1

Overview of VPN
2
Private Networks
Leased Lines
Organization A
Site 1
Organization A
Site 2
Organization A
Site 3
Organization B
Site 1
Organization B
Site 2
Organization B
Site 3
Organization A
Site 4
3
Private Network
Advantages:
Leased lines are secured
Privacy and QoS Guarnteed
Disadvantages
Leased lines are very expensive
No of links required grows exponentially if full mesh
connectivity is required and network expands.
More nos of CPE ports are required
Network complexity increases as network grows. All existing
sites requires reconfiguration in case of a new site addition.
4
Internet Based Private Network
Organization A
Site 1
Organization A
Site 2
Organization A
Site 3
Organization B
Site 1
Organization B
Site 2
Organization B
Site 3
Organization A
Site 4
Internet
Shared Infrastructure
5
Internet Based Private Network
Advantages:
Single physical connectivity at each site.
No reconfiguration required at existing sites in case
of addition of new site to the network.
Saving on CPE ports
Huge saving in annual connectivity charges.
Disadvantages:
Highly insecure environment
No guarantee of Privacy and QoS
Any unauthorized traffic can enter in private network
6
Virtual Private Network
Different solutions are available to make
communication over internet safe, secure and it can
also ensure desired grade of quality of service.
These solutions are known as VPN solutions.
Different protocols like L2TP, PPTP, IPSec etc are
available to provide VPN solutions to customers.
These Protocols take care of data authenticity, data
integrity, and if required data confidentiality.
7
Virtual Private Network
Organization A
Site 1
Organization A
Site 2
Organization A
Site 3
Organization B
Site 1
Organization B
Site 2
Organization B
Site 3
Organization A
Site 4
Internet
Firewalls
8
Deploying VPNs in the 21st Century
Uses IP Infrastructure
May be shared with Internet services
Increasing importance of IP/MPLS (not ATM/FR)
Subscriber requirements
Lower operational expenses
A single network connection for multiple services
Provider requirements
Multiservice infrastructure
Create additional source of revenue
Internet
Remote Access
Intranet
Extranet
Mobile Users and
Telecommuters
Branch
Office
Corporate
Headquarters
Suppliers, Partners
and Customers
9
Virtual Private Network Categories
VPN can be classified in two categories
Customer Provisioned
VPN Tunnels originate and terminate at customer premises
Provisioning of equipment and allied activities is the responsibility of
the customer
Provider may not be aware of the VPN tunneling through his network
Provider Provisioned
VPN Tunnels originate and terminate at the service providers edge
Responsibilities of creating and maintaining these tunnels lies with
the provider
10
Customer Provisioned VPNs
Organization A
Site 1
Organization B
Site 1
Organization B
Site 2
Internet
Organization B
Site 3
Secured
Tunnels
11
Provider Provisioned VPNs
Organization A
Site 1
Organization B
Site 1
Organization B
Site 2
Internet
Organization B
Site 3
Secured
Tunnels
12
MPLS Based VPNs
MPLS Based Layer 3 VPNs
Providers router participates incustomers layer 3 routing
Provider router manages VPN-specific routing tables,
distributes routes to remote sites
CPE routers advertise their routes to the provider
MPLS Based Layer 2 VPNs
Customer maps their layer 3 routing to the circuit mesh
Provider delivers Layer 2 circuits to the customer, one for
each remote site
Customer routes are transparent to provider
13
MPLS Based Layer 3 VPN
P
P
P
PE 2
VPN A
Site 3
VPN A
Site 1

VPN B
Site2
VPN B
Site 1
PE 1
PE 3
VPN A
Site2
CEA1
CEB1
CEA3
CEA2
CEB2
P
VPN B
Site3
CEB3
CEC1
VPN C
Site 1
VPN C
Site 2
CEC2
A VRF is created
for each VPN
connected to the PE
Static
Routes
OSPF
Routing
E-BGP
14
MPLS Based Layer 3 VPNs
Each VRF is populated with:
Routes received from directly connected CE
routers associated with the VRF
Routes received from other PE routers
with acceptable BGP attributes
Only the VRF associated with a VPN is used
for packets from a site of that VPN
Provides isolation between VPNs
15
MPLS Based Layer 3 VPNs
Customers can use overlapping IP addresses
Customers are free to use any IP address even
private IP addresses.
Very little manual configuration. Auto discovery of new
sites. No reconfiguration of existing sites in case of
new site addition.
Cheaper than leased lines as it works on MPLS based
IP infrastructure which is a shared infrastructure.
QoS can be assured as MPLS has the capability to
provide differentiated QoS
16
MPLS Based Layer 3 VPNs
Customers can create intranet as well as
extranet with the help of layer 3 VPNs.
Extranet allows the customers to allow business
partners, suppliers to access their network.
100 % secured intranet as well as extranet.
Single physical connectivity at every site
resulting in very simple network topology.
Provider participates in customers routing
process.
17
MPLS Based Layer 2 VPNs
Provider edge device delivers Layer 2 circuit IDs
(DLCI, VPI/VCI, or VLAN ID) to the customer
Customer sees standard FR or ATM PVCs
From my site, one for each reachable site
Provider edge device maps the circuit ID to an MPLS
LSP to traverse the provider core
Label stacking could be used to improve scalability
Customer maps their own routing architecture to the
circuit mesh
Customer routes are transparent to provider
Separation of administrative responsibility

18
MPLS Based Layer 2 VPNs
P
P
P
PE 2
VPN A
Site 3
VPN A
Site 1

VPN B
Site2
VPN B
Site 1
PE 1
PE 3
VPN A
Site2
CEA1
CEB1
CEA3
CEA2
CEB2
P
A VFT is created
for each CE
connected to the PE
ATM
ATM
ATM
Each VFT is populated with:
The information provisioned for the local CEs
VPN Connection Tables received from other PEs via BGP or LDP

FR
FR
19
MPLS Based Layer 2 VPNs
Layer 2 VPN supported Technologies
Frame Relay
ATM
Ethernet
Ethernet VLANs
HDLC
PPP
20
MPLS Based Layer 2 VPNs
Separation of customers and providers routing
provides extra confidence to customer about
security of his network.
Customer can choose any layer 2 connectivity
which is supported by layer 2 VPN.

21
Virtual Private LAN Service VPLS
Different sites of customers network can get
connected to MPLS network on Ethernet just like they
connect with any LAN switch.
With auto discovery of MAC addressed of devices
each site can learn about the machines connected
with VPLS service.
To customer it appears very much like a ordinary
Ethernet connectivity.
To customer MPLS network appears like a huge LAN
switch with which its different site are connected just
like connected with Ethernet LAN switch.
22
P
P
P
PE 2
VPN A
Site 3
VPN A
Site 1

VPN B
Site2
VPN B
Site 1
PE 1
VPN A
Site2
CEA1
CEB1
CEA3
CEA2
CEB2
P
Virtual Private LAN Service
A private Ethernet network constructed over a shared
infrastructure which may span several metro areas
Multipoint to Multipoint Ethernet connectivity where the SP
network looks like an Ethernet broadcast domain
Compliments Layer 3 2547 and Layer 2 VPNs
PE 3
23
What is Quality of Service
Desktop
Conferencing,
Distance Learning
Mission-Critical
Applications
FTP
E-Mail
Role of QoS
Protect mission-critical applications
Voice, ERP, data warehouse,
sales force automation
Prioritize groups of users
Finance, sales, suppliers
Enable multimedia applications
Distance learning, desktop video conferencing
25
Quality of Service (QoS)
MPLS has got very powerful tools like traffic
prioritization, traffic scheduling, traffic shaping,
traffic policing etc to ensure proper grade of
quality of service to customer.
Broadly three grades of services are available
at present in MPLS VPN Service
Gold (Guaranteed bandwidth, delivery, Jitter and
latency)
Silver (Guaranteed delivery)
Bronze (Best effort)
26
Three Classes of Service
Three class of service according to the
customers requirement (Gold, Silver & Bronze)
If customer requirement is more than 2 Mbps then
tariff will be n x tariff for 2 Mbps.
Sl No.

Class
of
Service

Comitted
Bandwidth
(%)

Tariff per Annum (Rs in Lakhs)


64
kbps


128
kbps


256
kbps


512
kbps

1 Mbps

2 Mbps

1.

Gold

99

0.77

1.38

2.38

3.69

5.84

12.32

2.

Silver

50

0.58

1.04

1.79

2.76

4.38

9.24

3.

Bronze

25

0.38

0.69

1.19

1.84

2.92

6.16

27
Service Tax & Discount

No of Ports

Discount on VPN Port

2 to 5


10 %

6 to 10


12 %

11 to 15


15 %

16 and above


20 %

Service tax @ 10% will be charged w.e.f
10/9/2004 and
Education cess @ 2 % of the service tax will
also be levied in addition to service tax
28
Tariff for Leased Line Data Circuits
S.N.

Distance
(kms)

64 Kbps
(Rs.)

2 Mbps
(Rs.)

8 Mbps
(Rs.)

34 Mbps
(Rs.)

140 Mbps
(Rs.)

1

50

34,319

3,48,642

13,94,568

55,78,272

2,23,13,088

2

100

40,646

5,38,454

21,53,816

86,15,264

3,44,61,056

3

200

54,412

9,51,431

38,05,724

1,52,22,896

6,08,91,584

4

300

68,178

13,64,407

54,57,628

2,18,30,512

8,73,22,048

5

400

81,944

17,77,384

71,09,536

2,84,38,144

11,37,52,576

6

500

95,710

21,90,360

87,61,440

3,50,45,760

14,01,83,040

7

Beyond
500

96,000
(Fixed)

22,00,000
(Fixed)

88,00,000
(Fixed)

3,52,00,000
(Fixed)

14,08,00,000
(Fixed)

29
Tariff for 128 kbps to 960 kbps
Capacity

Coefficient

960 kbps

7.6

768 kbps

6.4

512 kbps

4.8

384 kbps

4.0

320 kbps

3.6

256 kbps

3.1

192 kbps

2.5

128 kbps

1.8

The tariffs for 128 kbps to 960 kbps is equal to
the tariff for 64 kbps x by the coefficients as below
30
ICICI Bank Case Study
Total nos of Leased Lines of Various capacities
across the Country 82
Total Annual charges paid Rs 142604651/-
75 links were possible to be shifted on VPN
Cost of 75 VPNs of different capacities
Rs- 7,30,00,000/-
Cost of rest 7 leased lines Rs-50,00,000/
Total cost 7,80,00,000/-