Introduction to VPN (Virtual Private Network)
Let’s start with the definition. VPN is a logical network and created over shared physical infrastructure.
Shared infrastructure can be private such as MPLS VPN of a Service Provider or over the Public infrastructure such as Internet.
There are many concepts to understand VPN in detail but in this article I will cover the definition, common design considerations, and some not well known concepts about it.
We can group VPNs into two categories. WAN and the Datacenter VPN Technologies.
WAN VPN Technologies
1.GRE
2.mGRE (Multipoint GRE)
3. IPSEC
4. DMVPN
5.GETVPN
6.L2TPV3
7.LISP
8. MPLS L3 VPN
Datacenter VPN Technologies
1.EoMPLS (Ethernet over MPLS (a.k.a VPWS)
2. VPLS (Virtual Private Lan Service)
3. OTV (Overlay Transport Virtualization)
4. EVPN
5. PBB-EVPN
6. VXLAN (And other host based overlays such as NVGRE, STT, GENEVE)
Of course this is not the complete list. Please note that some of the technologies which I grouped into WAN technologies can be used in the Datacenter and vice versa.
For example LISP can be used in Datacenter as well and VPWS and VPLS can be used on the Wide Area Network as well.
Should I use Cisco OTV for the Datacenter Interconnect? This question comes from not only from my students but also the companies which I provide consultancy.
I will not go through the OTV details, how it works, design recommendations etc. But let me remind you what is OTV and why OTV is used , Where it makes sense very briefly.
OTV (Overlay Transport Virtualization) is a tunnelling mechanism which provides to carry Layer 2 ethernet frame in IP. (As I indicated in other articles, when I say MAC in IP, it is the same thing with MAC over IP).
So, OTV is Layer 2 in Layer 3 tunnelling mechanism. You can hear it is an encapsulation mechanism as well, which is true although there is small difference.
You don’t need to have MPLS underlay to create OTV tunnels. It uses IS-IS for the MAC address reachability and stops layer 2 protocol PDUs at the OTV Edge device where encapsulation happens.
This is good because, you don’t want to extend Layer 2 protocol PDUs such as Spanning Tree if you have multiple datacenters. Failure stays and affects only one datacenter, not all. (Failure domain boundary concept)
Another datacenter interconnect requirement Continue reading
CARRIER ETHERNET DEFINITION
Carrier Ethernet is an attempt to expand Ethernet beyond the borders of Local Area Network (LAN), into the Wide Area Networks (WAN).
With Carrier Ethernet, customer sites are connected through the Wide Area Network. Carriers have connected the customers with ATM (Asynchronous Transfer Mode) and Frame Relay interfaces in the past. (User to Network Interface/UNI).
Carrier Ethernet is not about the Ethernet within the Local Area Networks.
Driver of Carrier Ethernet is; since Ethernet is the de-facto protocol on the Local Area Network, why not to use Ethernet everywhere, and not only within LAN. When any other Wide Area Network protocol is used such as ATM, customer Ethernet frame is encapsulated into another protocol.
This reduces the overall efficiency of customer service, consumes more network bandwidth, makes troubleshooting harder and many other drawbacks.
Carrier Ethernet is also known as Carrier Class Ethernet and Carrier Grade Ethernet.
Another reason for Carrier Ethernet is; Ethernet interfaces and the devices are cheaper compare to the other technologies. This result cheaper service to the customers.
CARRIER ETHERNET REQUIREMENTS
Traditional Ethernet lacks many features which are required to transport critical services, time sensitive applications and voice services.
These are:
What is Colocation, POP , Carrier Hotels and Meetme Room ?
If you are working in operator domain or a network engineer who wants to learn what is colocation , what is POP (Point of Presence) , how POPs are physically connected , POP terminology , understand meetme room and carrier hotel, this post is for you.
POP locations can be located in the Datacenter or in very small buildings , meetme room and the carrier hotel is placed in the datacenter.
Colocation is provided by the datacenters.
But there are other details which you should be aware.
I explained these details in the below video. This video is one of the 20 topics from the network interconnection module of Service Provider Design Workshop. You can take this workshop and watch the on demand 10+hours service provider technology videos right away.
If you are not a subscriber yet ,you should subscribe to youtube channel right now.
If you any question or comment, please share in the comment box below.
Orhan Ergun
Let’s Connect on Social Media !
More info about me click here
CEO Steve Mollenkopf says 5G represents the single biggest opportunity in Qualcomm’s history, and...
Digital Realty wants to unseat data center heavyweight Equinix. And it plans to do this by solving...
SnapRoute's network operating system joins InfoBlox's growing software portfolio and helps fill out...
T-Mobile US claims it will be the first domestic operator with a “nationwide” 5G network but it...
The most popular IBN based technology today is SD-WAN and in this blog we’ll look at how DX...
word trademark salad
The post Musing: WiFi Alliance Copyright Assertions appeared first on EtherealMind.
Global Internet freedom declined for the ninth consecutive year in 2019, largely as a result of social media increasingly being used by governments around the world as a conduit for mass surveillance and electoral manipulation. The Freedom on the Net 2019 report, the latest edition of the annual country-by-country assessment of Internet freedom, was released on November 5 by Freedom House, and highlights the shift in social media from a level playing field for civic discussion to an instrument of political distortion and societal control.
The Freedom on the Net 2019 report analyzed Internet freedom in 65 countries worldwide, covering 87% of global Internet users. Surveyed countries are designated as ‘Free’, ‘Partly Free’, or ‘Not Free’ based on an examination of, and scoring against, three categories: obstacles to access, limits on content, and violations of user rights.
Of the 65 countries assessed, 33 of them saw Internet freedom decline over the last year, with the biggest drops observed in Sudan and Kazakhstan. The longtime presidents of both countries were ousted, leading to widespread blocking of social media platforms, disruptions of Internet connectivity, and the increased use of electronic surveillance to undermine free expression.
The report called digital platforms Continue reading
A few days ago we published the content outline for our Networking in Public Clouds online course.
We’ll start with the basics, explore the ways to automate cloud deployments (after all, you wouldn’t want to repeat the past mistakes and configure everything with a GUI, would you?), touch on compute and storage infrastructure, and the focus on the networking aspects of public cloud deployments including:
Read more ...Hello my friend,
After the release of the previous article outlining the data and control plane security for IPv4 in Cisco, Nokia and Mellanox/Cumulus (link) I’ve got several requests about the security in IPv6. The requests were fair enough and with this article we close this gap.
1
2
3
4
5 No part of this blogpost could be reproduced, stored in a
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.
Special thanks for Avi Alkobi from Mellanox and Pete Crocker and Attilla de Groot from Cumulus for providing me the Mellanox switch and Cumulus license for the tests.
This is the fourth article in the series about the Mellanox/Cumulus switch. The three previous are:
The importance of the security for the network in terms of the control and data plane protection was explained in the previous article Continue reading
This is the fourth post in the Loading Configs series. In this post, we will cover the load update command. …
The post Junos – Loading configs – 4 of 5 – Update appeared first on Fryguy's Blog.
The Spirent Test Center is one of the traffic generation tools I use in my job. I am creating a youtube series on varying use cases and aspects with it. Kinda a “how to” and “lessons learned over the years”... Read More ›
The post Spirent Test Center Series: Overview and Part 1 appeared first on Networking with FISH.