Getvpn
Páginas: 12 (2835 palabras)
Publicado: 18 de noviembre de 2012
Cisco Group Encrypted Transport VPN – Technical Overview
December 2006
Presentation_ID
Agenda
Problem Statement Solution: Group Encrypted Transport Technology Components Feature Overview Provisioning and Management
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
Problem Statement
Today’s Enterprise WAN technologies force atrade-off between QoS-enabled branch interconnectivity and transport security
– Networked applications such as voice, video and web-based applications drive the need for instantaneous, branch interconnected, QoS-enabled WANs – Distributed nature of network applications result in increased demands for scalable branch to branch interconnectivity – Increased network security risks and regulatory compliancehave driven the need for WAN transport security – Need for balanced control of security management between enterprises and service providers
Service providers want to deliver security services on top of WANs such as MPLS without compromising their SLAs
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
3
Solution: Cisco Group Encrypted Transport VPN
RRCE1 10/4
(10.1.1.1, 10.2.1.1) (10.4.1.1, 10.3.1.1) (10.3.1.1, 10.3.1.1)
CE 3 10/2
IP VPN
(10.3.1.1, 232.0.0.1)
(10.1.1.1, 10.2.1.1) (10.1.1.1, 10.2.1.1)
10/3 CE 2
(10.4.1.1, 10.3.1.1)
(10.3.1.1, 232.0.0.1)
10/1 CE 4
Key Server Enterprise Core Any-to-Any Connectivity Redundancy Established by Core Routers Core for Multicast Replication
Cisco Confidential
10/5 BranchTransparent Service Integration (e.g.,MPLS) Integration with DMVPN Highly Scalable Full Meshes Monitoring/Management: centralized policy distribution CLI/GUI
4
Branch Encrypted Any-Any connectivity Hierarchical Routing (without tunnels) Native QoS support Native Multicast Encryption
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved.
Benefits of Cisco GET VPN
Previous LimitationsNew Feature and Benefits
Multicast traffic encryption through Encryption supported for Native Multicast and IPsec tunnels: Unicast traffic with GDOI – Not scalable – Allows higher scalability – Difficult to troubleshoot – Simplifies Troubleshooting – Extensible standards-based framework Overlay VPN Network – Overlay Routing – Sub-optimal Multicast replication – Lack of Advanced QoS Full MeshConnectivity – Hub and Spoke primary support – Spoke to Spoke not scalable
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved.
No Overlay – Leverages Core network for Multicast replication via IP Header preservation – Optimal Routing introduced in VPN – Advanced QoS for encrypted traffic Any to Any Instant Enterprise Connectivity – Leverages core for instant communication – Optimalfor Voice over VPN deployments
Cisco Confidential
5
Cisco GET VPN: Before and After
Before: CE-CE Protection with Peer-Based Model
Multicast Source VPN A VPN A
VPN A MPLS VPN Network
VPN B
After: CE-CE Protection with Group-Based Model
Multicast Source
VPN A
VPN B
VPN A
VPN A
VPN B
Multicast in the core
VPN A
VPN A MPLS VPN Network
VPN B VPN B VPN B VPN AVPN B
Multicast VRF
VPN B VPN A
GRE Tunnels CE-CE
Multicast Source VPN B
Multicast Source VPN B
• Scalability – an issue (N^2 problem) • Any-Any Instant Connectivity a issue • Overlay Routing • Multicast replication inefficient • Unable to Leverage Advanced QoS
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
• Highly Scalable Model •Any-Any instant connectivity with Security • No Overlay Routing • Efficient Multicast replication • Standards based advanced QoS
6
Customer Deployment Scenarios
Customers for Cisco GET VPN fall into two categories:
Enterprises Purchasing Private WAN (e.g. MPLS) Connectivity from SP but wanting to manage encryption themselves
Key Targets
Meet security policy or regulatory requirements Want...
December 2006
Presentation_ID
Agenda
Problem Statement Solution: Group Encrypted Transport Technology Components Feature Overview Provisioning and Management
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
Problem Statement
Today’s Enterprise WAN technologies force atrade-off between QoS-enabled branch interconnectivity and transport security
– Networked applications such as voice, video and web-based applications drive the need for instantaneous, branch interconnected, QoS-enabled WANs – Distributed nature of network applications result in increased demands for scalable branch to branch interconnectivity – Increased network security risks and regulatory compliancehave driven the need for WAN transport security – Need for balanced control of security management between enterprises and service providers
Service providers want to deliver security services on top of WANs such as MPLS without compromising their SLAs
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
3
Solution: Cisco Group Encrypted Transport VPN
RRCE1 10/4
(10.1.1.1, 10.2.1.1) (10.4.1.1, 10.3.1.1) (10.3.1.1, 10.3.1.1)
CE 3 10/2
IP VPN
(10.3.1.1, 232.0.0.1)
(10.1.1.1, 10.2.1.1) (10.1.1.1, 10.2.1.1)
10/3 CE 2
(10.4.1.1, 10.3.1.1)
(10.3.1.1, 232.0.0.1)
10/1 CE 4
Key Server Enterprise Core Any-to-Any Connectivity Redundancy Established by Core Routers Core for Multicast Replication
Cisco Confidential
10/5 BranchTransparent Service Integration (e.g.,MPLS) Integration with DMVPN Highly Scalable Full Meshes Monitoring/Management: centralized policy distribution CLI/GUI
4
Branch Encrypted Any-Any connectivity Hierarchical Routing (without tunnels) Native QoS support Native Multicast Encryption
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved.
Benefits of Cisco GET VPN
Previous LimitationsNew Feature and Benefits
Multicast traffic encryption through Encryption supported for Native Multicast and IPsec tunnels: Unicast traffic with GDOI – Not scalable – Allows higher scalability – Difficult to troubleshoot – Simplifies Troubleshooting – Extensible standards-based framework Overlay VPN Network – Overlay Routing – Sub-optimal Multicast replication – Lack of Advanced QoS Full MeshConnectivity – Hub and Spoke primary support – Spoke to Spoke not scalable
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved.
No Overlay – Leverages Core network for Multicast replication via IP Header preservation – Optimal Routing introduced in VPN – Advanced QoS for encrypted traffic Any to Any Instant Enterprise Connectivity – Leverages core for instant communication – Optimalfor Voice over VPN deployments
Cisco Confidential
5
Cisco GET VPN: Before and After
Before: CE-CE Protection with Peer-Based Model
Multicast Source VPN A VPN A
VPN A MPLS VPN Network
VPN B
After: CE-CE Protection with Group-Based Model
Multicast Source
VPN A
VPN B
VPN A
VPN A
VPN B
Multicast in the core
VPN A
VPN A MPLS VPN Network
VPN B VPN B VPN B VPN AVPN B
Multicast VRF
VPN B VPN A
GRE Tunnels CE-CE
Multicast Source VPN B
Multicast Source VPN B
• Scalability – an issue (N^2 problem) • Any-Any Instant Connectivity a issue • Overlay Routing • Multicast replication inefficient • Unable to Leverage Advanced QoS
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
• Highly Scalable Model •Any-Any instant connectivity with Security • No Overlay Routing • Efficient Multicast replication • Standards based advanced QoS
6
Customer Deployment Scenarios
Customers for Cisco GET VPN fall into two categories:
Enterprises Purchasing Private WAN (e.g. MPLS) Connectivity from SP but wanting to manage encryption themselves
Key Targets
Meet security policy or regulatory requirements Want...
Leer documento completo
Regístrate para leer el documento completo.