Implementing VPN In Jilin Broadband IP Network By Utilizing MPLS Technology

With the rapid development of computer network, more and moreenterprises consider the stand or fall of Intranet construction as animportant sign of informationization of modern enterprise. Furthermore,many enterprises wish to build enterprise information platform by usingVPN (Virtual Private Networks)technology and interconnect separatednet sites through public network so to guarantee security, reduce cost andimprove efficiency.MPLS(Multi-Protocol Label Switching)is a transmission technologyof next generation wide area network, which is developed in the lastseveral years and combines advantages of both IP and ATM technology.MPLS has been more and more promising from the aspects of solvinginterconnection of enterprises and VPN (Virtual Private Network) andproviding various services due to its inherent predominance. It has becomean important means to provide added-value service. Based on this premise,this thesis explores implementing enterprise VPN in existing Jilinbroadband IP network by using MPLS technology.MPLS uses labels with short and fixed length to assemble packets. Itis a new technology which can make the best use of data label to conductdata packet to transmit in communication network with high-speed andhigh-efficiency. FEC (Forwarding Equivalent Class) is the most importantconcept in MPLS. MPLS is actually a type of classifying and forwardingtechnology, which classifies the packets with same processing mode (suchas same destination, same forwarding path and same service level etc.) toone category which is referred to as FEC. The packets belonging to thesame FEC will be processed identically in MPLS network. In traditional IPForwarding,maximum length matching rule was used to look for routetable to determine next-hop address. This rule will cause several times oflook-up, which will affect the performance of a router to some extent. InMPLS, each data packet has a label. Each packet is forwarded according toits label without the need of analyzing data packet to network layer. Also,it reduces the times of looking up forwarding tables and increases theforwarding speed of packet, because the label used by data packets has theonly availability of forwarding. Therefore, MPLS introduces connectionmode in a connectionless network, thus reduces network complexity,which can guarantee the QoS (quality of service) of networkcommunication and the security of data transmission at the same time ofimproving the performance IP service.MPLS is much suitable to construct VPN service based on IPtechnology to meet extending ability and management requirements ofVPN. VPN is a set of some Sites. Site is part of the Customer Network(C-Network). Site can belong to different VPNs at the same time, but itmust obey the following rules: two sites have connection availability onlywhen they belong to the same Site set defined by VPN. According to thedefinition of VPN, all the sites within a VPN belonging to one enterprise iscalled Intranet;if the Sites in a VPN belong to different enterprise, it iscalled Extranet.We can take safety precautions in MPLS VPN to configure a strategyfor each VPN-instance and regulate that a VPN can accept the routeinformation comes from which Sites and release route informationoutgoing to which Sites. By strategy, it can be guaranteed that IPinterworking cannot be made between different VPNs, thus to ensure thesecurity of VPN. VPN constructed by utilizing MPLS can also providepossibility to implement added-value services. By configuration, the singleaccess node can form multiple VPNs. Each VPN represents differentservice, which can make the network to transmit various service withflexible mode.The model of MPLS VPN consists of three components: CE, PE andP. CE(Custom Edge)is a customer edge router, which is a composing partof subscriber network. It has an interface which connect service providerdirectly. It can be a route, Ethernet switch or a host. PE(Provider Edge)router, that is, provider edge router is the edge equipment of the provider,which is connected directly with CE of the customer. In a MPLS network,all processing for VPN take place in the PE router. Router is the corerouter of the provider's backbone network, which is not connected withCE directly. P route must have ability of MPLS forwarding.The routing assignment between PEs is often achieved by BGP(Border Gateway Protocol)protocol. The configuration of MPLS VPN ismainly focused on PE, while CE does not know the existence of VPN andP only forwards label. In PE, a VRF (Virtual Routing Forwarding Table)is created corresponding to every Site. A VRF contains a routing table, aforwarding table, a group of interface set which use this VRF and a groupof related strategies. VRF is not corresponding to a VPN directly, but, itintegrates the VPN member relationship and route rules corresponding toits site. VRF maintain a route table, which is logically separated, for eachsite. Each VRF maintain an absolute address space. The site routinginformation which can reach the same VPN with current site should becontained in the VRF. Thus, in a PE, the message from CE can beforwarded according to corresponding VRF without worrying about theconflict between address space of different VPN.The latter three chapters in this thesis introduce the current status ofJilin broadband IP network and topology of MAN in detail, deeply analysethe two solutions of MPLS VPN which are the second-layer VPN and thethird-layer VPN technology, determine to choose the third-layer VPNtechnology to implement MPLS VPN in Jilin broadband IP network.Because MPLS is a complex technology, the equipment resource costaiming at this service is a factor which can not be omitted. Also, aiming atnetwork service of telecommunication provider level, the support ofhardware and software of corresponding network equipment is a necessarycondition. This thesis plans the whole network based on the rules of safe,easy to maintain and to be applied, in which Huawei S8016 router switchis used as PE, CISCO GSR router and M20 router of Juniperis or corerouter of Zhongxing is used as P. Besides, tests are performed bysimulating client router. Two M20 routers of Changchun have configuredas RR (Router Reflector)equipment. The interconnection problembetween different vendor's equipment of supporting MPLS protocol isensured by configuring equipments of P, PE and CE in reason, which getbetter effect.Furthermore, examples of point-to-point internetworking, hub&spokeinternetworking and extranet internetworking and the whole performancetest for MPLS VPN prove the feasibility and practical meaning ofimplementing VPN in Jilin broadband IP network by utilizing MPLS. Thisthesis implements building enterprise IP dedicated network in public IPnetwork in the province, which realizes broadband connection ofmultiservice such as data, voice and image and can provide high qualityservice to customers combining technologies of CoS (Class of Service )and TE ( Traffic Engineering)etc. in the future.