业务平台长途波分长途波分ATMATMCRNETCRNETCRNETCRNET核心数据网核心数据网核心数据网核心数据网集成的模型集成的模型集成的模型集成的模型专注于业务开展专注于业务开展专注于业务开展专注于业务开展城域城域 DWDMDWDM城域城域DPTDPTSDH
14、SDH多多业务平台业务平台以太网以太网MSTPMSTPPresentation_ID 2001, Cisco Systems, Inc. All rights reserved.171717全国范围的全国范围的MPLS VPN服务业务服务业务目标市场高端企业用户(目标市场高端企业用户(ARPUARPU值)值)MPLS VPNMPLS VPN作为接入的手段作为接入的手段基于基于MPLS VPNMPLS VPN的增值服务是源源不断的利润来源的增值服务是源源不断的利润来源具有铁通优势和特点的全国具有铁通优势和特点的全国MPLS VPNMPLS VPN服务是制胜服务是制胜的关键的关键有针对性的扩大覆盖
15、面,逐步实施有针对性的扩大覆盖面,逐步实施Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.181818基于基于CRNET全国范围的全国范围的MPLS VPN业务业务CRNET 宽带数据宽带数据网网铁道部 北京VPN北京总部铁道部 上海VPN上海分部吉林分部武汉分部广州分部铁道部 成都VPNPresentation_ID 2001, Cisco Systems, Inc. All rights reserved.191919MPLS VPNMPLS VPN业务及相关技术业务及相关技术Presentation_ID 200
16、1, Cisco Systems, Inc. All rights reserved.202020多业务服务的具体实现多业务服务的具体实现MPLS VPNMPLS VPN的安全性的安全性Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.212121互联网互联网大楼大楼A A小区小区B BInternet Internet 高速接入业务高速接入业务铁通铁通铁通铁通IPIPIPIP宽带宽带宽带宽带城域城域城域城域网网网网络络络络企业企业C C学校学校D D互联网互联网FE/GEFE/GELRE/ADSLLRE/ADSLWir
17、elessWirelessHFCHFC端口带宽端口带宽Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.222222用户端设备用户端设备用户端设备用户端设备A A用户用户1 1A A用户用户2 2使用原有私有地址使用原有私有地址使用原有私有地址使用原有私有地址宽带互连宽带互连宽带互连宽带互连10/10010/10010/10010/100MMMM以太网,低成本,高带宽以太网,低成本,高带宽以太网,低成本,高带宽以太网,低成本,高带宽MPLS VPN MPLS VPN 企业内联网用户内部网络互连企业内联网用户内部网络互连增
18、加虚拟专用网增加虚拟专用网A A的路由的路由IPIPIPIP宽带宽带宽带宽带城域城域城域城域网络平网络平网络平网络平同时可轻松提供针对不同业务的多同时可轻松提供针对不同业务的多同时可轻松提供针对不同业务的多同时可轻松提供针对不同业务的多VPNVPNVPNVPN服务服务服务服务如语音,视频,财务,人事等如语音,视频,财务,人事等如语音,视频,财务,人事等如语音,视频,财务,人事等Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.232323互联网互联网A A用户用户1 1A A用户用户2 2虚拟专用网虚拟专用网A A路由路
19、由增加互联网访问路由增加互联网访问路由互联网互联网访问访问IPIPIPIP宽带宽带宽带宽带城域城域城域城域网络网络网络网络用户端设备用户端设备用户端设备用户端设备在提供企业内联网业务基础上,利在提供企业内联网业务基础上,利在提供企业内联网业务基础上,利在提供企业内联网业务基础上,利用同一线路,统一的用同一线路,统一的用同一线路,统一的用同一线路,统一的IPIPIPIP宽带网络平宽带网络平宽带网络平宽带网络平台提供互联网访问业务。台提供互联网访问业务。台提供互联网访问业务。台提供互联网访问业务。同时可轻松提供针对不同业务的同时可轻松提供针对不同业务的同时可轻松提供针对不同业务的同时可轻松提供针对
20、不同业务的VPNVPNVPNVPN服务服务服务服务如语音,视频,财务,人事等如语音,视频,财务,人事等如语音,视频,财务,人事等如语音,视频,财务,人事等MPLS VPN MPLS VPN 企业内联网用户内部网络互连企业内联网用户内部网络互连同一线路访问互联网同一线路访问互联网Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.242424Classical Internet Access AddressingThe Customer can use private address space.The firewall p
21、rovides Network Address Translation (NAT) between the private address space and the small portion of public address space assigned to the customer.Private addressesPublic addressesPresentation_ID 2001, Cisco Systems, Inc. All rights reserved.252525Internet Access from Every SiteAddressingTwo address
22、ing options:Every CE router performs NAT functionalitya small part of the public address space has to be assigned to each CE router.The customer uses only public IP addresses in the private networknot realistic for many customers.Private addressesPublic addressesPresentation_ID 2001, Cisco Systems,
23、Inc. All rights reserved.262626Central Firewall ServiceTraffic FlowInternetInternet Access VPNVPNCustomer ACE-A1CE-A2VPNCustomer BCE-B1CE-B2CentralFirewallTraffic between sites of one customer should flow inside the VPN.Traffic between customers is not allowed; a security breach could occur.Traffic
24、can flow from customer sites to the Internet and back; customer sites are protected by a central firewall.Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.272727Combining Internet Access with VPN ServicesTwo major design models:Internet access offered through yet another VPNInternet acc
25、ess offered through global routing on the PE routersPresentation_ID 2001, Cisco Systems, Inc. All rights reserved.282828Internet Access in a VPNBenefits:The provider backbone is isolated from the Internet; increased security is realized.Drawbacks:All Internet routes are carried as VPN routes; full I
26、nternet routing cannot be implemented because of scalability problems.Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.292929Internet Access Through Global RoutingTwo implementation options:Internet access is implemented via separate interfaces that are not placed in any VPN routing/for
27、warding instance (VRF) (traditional Internet access setup).Packet leaking between a VRF and the global table is achieved through special configuration commands.Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.303030Internet Access Through Packet LeakingBenefits:This method can be implem
28、ented over any WAN or LAN media.Drawbacks:Internet and VPN traffic is mixed over the same link; security issues arise.More complex Internet connectivity options (for example, full Internet routing for customers) are hard to implement.Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.3131
29、31Packet Leaking in ActionPEPE InternetSite-1PE-IGSite-2Network 171.68.0.0/16Serial0192.168.1.1192.168.1.2VPN-A VRF0.0.0.0/0 192.168.1.1 (global)Site-1 routesSite-2 routesGlobal Table and FIB192.168.1.1/32 Label=3192.168.1.2/32 Label=5.IP packetD=Label = 3 IP packetD=IP packetD=Presentation_ID 2001,
30、 Cisco Systems, Inc. All rights reserved.323232Internet Access Through a Dedicated SubinterfaceTraffic FlowPEPESite-1PE-IGSite-2Network 171.68.0.0/16Serial0.1192.168.1.1192.168.1.2Serial0.2Serial0.1Serial0.2CE routing tableSite-2 routes - Serial0.1Internet routes - Serial0.2IP packetD=PE Global Tabl
31、eInternet routes - 192.168.1.1192.168.1.1, Label=3 InternetLabel = 3 IP packetD=IP packetD=Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.333333互联网互联网A A用户用户1 1A A用户用户2 2虚拟专用网路由虚拟专用网路由互联网访问路由互联网访问路由增加虚拟专用网增加虚拟专用网B B的部分路由的部分路由互联网互联网访问访问B B用户用户1 1增加虚拟专用网增加虚拟专用网A A的部分路由的部分路由用户端设备用户端设备用户端
32、设备用户端设备用户端设备用户端设备在提供企业内联网,互联网访问业在提供企业内联网,互联网访问业在提供企业内联网,互联网访问业在提供企业内联网,互联网访问业务基础上,利用同一线路,统一的务基础上,利用同一线路,统一的务基础上,利用同一线路,统一的务基础上,利用同一线路,统一的IPIPIPIP宽带网络平台提供企业外联网业宽带网络平台提供企业外联网业宽带网络平台提供企业外联网业宽带网络平台提供企业外联网业务。务。务。务。IPIPIPIP宽带网络平台宽带网络平台宽带网络平台宽带网络平台MPLS VPN MPLS VPN 企业外联网外部网互连企业外联网外部网互连Presentation_ID 2001,
33、 Cisco Systems, Inc. All rights reserved.343434运营商之运营商业务运营商之运营商业务Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.353535运营商之运营商运营商之运营商Customer-ISP Customer-ISP 不运行不运行 MPLSMPLSCRNETPE-1PE-2CE-1CE-2中经网中经网 沈阳沈阳 IGP中经网中经网 北京北京 IGPISP customersASBR-1ASBR-2ISP customersNetwork = NIPDest=NIPDe
34、st=N 1 IPDest=NIPDest=NIPDest=NIPDest=N 2 IPDest=NIPDest=N 1 6 Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.363636Carrier BackbonePE-1PE-2CE-1CE-2ISP customersASBR-1ASBR-2ISP customersNetwork = NIPDest=NIPDest=NIPDest=NIPDest=N 3 IPDest=N 2 IPDest=N 1 6 IPDest=N 1 IPDest=N 15 IPDest
35、=N 7 运营商之运营商运营商之运营商Customer-ISP Customer-ISP 运行运行 MPLSMPLS中竟网中竟网 沈阳沈阳 IGP中经网中经网 北京北京 IGPPresentation_ID 2001, Cisco Systems, Inc. All rights reserved.373737运营商之运营商运营商之运营商Customer-ISP Customer-ISP 运行运行MPLS-VPNMPLS-VPNCarrier BackbonePE-1PE-2CE-1CE-2I-PE1I-PE2Network = NIPDest=NIPDest=NIPDest=N 12 3 I
36、PDest=N 12 2 IPDest=N 1 6 12 IPDest=N 1 12 IPDest=N 25 12 IPDest=N 7 12 IPDest=N 12 中竟网中竟网 沈阳沈阳 IGP中经网中经网 北京北京 IGPPresentation_ID 2001, Cisco Systems, Inc. All rights reserved.383838网际网际MPLS VPN MPLS VPN 业务业务Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.393939CATV/CNCCRNET网际网际 MPLS V
37、PNMPLS VPNPE-1PE-ASBR1CE-1CE-2P1Network = NPE-ASBR2PE-2P2IPDest=NIPDest=N 20 8 IPDest=N 20 IPDest=N 12 IPDest=N 1 6 IPDest=N 1 IPDest=NPresentation_ID 2001, Cisco Systems, Inc. All rights reserved.404040A A用户用户1 1A A用户用户2 2虚拟专用网虚拟专用网A A路由路由互联网访问路由互联网访问路由虚拟专用网虚拟专用网B B的部分路由的部分路由增加话音增加话音VPN VPN 的部分路由的部
38、分路由B B用户用户1 1IPIP电话电话 通道通道V V网关网关PSTN/GSMPSTN/GSM国家级长途国家级长途VOIPVOIP智能软交换关守智能软交换关守IPIP电话电话传统电话传统电话(铁通号码)铁通号码)(铁通号码)铁通号码)互联网互联网互联网互联网访问访问电视会议电视会议用户端设备用户端设备在提供企业内联网,互联网在提供企业内联网,互联网在提供企业内联网,互联网在提供企业内联网,互联网访问业务,企业外联网业务访问业务,企业外联网业务访问业务,企业外联网业务访问业务,企业外联网业务基础上,利用同一线路,统基础上,利用同一线路,统基础上,利用同一线路,统基础上,利用同一线路,统一的一
39、的一的一的IPIPIPIP宽带网络平台提供企宽带网络平台提供企宽带网络平台提供企宽带网络平台提供企业业业业IPIPIPIP电话业务。电话业务。电话业务。电话业务。IPIPIPIP宽带网络平台宽带网络平台宽带网络平台宽带网络平台MPLS VPNMPLS VPN语音语音/ /电视会议专用电视会议专用VPNVPN电视会议电视会议Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.414141与广电基于与广电基于Voice Over CableVoice Over Cable的合作的合作HFCHFCGatekeeperGateke
40、eperPSTNPSTNV VCATV IP CATV IP MANMANIPIP电话电话 VPNVPN铁通城域铁通城域IPIP网络网络IPIP电话电话 VPNVPN智能软交换智能软交换智能软交换智能软交换CMTSCMTSCable Cable ModemModem成本投入成本投入: :SoftSwitch SoftSwitch 每线的成本每线的成本 10-20$10-20$所有的用户接入的电所有的用户接入的电话话Cable ModemCable Modem由由CATVCATV投资投资收入收入: :15-2015-20¥/ /每月每月/ /用户市话收费用户市话收费一年内即可通过市话费收回投资,
41、以后的一年内即可通过市话费收回投资,以后的收入即纯利润收入即纯利润用户的长途话务可通过铁通的用户的长途话务可通过铁通的PSTNPSTN长途长途骨干或骨干或VoIPVoIP骨干,假设骨干,假设3030¥/ /每月每月/ /用户,用户,20002000用户可每年给铁通带来额外的用户可每年给铁通带来额外的 2000*30*12=722000*30*12=72万万 ¥卖点卖点: :CATV CATV 在提供数据的同时,为在提供数据的同时,为用户提供话音,帮铁通放号用户提供话音,帮铁通放号铁通在最小的成本情况下,扩铁通在最小的成本情况下,扩大铁通的用户覆盖范围大铁通的用户覆盖范围用户在享受数据,语音,用
42、户在享受数据,语音,是铁通,广电,用户三赢的局是铁通,广电,用户三赢的局面面Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.424242城域城域MPLS VPNMPLS VPN网吧联盟网吧联盟网吧联盟网吧联盟2 2接入接入上网上网网吧联盟网吧联盟1 1接入接入上网话音上网话音网吧联盟网吧联盟1 1接入接入上网上网网吧联盟网吧联盟2 2接入接入上网话音上网话音CRNETCRNET骨干骨干PEPEPEPEP PP P铁通城域网铁通城域网PEPEV V话音话音VPNVPN普通接入点普通接入点话音话音Site 1Site 1S
43、ite 2Site 2Site 3Site 3Site 4Site 4Site 5Site 5Site 6Site 6普通上网普通上网Site 7Site 7,8 8网吧间共享资源网吧间共享资源/ /联网游联网游戏戏/ /VoIPVoIP通话通话/ /可视聊天可视聊天Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.434343铁通铁通铁通铁通城域城域城域城域网网网网企业具体业务分析企业具体业务分析城城城城域域域域宽带宽带宽带宽带IPIP网络网络网络网络平台平台平台平台以太网交换机以太网交换机以太网交换机以太网交换机互联
44、网互联网互联网互联网某企业分部某企业分部某企业分部某企业分部/ /某大楼某大楼某大楼某大楼MPLS VPNMPLS VPN连接本部和连接本部和连接本部和连接本部和分部分部分部分部电视会议电视会议电视会议电视会议企业企业企业企业A AIPIP电话电话电话电话企业企业企业企业A A分分分分部部部部电视会议电视会议电视会议电视会议IPIP电话电话电话电话企业企业企业企业A A总部总部总部总部MPLS VPNMPLS VPN连接本部和连接本部和连接本部和连接本部和分部分部分部分部IDCIDC数据中心数据中心数据中心数据中心主机托管主机托管主机托管主机托管二级运营商二级运营商二级运营商二级运营商/ /内
45、容提供商内容提供商内容提供商内容提供商网上教学网上教学网上教学网上教学/ /学习学习学习学习内部信息共享内部信息共享内部信息共享内部信息共享视频点播视频点播视频点播视频点播Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.444444互联网互联网用户端设备用户端设备银行银行证券公司证券公司金融用户金融用户透明传送业务高带宽,高安全性透明传送业务高带宽,高安全性连接用户的以太接口为二层接口,无连接用户的以太接口为二层接口,无IPIP地址地址Ethernet, ATM, Frame Relay etcEthernet, AT
46、M, Frame Relay etc同一网段同一网段同一局域网同一局域网银行银行证券公司证券公司金融用户金融用户用户端设备用户端设备IPIPIPIP宽带网络平台宽带网络平台宽带网络平台宽带网络平台L2 VPNL2 VPN服务服务L2 VPN L2 VPN 安全、透明网络通道传输业务安全、透明网络通道传输业务A A用户用户1 1A A用户用户2 2Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.454545L2 VPNL2 VPN业务及技术业务及技术1.AToM2.L2TPPresentation_ID 2001, Ci
47、sco Systems, Inc. All rights reserved.464646IP VPN技术技术Complete L2 and L3 VPN Solutions for both IP and MPLS L2L3MPLSAToM (draft-martini)RFC 2547 VPN (MPLS VPN)IPUTI/L2TPv3TBD RFC 2547?Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.474747 Any Transport over MPLS (AToM)Provides ability
48、to transport layer 2 traffic across MPLS packet-based core networks, extending the richness of MPLS capabilities to L2 VPNsA scalable architecture that supports the multiplexing of subscriber connectionsA standards based (draft-martini) open architecture allows extensibility to many transport typesD
49、esigned for Any-to-Any connectivitySP does not participate in customer routingMPLS CoreMPLS CoreAToMFrame RelayATMLeased LineEthernetFrame RelayATMLeased LineEthernetAllows SPs to combine with Cisco IOS QoS and MPLS Traffic Engineering to provide “Virtual leased line” like servicesPresentation_ID 20
50、01, Cisco Systems, Inc. All rights reserved.484848AToM 数据流程数据流程PE1MPLS BackbonePE2Any Transport over MPLS (AToM) TunnelMPLS LSPFrame RelayCPE Router, FRADDLCI 101CPE Router, FRADFrame RelayDLCI 201Directed LDPLabel Exchange for VC1 Label 10Label Exchange for VC2 Label 21VC1 Connects DLCI 101 to DLCI
51、 201VC2 Connects DLCI 102 to DLCI 202DLCI 202DLCI 102Neighbor LDP Label 50Neighbor LDP Label 9010110 5010110 9010221 5010221 90Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.494949IETF IETF 标准化标准化IETF working group PWE3 Pseudo Wire Emulation Edge to Edge;Requirements detailed in draft
52、-ietf-pwe3-requirements Develop standards for the encapsulation & service emulation of “pseudo wires”Across a packet switched backboneFocused on Point-to-Point circuit emulationPSN tunnel - GRE, MPLS, L2TPService - Ethernet, ATM, PPP, FR, HDLC and so on .Presentation_ID 2001, Cisco Systems, Inc. All
53、 rights reserved.505050L2TP 协议参考模型协议参考模型L2TPv2L2TPv3IP or MPLSCoreL2TPv3 TunnelsCECEPE1PE2CECEProvider EdgeSP IP CoreProvider EdgeIP or MPLSCoreL2TPv2 TunnelsLNS ISP 1LACDial UserDSL UserLNS ISP 2EthernetEthernetFrame RelayFrame RelaySP IP CorePresentation_ID 2001, Cisco Systems, Inc. All rights res
54、erved.515151L2TPv3 for customers that prefer a native IP network Provides ability to transport layer 2 traffic across IP packet-based core networks Based on a well-established lineage of protocols:L2TPv2 and pre-standards Cisco innovation Universal Transport Interface (UTI)A standards based open arc
55、hitecture allows extensibility to many transport typesIP CoreIP CoreL2TPv3Frame RelayATMLeased LineEthernetFrame RelayATMLeased LineEthernetLayer 2 Tunneling Protocol - version 3Efficient header for high performance decapsulationConfiguration on Edge routers onlyPresentation_ID 2001, Cisco Systems,
56、Inc. All rights reserved.525252L2TPv3 L2TPv3 包的封装包的封装 Delivery header - The delivery header is the header needed to carry the L2TPv3 packet across the delivery network. This is an IPv4 header. The delivery header is 20 bytes. L2TPv3 header - The L2TPv3 payload independent header contains the necessa
57、ry and sufficient information needed to uniquely identify the tunnel context at the de-encapsulation point. The payload independent header is 12 bytes. Payload - Payload to be transported by L2TPv3. It may be a link layer frame or a network layer packet.Presentation_ID 2001, Cisco Systems, Inc. All
58、rights reserved.535353IP or MPLSCoreIP CoreL2TPv3 L2TPv3 数据包的流程数据包的流程Description: Two Ethernet Segments are joined over an IP core viaL2TPv3. To end user devices, the two physical Ethernet networks appear as a single segment.R2R1L2TPv3 TunnelServer BWorkstation AStep #2 R1 takes Ethernet frame and e
59、ncapsulates it in L2TP and routes it to tunnel destinationStep #1 Workstation A sends packet destined for Server BStep #3 R2 receives IP/L2TP/Ethernet Packet and removes the IP/L2TPv3 headers. The remaining Ethernet frame is forwarded to Server B. Presentation_ID 2001, Cisco Systems, Inc. All rights
60、 reserved.545454IETF IETF 标准化标准化L2TPv3 is currently an IETF standards track draft document. See draft-ietf-l2tpext-l2tp-base-01.txtL2TPv3 has been presented at the IETF meetings in London (August 2001) and Salt Lake City (December 2001). It was warmly received at both venues.We are continuing the st
61、andards push at the IETF meeting in Minneapolis, MN (March 2002)We anticipate standards ratification by Q1 of 2003.Presentation_ID 2001, Cisco Systems, Inc. All rights reserved.555555统一化统一化VPN VPN 的好处的好处Decreased CostDecreased CAPEX & OPEX : Simplify core, maintain L2 revenue streams & operate fewer
62、 networks Increased utilization of Packet NetworksEfficient Global ReachLeverage a MPLS / IP backbone for global reach Does not require complexity of multiple expensive partnerships to deliver global service Faster Time to Service Less complex circuit provisioning times Decreased CostIf in-sourced decreased CAPEX & OPEX to maintain & operate fewer VPNs If out-sourced wider selection of Service Providers offering access services Efficient Global ReachMay work with single Service Provider to obtain global VPN services Flexible DemarcationsSelectively retain control or outsource their networks
