PPVPN Working Group Loa Andersson Internet-Draft Utfors AB Expiration Date: August 2002 22 February, 2002 Parameters and related metrics to compare PPVPN Layer 2 solutions Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026 [1]. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. For potential updates to the above required-text see: http://www.ietf.org/ietf/1id-guidelines.txt Summary for Sub-IP related Internet Drafts RELATED DOCUMENTS: See the reference section. WHERE DOES IT FIT IN THE PICTURE OF THE SUB-IP WORK This ID is intended for the PPVPN WG. WHY IS IT TARGETED AT THIS WG(s) INTERNET-DRAFT draft-andersson-ppvpn-terminolgy-00.txt 22 February, 2002 Andersson Expires August 2002 [Page 2] PPVPN deals with provider provisioned VPNs. This document describes metrics for Layer 2 Provider Provisioned Virtual Private Network services, a class of Provider Provisioned Virtual Private Networks services. JUSTIFICATION This document describes some parameters and related metrics which could be used for classifying solutions in the Layer 2 space and, possibly, for evaluating commonalities and differences, pros and cons of the functional options specific to each solution. As complementary result, the document aims to provide input to the PPVPN WG for further definition of a limited set of candidate solutions in the Layer 2 solution space, promoting commonalities and convergence among solutions in respect of the key service requirements. The parameters and related metrics under consideration are inspired from the appropriate service requirement drafts ([9], etc.) and are then relevant for evaluating the L2 solutions against significant requirements for customers and service providers. In this perspective, the metrics will be also aligned with the PPVPN Applicability Statement Guidelines document [10] and will provide input for each candidate solution-specific Layer 2 Applicability Statement. The extension of this document to Layer 3 VPNs in a further version has to be evaluated. Abstract PPVPN deals with provider provisioned VPNs. This document describes metrics for Virtual Private Networks, to be used in comparing solutions proposal and later when comparing new proposals to the existing. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [3]. Contents 1. Introduction...................................................... 3 2. Metrics........................................................... 4 2.1 Service....................................................... 4 INTERNET-DRAFT draft-andersson-ppvpn-metrics-00.txt Feb 2002 Andersson Expires August 2002 [Page 3] 2.1.1 L3-VPN............................................... 4 2.1.2 Virtual Private Wire (VPW)........................... 5 2.1.3 Virtual Private LAN Service (VPLS)................... 5 2.2 Provisioning............................................... 5 2.2.1 Static............................................... 5 2.2.2 Automatic............................................ 5 2.3 Discovery.................................................. 5 2.3.1 BGP.................................................. 5 2.3.2 Directory based...................................... 6 2.4 VPN Signaling.............................................. 6 2.4.1 L2TP................................................. 6 2.4.2 RSVP-TE.............................................. 6 2.4.3 LDP.................................................. 6 2.4.4 BGP.................................................. 7 2.5 Coupling................................................... 7 2.5.1 Coupled.............................................. 7 2.5.2 De-coupled........................................... 7 3. Reference tree.................................................... 7 3.1 Tree....................................................... 8 4. Non-metrics...................................................... 10 4.1 Tunnel technology......................................... 10 4.2 Security.................................................. 10 1. Introduction The provider provisioned VPN solutions has attracted a great deal of interest and several solutions has been proposed. There is clearly a need for an organized way of comparing the solutions and elements in the solutions. This document proposes such a method; it is based on some generic elements that have to be present/solved by every VPN. This version of the draft is very much focused on the L2 VPNs, and that is natural since it comes out of a L2 VPN design team effort. The L3 parts of this document is included to only show the potential to include a more extensive treatment of L3 VPNs in the future. Concepts and terminology in this document are according to [4]. INTERNET-DRAFT draft-andersson-ppvpn-metrics-00.txt Feb 2002 Andersson Expires August 2002 [Page 4] 2. Metrics When implementing customer VPNs in a provider network a certain set of issues has to be considered, e.g. [9], other references to be provided in later version of this document, other requirement documents, Applicability Statement Guidelines document: - Scaling, e.g. number of nodes per VPN, number of nodes per site or number of VPN per network - SLA enforcements - inter-domain reachability - provisioning - flexibility - integration and migration from existing infrastructure and services - value-add services - cost - etc. In deciding which solution to be implemented in a given situation the relevant metrics for each of the parameters below could be considered. 2.1 Service Currently we see three different types of provider provisioned VPN services. A framework for L3-VPNs is found in [5] and a framework for L2-VPNs is a planned document for the PPVPN WG. 2.1.1 L3-VPN A L3 VPN is an IP routed network, where addresses could be either from the public or private address space. Being a routed service it will scale based on how many routes the PEs are able to handle in their VRFs. Scaling properties are very good for L3VPN, and is not in general dependent on standards or specification, but rather on the networking equipment or network(s) it is implemented. More detailed treatment of L3 VPNs are for future versions of this document. INTERNET-DRAFT draft-andersson-ppvpn-metrics-00.txt Feb 2002 Andersson Expires August 2002 [Page 5] 2.1.2 Virtual Private Wire (VPW) A VPW is a VPN service that supplies a L2 point-to-point service. Being a point-to-point service where there are very few scaling issues with the service as such. Scaling issues might arise from the number of end- points that can be supported on a particular PE. 2.1.3 Virtual Private LAN Service (VPLS) A VPLS is an L2 service that in all respects emulates LAN across a Wide Area Network (WAN). Thus it also has all the scaling characteristics of a LAN. Other scaling issues might arise from the number of end-points that can be supported on a particular PE. 2.2 Provisioning To limit the effort that a service provider needs to spend on provisioning the customer VPNs are critical. 2.2.1 Static We say that a VPN is static configured if all information ˇ attachment circuits, tunnels, routing/forwarding information, QoS parameters, etc. ˇ are manually configured. 2.2.2 Automatic In an automatic configured network it is possible to enter configuration parameters on one single spot, e.g. the PE. 2.3 Discovery Discovery involves discovering e.g. VPNs and VPN end-points, in such a way that they may be connected to the VPN. The most important parameter in comparing different discovery mechanisms is the time it takes from that the information is configured until all nodes that need to know it has that information. 2.3.1 BGP A basic function in BGP is to advertise information BGP speaking peers. In VPN solutions MP-BGP is used to distribute information that is used in a PE to map traffic from an attachment circuit to a PE-to-PE tunnel and which de-multiplexor to use, and vice versa. INTERNET-DRAFT draft-andersson-ppvpn-metrics-00.txt Feb 2002 Andersson Expires August 2002 [Page 6] The scaling issues in using BGP as discovery protocol are few. The number of VPNs in a network, the number of hosts per site, the number of sites per VPN and number of VPN instances per PE is not in any way limited by the use of BGP. 2.3.2 Directory based In a directory based solution the information needed by a PE to set up tunnels and de-multiplexors are configured in a directory, the PEs supporting a particular VPN then can and go look up the information needed to establish the connectivity and other configuration information needed for that VPN. Note: For a future treatment of L3 VPNs discovery by means of Multicast IGP has to be added. 2.4 VPN Signaling VPN Signaling involves distributing information between PEs so the PE can take a local decision on setting up tunnels and de-multiplexors correctly for the sites connected to the PE. 2.4.1 L2TP Extension to L2TP to make is possible to signal information between PEs for establishing de-multiplexors has been presented in [6]. 2.4.2 RSVP-TE RSVP-TE (RSVP Tunnel Extensions) is a protocol that was developed to set up LSPs with certain constraints, e.g. bandwidth and/or explicit routes. There are proposals to use RSVP-TE in situations where only a few VPNs are present and where QoS parameters are important. 2.4.3 LDP Label Distribution Protocol (LDP) is a protocol that has been developed to distribute MPLS labels within a domain. LDP has no method defined for carrying explicit routes or QoS information. The targeted LDP makes it possible to communicate between two non- adjacent LSRs to set up de-multiplexors between PEs. LDP has a reliable delivery mechanism since it is based on TCP. Main benefit by using LDP is that it is readily available in almost any MPLS enabled IP network. INTERNET-DRAFT draft-andersson-ppvpn-metrics-00.txt Feb 2002 Andersson Expires August 2002 [Page 7] In the context of provider provisioned VPNs there are few scaling issues with LDP, LDP has however not a method to carry information across AS borders. 2.4.4 BGP BGP is a protocol that in the context of VPNs is used both for discovery and to signal necessary information (e.g. de-multiplexors) to set up end-to-end connectivity across the core network tunnels. For signalling purposes it is the Multi-Protocol extensions to BGP (MP-BGP) that is used. BGP has a reliable delivery mechanism since it is based on TCP. Main benefits by using BGP are that it has become a common denominator in networks that run MPLS based VPNs and that it by its nature is possible to use for Inter-Domain areas. In the context of provider provisioned VPNs there are few scaling issues with MP-BGP. 2.5 Coupling The concept of "coupling" relates to L2 VPNs and how the functionality needed for the service is allocated relative to the PEs; it describes how MAC-learning and signalling functions are distributed across different devices. 2.5.1 Coupled In a coupled situation all functions are located on the same physical device. 2.5.2 De-coupled In a de-coupled situation functions are distributed across at least two different physical devices. De-coupled solutions are found in [7] and [8]. 3. Reference tree By using the parameters discussed in section 2 it is possible to create a decision tree that can be used to classify the existing VPN proposals. By traversing the tree from top to bottom a short hand description of the solution is created and could easily be compared with other solutions. INTERNET-DRAFT draft-andersson-ppvpn-metrics-00.txt Feb 2002 Andersson Expires August 2002 [Page 8] 3.1 Tree INTERNET-DRAFT draft-andersson-ppvpn-metrics-00.txt Feb 2002 Andersson Expires August 2002 [Page 9] Type of Service L3VPN VPW VPLS | | | | | | | +-------------------+-+-------+ | | | | | | | | +-----------+ +-----+-+-------+--------+ | | +-+-----+ | | | | | +-----+ | +-------+ | | | || | v v v vv v Provisioning Static Automatic | | | | | +--------------+ | | | | | | | | | | | | | | | +--------------+-+ | | | | | v v v v Discovery BGP Directory based |||| | | | | +----------+||+----------------+-+-+-+-+ | || | | | | | | |+-----------+ | | | | | |+----------+------------+-----+ | | | | || |+-----------+-------+ | | | || || |+--------+ | | || || || | | vv vv vv v v Signalling L2TP RSVP-TE LDP BGP | | | | | | || | +---------+-+----------+-+------+ || | | | | | | || +--------+ | +----------+ +---+ | || | | | | | | || | | +---------+-+---+--+--+| | | | | | | | | | | |+--------+ +---+--+--+| | | || | | || | | || | | || v v vv v v vv Coupling Coupled De-Coupled Note: The L3 branch is in the tree for further study only. INTERNET-DRAFT draft-andersson-ppvpn-metrics-00.txt Feb 2002 Andersson Expires August 2002 [Page 10] 4. Non-metrics 4.1 Tunnel technology Most VPNs are implemented by means of a set of tunnels between the PEs of that service. Tunnel technology and the methods to signal the set up of the tunnel are outside the scope of this document. The establisment of the tunnel is viewed as inherent to the network; it is even conceivable that different "legs" of the VPN might use different tunnel technologies. 4.2 Security VPN technologies supply a traffic separation between customer and customer services. This is the same level of traffic separation that e.g. is supplied by traditional WAN technology based VPNs. Further security mechanisms, e.g. encryption is outside the scope of this document. Acknowledgements This document is the outcome of discussions within the PPVPN L2 VPN design team. The design team includes M Lassere, V Kopella, J Heinanen, K Kompella, E Rosen, M Borden, L Andersson, P Menezes, H Ould-Brahim and W Augustyn. Authors' Contact Loa Andersson Utfors AB R…sundav„gen 12, PO Box 525 SE-169 29 Solna, Sweden phone: +46 8 5270 5038 loa.andersson@utfors.se References [1] Bradner, S. "The Internet Standards Process -- Revision 3", frc 2026, October 1996. [2] Kompella, K. et.al "Decoupled Virtual Private LAN Services" draft-kompella-ppvpn-dtls-01.txt, Work in progress, Internet Draft, November 2001. INTERNET-DRAFT draft-andersson-ppvpn-metrics-00.txt Feb 2002 Andersson Expires August 2002 [Page 11] [3] Bradner, S. "Key words for use in RFCs to Indicate Requirement Levels", rfc 2119, March 1997. [4] Andersson, L. and Madsen T. "VPN Terminology", draft-andersson- ppvpn-terminology-00.txt", Work in Progress, Internet Draft, February 2002. [5] Callon, R. et.al. "A Framework for Layer 3 Provider Provisioned Virtual Private Networks", , Work in Progress, Internet Draft, February 2002. [6] Elwin, E. and Gowda, N. "L2TP Extensions for PPVPN", , Work in Progress, Internet draft, November 2001. [7] Kompella, K et.al "Decoupled Virtual Private LAN Services" draft-kompella-ppvpn-dtls-01.txt, Work in progress, Internet Draft, November 2001. [8] Ould-Brahim, H et.al "VPLS/LPE L2VPNs: Virtual Private LAN Services using Logical PE Architecture" draft-ouldbrahim-l2vpn- lpe-01.txt, Work in Progress, Internet Draft, November 2001. [9] Augustyn, W. et al "draft-augustyn-vpls-requirements-02.txt" Work in progress, Internet Draft, February 2002 [10] Sumimoto, J. et al "draft-sumimoto-ppvpn-applicability- guidelines-02.txt" Work in progress, Internet Draft, February 2002 This document expires on 8 August 2002. INTERNET-DRAFT draft-andersson-ppvpn-metrics-00.txt Feb 2002