Network-Based VPNs BOF (nbvpn)
Thursday, August 3 at 1530-1730
===============================
CHAIRS: Marco Carugi <marco.carugi@francetelecom.fr>
Rick Wilder <rwilder@bbo.com>
DESCRIPTION:
The goal of this effort is to standardize a framework and one or
more sets of mechanisms for supporting network-based IP virtual
private networks (NBVPN). A NBVPN is distinguished by the following
characteristic :
1. They may require support for isolated routing. Reasons for
this requirement include creation of closed user groups per
VPN with confidentiality for VPN traffic and the use of
non-globally-unique VPN addressing.
2. Site-to-site performance characteristics may need to be ensured.
3. Their operations can be at least partially outsourced to one or
more SPs.
Drivers for this work exist for both VPN users and Service Providers.
VPN-user-based drivers include:
1. Desire to simplify the configuration and management of the VPN.
2. Desire to be able to outsource the management and configuration
of the VPN.
Service provider-based drivers include:
1. Efficient sharing of transmission resources and routing
equipment in support of multiple VPNs.
2. Simplicity of management of aggregation routers which support
multiple VPNs.
Devices used for NBVPNs can meet both user and service-provider
concerns by providing independent functions for the customer-facing
side and the network-facing side.
The customer-facing side has a customer-specific IP forwarding
environment and VPN configuration, tailored for each customer. The
network-facing side of the device participates in the SP network's
routing (i.e., runs an IGP and IBGP as a standard router would).
A critical function is the mapping of virtual site-to-site VPN
connections onto a transport backbone which can support multiple
VPNs as well as other communications services. An intelligent
many-to-one mapping of virtual VPN connections onto a shared
transport backbone can greatly improve the scaling properties of
the backbone.
There are 3 different tunneling mechanisms that are considered
within the scope of this WG to support NBVPNs: MPLS, GRE and IPSEC.
Note that IPSEC can be used as a tunneling protocol itself or an
"inner wrapper" within another tunneling protocol such as MPLS or
GRE. NBVPNs may also support traditional L2 tunneling protocols at
the network-facing side although the use of these tunnels are outside
the scope of this working group. A single VPN may make use of a
mixture of tunnel mechanisms.
AGENDA:
The meeting is officially scheduled from 1530 to 1730. Due to limited time
availability and to various slot requests, we propose a scheduling time from
1530 to 1800
Agenda bashing - co-chairs
Charter presentation (work description, objectives, goals/milestones) and
discussion
- co-chairs - 30 min
Recent work on MPLS-based VPNs at ITU SG13 (draft recommendation Y.ipvpn)
- Carugi - 10 min
Internet-Draft presentations (reduced slots due to limited total time
availability) "BGP/MPLS VPNs" updates (draft-rosen-rfc2547bis-02.txt)
- Rosen/Rekhter - 20 min
Network based IP VPN Architecture using Virtual Routers
(draft-ouldbrahim-vpn-vr-01.txt)
- Ould-Brahim - 15 min
A Core MPLS IP VPN Architecture (draft-muthukrishnan-mpls-corevpn-arch-03.txt)
- Muthukrishnan - 10 min
A framework for IP Based Virtual Private Networks (RFC2764) - Gleeson - 15 min
A framework for NBVPN (draft-suzuki-nbvpn-framework-00.txt)
- Suzuki/Sumimoto - 15 min
BGP/IPSEC VPN (draft-declercq-bgp-ipsec-vpn-00.txt)
- De Clercq/T'Joens - 10 min
Criteria for evaluating VPN implementation mechanisms
(draft-yu-vpn-criteria-00.txt) -Yu- 10 min
Extensions to CR-LDP for VPNs (draft-zhang-crldp-ext-for-vpn-00.txt)
- Zhang - 5 min
MAILING LIST:
The mailing list is available : general discussion at nbvpn@bbo.com, to
subscribe send "subscribe nbvpn" as the text to nbvpn- request@bbo.com
A web site (mail archive) will be also setup.