ページ1に含まれる内容の要旨
CHAPTER 1
About Cisco IP Solution Center
Cisco IP Solution Center (ISC) is a carrier-class network and service-management solution for the rapid
and cost-effective delivery of IP services. IP based services targeted to enterprise customers can
represent major revenue opportunities for service providers. Success in this highly competitive market
requires the ability to effectively plan, provision, operate, and bill for such IP services.
Deploying and offering MPLS VPN services for enterprise
ページ2に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center Overview of ISC The notable ISC network elements are as follows: • ISC Network Management Subnet The ISC Network Management Subnet is required when the service provider’s service offering entails the management of CEs. The management subnet consists of the ISC workstation (where ISC is installed). On the same LAN, the service provider can optionally install one or more Processing servers. The Processing servers are responsible for executing task
ページ3に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center Overview of ISC It is not required that the set of IPv4 addresses used in any two VPNs be mutually exclusive because the PEs translate IPv4 addresses into IPv4 VPN entities by using MP-BGP with extended community attributes. The set of IP addresses used in a VPN, however, must be exclusive of the set of addresses used in the provider network. Every CE must be able to address the PEs to which it is directly attached. Thus, the IP addresses of th
ページ4に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center Overview of ISC � VLAN ID Management: ISC allocates VLAN IDs per customer and per Ethernet Service deployed. The service provider can track per Access Domain a particular allocated VLAN ID (per service or per customer or per Access Domain). ISC keeps track of the VLANs allocated and gives detailed usage information of the VLAN allocated per service, per customer, or per Access Domain. Access Domain: The Layer 2 Ethernet switching domain attach
ページ5に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center Overview of ISC Figure 1-3 Access Domain Assigned Service Provider network IP Solution Center Network Management subnet Management PE Management VPN Management CE PE Access domain Service provider MPLS core CLE-1 PE PE PE-POP 1 PE-POP 2 CE 2 CLE-2 New York CE 2 Chicago 2. All the network elements have been discovered during the Autodiscovery process, as well as the network topology (connectivity between sites). 3. The service operator wants to de
ページ6に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center Overview of ISC � Route Distinguisher (RD) pool: The IP subnets advertised by the CE routers to the PE routers are augmented with a 64-bit prefix called a route distinguisher (RD) to make them unique. The resulting 96-bit addresses are then exchanged between the PEs, using a special address family of Multiprotocol BGP (referred to as MP-BGP). The RD pool is a pool of 64-bit RD values that ISC uses to make sure the IP addresses in the network ar
ページ7に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center Overview of ISC � VRF configuration (export map, import map, maximum number of routes, VRF and RD override, and so forth) � Choice of joining the VPN as hub or spoke � Choice of interfaces on the PE, CE, and intermediate network devices All the provisioning parameters can be made editable for a service operator who will deploy the service. A service policy is defined by a network operator and used by a service operator. A service policy defines
ページ8に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center Overview of ISC Figure 1-4 Defining the User Role ISC Service Request States Provisioning States WAIT FAILED FAILED DEPLOY DEPLOY AUDIT Auditing States PENDING REQUESTED DEPLOYED FUNCTIONAL LOST BROKEN INVALID CLOSED The permissions to Create, View, Modify, and Delete are enforced for the following resources: � Persistent task � MPLS policy � SAA probe � MPLS service request � Workflow � Layer 2 VPN policy � Device � Layer 2 VPN service request �
ページ9に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center The Customer’s and Provider’s View of the Network The Customer’s and Provider’s View of the Network From the customer’s point of view, they see their internal routers communicating with their customer edge routers (CEs) from one site to another through a VPN managed by the service provider (see Figure 1-5). Figure 1-5 The Customer’s View of the Network Service provider network CE CE Gadgets, Inc's VPN Gadgets, Inc. Gadgets, Inc. Seattle New York
ページ10に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center The Customer’s and Provider’s View of the Network Figure 1-6 Service Provider’s View of the Network CE VPN 10 VPN 10 Service provider network Gadgets, Inc. CE New York City BGP Gadgets, Inc. PE-1 PE-2 Seattle MPLS core BGP BGP VPN 15 VPN 15 PE-3 VPN 10 VPN 15 CE Gizmos, Intl. CE London Gizmos, Intl. San Francisco CE CE Gadgets, Inc. Gizmos, Intl. Chicago Berlin About Provider Edge Routers (PEs) At the edge of the provider network are provider edge
ページ11に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center The Customer’s and Provider’s View of the Network A Multi-VRF CE is unlike a CE in that there is no label exchange, no LDP adjacency, and no labeled packet flow between the PE and the CE. Multi-VRF CE routers use VRF interfaces to form a VLAN-like configuration on the customer side. Each VRF on the Multi-VRF CE router is mapped to a VRF on the PE router. Figure 1-7 illustrates one method in which a Multi-VRF CE can be used. The Multi-VRF CE rou
ページ12に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center Using Templates to Customize Configuration Files Mapping IPsec Tunnels to MPLS VPNs Provisioning network-based IPsec VPNs in order to map IPsec tunnels to MPLS VPNs involves both MPLS and IPsec services in IP Solutions Center. Thus, it is necessary to create both MPLS and IPsec policies, as well as MPLS and IPsec service requests. For details, see Chapter 6, “Mapping IPsec to MPLS VPN.” The IPsec terminating router resides on the service provide
ページ13に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center Using Templates to Customize Configuration Files The template files and data files are in XML format. The template file, its data files, and all template configuration file files are mapped to a single directory. � ISC creates the initial ISC configlet. Through the Template Manager, you can create a template configuration file. You can then associate a template configuration file with a service request, which effectively merges the ISC configlet
ページ14に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center About MPLS VPNs � Audit Existing Services: Checks and evaluates configuration of deployed service to see if the service is still in effect. � Audit Routing Reports: Checks the VRF for the VPN on the PE. This report also checks if VPN connectivity is operational by evaluating reachability of the network devices in the VPN. About MPLS VPNs At its simplest, a virtual private network (VPN) is a collection of sites that share the same routing table.
ページ15に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center About MPLS VPNs Characteristics of MPLS VPNs MPLS VPNs have the following characteristics: � Multiprotocol Border Gateway Protocol-Multiprotocol (MP-BGP) extensions are used to encode customer IPv4 address prefixes into unique VPN-IPv4 Network Layer Reachability Information (NLRI) values. NLRI refers to a destination address in MP-BGP, so NLRI is considered “one routing unit.” In the context of IPv4 MP-BGP, NLRI refers to a network prefix/prefix
ページ16に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center About MPLS VPNs VPN Routing and Forwarding Tables (VRFs) The VPN routing and forwarding table (VRF) is a key element in the MPLS VPN technology. VRFs exist on PEs only (except in the case of a Multi-VRF CE). A VRF is a routing table instance, and more than one VRF can exist on a PE. A VPN can contain one or more VRFs on a PE. The VRF contains routes that should be available to a particular set of sites. VRFs use Cisco Express Forwarding (CEF) t
ページ17に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center About MPLS VPNs Figure 1-9 VRFs for Sites in Multiple VPNs Site 1 Site 4 VPN B Site 2 Site 3 VPN A VPN C ip vrf site1 ip vrf site3 Multihop MP-iBGP rd 100:1 rd 100:3 route-target export 100:1 route-target export 100:2 P P route-target import 100:1 route-target import 100:2 ip vrf site2 route-target import 100:3 rd 100:2 route-target export 100:3 route-target export 100:2 ip vrf site4 PE1 PE2 route-target import 100:2 rd 100:4 route-target import 10
ページ18に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center About MPLS VPNs � The MPLS VPN backbone relies on the appropriate Interior Gateway Protocol (IGP) that is configured for MPLS, for example, EIGRP, or OSPF. When you issue a show ip route command on a PE, you see the IGP-derived routes connecting the PEs together. Contrast that with the show ip route vrf VRF_name command, which displays routes connecting customer sites in a particular VPN. Creating a VRF Instance The configuration commands to cr
ページ19に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center About MPLS VPNs ISC chooses route target values by default, but you can override the automatically assigned RT values if necessary when you first define a CERC in the ISC software (see the “Defining CE Routing Communities” section on page 4-5). Route Target Communities The mechanism by which MPLS VPN controls distribution of VPN routing information is through the VPN route-target extended MP-BGP communities. An extended MP-BGP community is an ei
ページ20に含まれる内容の要旨
Chapter 1 About Cisco IP Solution Center About MPLS VPNs ISC supports multiple CEs per site and multiple sites connected to the same PE. Each CERC has unique route targets (RT), route distinguisher (RD) and VRF naming. After provisioning a CERC, it is a good idea to run the audit reports to verify the CERC deployment and view the topologies created by the service requests. The product supports linking two or more CE routing communities in the same VPN. Figure 1-10 shows several example