Professional Documents
Culture Documents
Table of Contents
1 2 Preface ............................................................................................................................... 1 Introduction to the VPN Manager Solution ......................................................................... 2
2.1 2.2 2.3 MPLS VPN Concept ........................................................................................................ 2 VPN Manager Solution.................................................................................................... 4 VPN Manager Architecture.............................................................................................. 5 2.3.1 2.3.2 Product Orientation .............................................................................................. 5 Software Architecture........................................................................................... 6
Perfect Client Management........................................................................................... 11 Unified Management of Various VPNs.......................................................................... 11 3.3.1 3.3.2 3.3.3 BGP/MPLS VPN Service ................................................................................... 11 VPLS Service ..................................................................................................... 12 Martini Service ................................................................................................... 13
3.4
Conclusion........................................................................................................................ 17
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. http://www.huawei.com/products/datacomm/
1 Preface
The Multi-Protocol Label Switching (MPLS) technology is designed for improving the switch performance of the router. Doing well in the traffic project and the VPN field, the MPLS technology is now becoming an important method for providing value-added services in the IP network. It provides the security-based and QoS-based corporation association and service isolation for customers. On the one hand, the MPLS VPN technology helps customers to set up end-to-end communications between different areas of their corporations. The massive equipment and line investment in the traditional DDN/FR network is saved. The network can be expanded easily with effective cost. On the other hand, the MPLS VPN technology can provide customers with the service quality, such as the security, confidentiality and QoS as the traditional network as well as connection service. Besides the data communication service, the operators can provide more IP value-added services such as the contents consignment, VoIP and multimedia service to the users.
Currently, the MPLS VPN service is becoming the main service of the bearer network of the operators. As the society and social economy develop, the expansion of the corporation services and the development of corporation braches will boost the development of the MPLS VPN technology. The VIP service with corporation VPN as its highlight brings operators a great sum of profits and challenges service capability of the
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. http://www.huawei.com/products/datacomm/ 1
operators. As the service products have less and less significant differences in quality, the operators change their competition focus from the technology to the service. The telecom corporations should make innovations in quality, differentiator and featured customization when performing VIP customer marketing. Operators should purchase hardware of good performance to suit the development of the MPLS VPN service and deploy relevant service platforms to meet the customer requirements of quick service deployment, quick location of damaged service, continuous monitoring and featured self-service. In the special management environment of some operators, the service platform of the MPLS VPN technology should have good interconnection capability so that the service platform can be integrated into the current OSS or BSS system of the operators.
VPN Manager is a service tool that helps the operators to release, deploy, secure, and monitor the MPLS VPN service. In addition, the tool performs the VIP customer management in the related field. When the VPN Manager is deployed, the VPN service quality of the operator customers can be improved and the OPEX can be reduced effectively.
As shown in the above figure, various VPN sites are connected via CEs to PEs in the service providers MPLS network. The local PE establishes an LSP tunnel via the extension mechanism with the remote PE so as to complete private transmission of data and form the VPN. The MPLS VPN has the following features:
Easy management: The network-based VPN can be completely implemented by the backbone network. Various subscribers can trust VPN management to the backbone network management organization. The end users do not sense the existence of other networks at all, just as if they were on a physically independent service network. Users do not need to know how the VPN is constructed and connected.
Good expandability: With the use of two layers of labels, the P equipment does not need to know the VPN information and there is no need to make special configuration for the P equipment during network expansion. It is very easy to expand network nodes and the network has good scalability. Moreover, only one network is needed to provide various services such as MPLS L2 VPN, BGP/MPLS VPN and IP data, and diversified customer needs can be satisfied by use of the MPLS-related enhanced technology.
Security: Packets are exchanged through label forwarding in the MPLS domain composed of network nodes, so they have the same security level as ATM/FR virtual circuits.
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. http://www.huawei.com/products/datacomm/ 3
QoS: MPLS mechanisms such as CoS, RSVP and traffic engineering can be used to implement VPNs with guaranteed QoS for customers.
According to TMN and TMF specifications, the VPN network management system (NMS) should be able to provide abundant management functions that cover resource management, service management, customer management and other fields. It should provide the following functions:
Accept service orders, implement network planning, generate service requests and complete the deployment of services.
Make service correlation analysis of network performance and faults so as to provide original data for service faults.
Provide web-based customer network management (CNM) to offer a means for VPN customers to monitor the VPN.
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. http://www.huawei.com/products/datacomm/
The following figure depicts the position of the VPN NMS in the operation system. The VPN NMS is oriented to managing the MPLS VPN network and implementing the seamless integration of customer management, service deployment, performance monitoring and fault monitoring. It is a management tool for service providers to carry out MPLS VPN services. Figure 2-2 Position of the VPN NMS in the operation system
Customer layer: web-based graphical user interfaces (Http to Web server) or Java applications.
Interface layer: provides external interfaces. The interface mode includes the private ASN message mechanism, CORBA mechanism, CLI invocation mechanism,
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. http://www.huawei.com/products/datacomm/ 6
Control layer: provides inventory management, network management, service management and fault management; implements the performance management and dispatching mechanism.
Collection layer: The data collection layer supporting distributed deployment, used to collect equipment data and interact with the NMS and equipment. Figure 2-4 VPN Manager architecture
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. http://www.huawei.com/products/datacomm/
VPN service configuration is complex and incorrect configuration may easily cause network problems such as route flapping, so the correctness of service should be guaranteed before the service is deployed. The VPN Manager can implement the basic check of the user-configured VPN parameters during the service planning process, so as to maximally guarantee the legality of services. It can generate three kinds of topological views for each service request: Network view (expresses the physical connection relations of the VPN network), VPN view (expresses the logical connection relations of the VPN network) and customer view (expresses the connectivity among customer sites). These views can be used to check if the service request has expressed the expected service
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. http://www.huawei.com/products/datacomm/ 8
assumption and avoid service deployment errors, thus improving the efficiency of service fulfillment.
In the process of automatic discovery, the VPN Manager reads the equipment information and can compute the VPN service information in the network with little participation of the administrator. It can directly restore the configuration commands on the equipment into the service requests visible in the NMS. The automatic discovery of services does not change the current configuration in the equipment.
The VPN Manager also supports the deployment and removal command preview function. Users can view the command sections to be issued to the equipment before the deployment, so that no service will be removed mistakenly.
can check the integrity of the configuration commands on the equipment and the end-to-end connectivity of the VPN. Once finding any problem in the audit, the VPN Manager will create a customer alarm and VPN alarm to inform the operator of the influenced customers. The VPN Manager can also highlight the logical connections between customer sites on the topological view so that users may conveniently check the connectivity between sites.
The performance management module of the VPN Manager provides the functions to collect, display, count and report the performance and traffic data. The performance data include the CE-PE delay, PE-PE delay, CE-CE delay, jitter and traffic data. By analyzing the performance data, the administrator can more clearly learn the running state of the network and thus help implement network planning and optimization. All the collected data can be presented in the form of reports to users and provide a valuable reference for users to plan their networks.
The topology management module of the VPN Manager provides multiple views for users. Among them, the network view indicates the physical connections of the VPN, the VPN
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. http://www.huawei.com/products/datacomm/ 10
view indicates the service state and the logical connections of the VPN and the customer view indicates the connectivity among customer sites. The topological view can show service alarms in real time and thus help users monitor the entire VPN network.
The VPN Manager can also output service lease reports, resource lease reports, performance data reports, traffic data reports, failure data reports and other reports for customers, which help service providers and VPN customers learn the service running state and thus improve the customer satisfaction of service providers.
Support VPN instance configuration and setting the important attributes such as instance name, RT, RD and route threshold. Support PE-CE routing protocols such as static routing protocols, BGP, RIP and OSPF. Support numerous interfaces such as ATM, POS, Serial and Ethernet. Support networking modes such as Intranet and Extranet. CE management Support two CE management modes: inband and out-of-band. CE inband management is implemented via VPN management. Automatic allocation of resources The RTs, RDs, VLAN IDs and IP addresses to be used in the service process can be defined to implement automatic allocation of resources according to the predefined plan. Inter-AS service management Provide two inter-AS VPN management modes: VRF-to-VRF and MP-EBGP. Template configuration Support the basic configuration of equipment based on templates during the service process and support using system variables in the templates. Inter-AS configuration Provide two kinds of inter-AS configuration: Option A and Option B.
The VPN Manager is applicable to large-scale VPLS networks and can lower the load of signaling protocols and data packet duplication through hierarchical connections. H-VPLS service dual-homing Two PWs can be established between one UPE and two NPEs so as to implement service backup. Automatic allocation of resources The RTs, RDs, VSI IDs and other resources to be used in the service process can be defined to implement automatic allocation of resources according to the predefined plan. Template configuration Support the basic configuration of equipment based on templates during the service process and support using system variables in the templates.
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. http://www.huawei.com/products/datacomm/
13
The VPN Manager provides the CORBA northbound interface, which makes possible secondary development or the access to higher-layer systems (e.g. OSS) and enables the automation and intelligence of telecom operation.
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. http://www.huawei.com/products/datacomm/
14
The VPN Manager provides two modes for managing CEs: inband and out-of-band. A special management VPN is needed in the case of inband management to add CE equipment to its management scope. The NMS, as the hub of this VPN, may access any CE equipment. For out-of-band management, an additional IPv4 link must be added between PE and CE so that the CE can be accessed via the public network. These two modes have both merits and shortcomings and are selected according to the actual networking needs.
The VPN Manager provides a complete solution for operation and maintenance of VPN services. After being deployed, it can undertake all jobs from service planning to routine maintenance of VPN services.
planning the adjacency of LDP and ACL policies. For a network, the configuration only needs to be performed once before the first fulfillment of services. The VPN services can be enabled through the template configuration tools and the predefined templates of the NMS itself. Resource pool management Resource pool management includes RD resource pool management, RT resource pool management, IP address pool management and VC ID pool management. It can uniformly manage the service resources related to MPLS VPN and improve the automation of service definition so as to implement unified management and automatic allocation of service resources.
5 Conclusion
With the development of MPLS VPN technologies, more and more service providers use them to provide services. However, the network scale and service complexity pose great challenges to the management of MPLS VPNs. The VPN Manager provides a complete solution for operation and maintenance of MPLS VPN services and creates value for users in the following aspects: Quick service fulfillment. The VPN Manager provides the service policy function, which simplifies the users definition of services and has become an important criterion for
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. http://www.huawei.com/products/datacomm/ 17
carriers to select the NMS when the network scale keeps growing. Abundant service management functions to manage numerous VPN services. The VPN Manager can manage both L3 VPN and L2 VPN and provides a series of networking solutions to address common user requirements. Users can flexibly apply these solutions during practical service deployment. Unified management platform to facilitate carriers centralized management. The VPN Manager can be seamlessly integrated with element management of the DMS. It can implement unified resource management, alarm management, topology management and erformance management, thus reducing carriers cost in deploying hardware. Quick troubleshooting and realtime performance monitoring help improve the VPN service quality. The VPN Manager provides the service alarm function, which helps quickly locate the influenced customers and VPNs and timely remove the trouble. The realtime performance monitoring function enables carriers to well learn the QoS of the network and thus better improve customer satisfaction.
Appendix A Abbreviations
Abbreviation/Acronym LSP MPLS VPN DMS VPLS QoS Full Spelling Label Switching Path Multi Protocol Label Switching Virtual Private Network Datacom Network Management System Virtual Private LAN Segment Quality of Service
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. http://www.huawei.com/products/datacomm/
18