In-depth exploration of practical application of virtual routing domain Technology

Source: Internet
Author: User

At present, the virtual routing domain technology is also widely used. Here we mainly introduce the virtual routing domain technology, this section describes how to use vro domain technology to implement VPN and further explores vro domain technology. At present, most cities have already built IP Broadband man networks, and many cities have also expanded their man networks twice or three times. The most popular construction method is to use routers and switches to form a backbone communication network, and then configure some broadband access servers to end broadband users. VPN is a hot topic among the various user requirements in man. VPN technology is widely used. Currently, the industry is optimistic about mpls vpn. However, we should see that MPLSVPN has not been fully standardized, and there are still some problems with interworking between different manufacturers. At the same time, the cost of implementing MPLS is also relatively high. In many cities, metro networks do not fully support MPLS. Therefore, the existing broadband access server is fully utilized, using Virtual routing domain technology to achieve VPN is a more practical and feasible method.

1. Introduction to vro Domain Technology

The virtual routing domain technology is supported by most remote broadband access servers (BRAS). Its main principle is to open up multiple routing domains on a BRAS, each routing domain can run its own routing protocol for Route packet routing and forwarding. The routing domain does not interfere with each other, just as multiple independent routers are running. The number of virtual route domains supported by each BRAS ranges from several hundred to thousands, which can meet the actual needs.

2. Use vro domain technology to implement VPN

The use of virtual routing to achieve VPN is actually based on the BRAS function, the industry's popular BRAS such as REDBAK, UNISPHERE, SHASTA and so on all support the virtual routing domain function. In the actual environment, the routing domain should be reasonably configured according to the user's different circumstances.

1. Route Domain Configuration

Generally, a VPN user allocates a virtual route domain, and the domain name must clearly identify the relationship of the route domain. To save valuable routing domain resources as much as possible, you can flexibly allocate routing Domains Based on your needs. If you are located in a BRAS coverage area, you only need to allocate a route domain on the BRAS. You can use multiple forms for access, such as PPPOE and leased line. If the user is located in a region not covered by a BRAS, a route domain can be allocated to all BRAS involved by the user. The domain names on different BRAS can be the same. However, in this case, different BRAS need to be connected using tunneling technology. Generally, technologies supported by BRAS are used, such as GRE and IPSEC.

2. IP address planning

A private IP address is generally used and can be allocated by the user.

3. Location of the VPN exit

For VPN users, most of the topology is a star structure, that is, the headquarters is a centralized point, all users are connected to the headquarters through the VPN, for users who need to access the public network, set an egress for the public network. In the actual environment, there are two export methods:

(1) set an exit for the VPN domain of the institution on the BRAS connected to the headquarters. In this way, the address translation function is configured for the domain in BRAS, and the user traffic is converted from BRAS to the public IP address. This method is relatively simple for users and eliminates user maintenance. However, this method is not a good solution for operators. Because:

① This method involves address translation, which greatly consumes the available resources of BRAS and affects the performance of BRAS;

② There will be some unnecessary disputes. Once a user finds some network faults, he may first think of a problem with the operator's equipment, and the operator will face a great deal of maintenance pressure.

(2) The user's headquarters side sets two lines, one connected to the public network and the other connected to the VPN. Address translation is done by the user (you can use a vro or proxy ). For carriers, BRAS still completes existing tasks and does not consume valuable resources to complete unnecessary address translation functions. For the user, the IP address control is more powerful, and the VPN function can be better completed.

4. Access of dialing users

For telephone dial-up users to access the VPN, the dialing server and BRAS can be used in combination through the L2TP tunnel. You can configure LNS on the VPN routing domain of a BRAS, set the dialing server to LAC, and set up an AAA server at the user headquarters. When a user wants to access the VPN, a tunnel is established between the dial-up server and the LNS configured on the BRASVPN routing domain. The user information is transmitted to the AAA Server of the user headquarters for authentication, private addresses are allocated by BRAS and AAASERVER. In this way, the dial-up user is connected to the VPN, and can access the content in the VPN and access the public network through the VPN exit.

5. leased line user access

Generally, if a user's site is connected to a VPN through a leased line, the operator's interface can be directly connected to the BRAS, in this case, the port can be directly transferred into the VPN domain. However, this is a waste of valuable BRAS interfaces, which are rarely used in practice; another method is to connect to the carrier's access layer switch port, which has the problem of how to route the switch port into the BRAS domain. In practice, you can use the following method: route the vswitch port to a VLAN, and then transparently transmit the VLAN to BRAS through the vswitch, and then route the VLAN to the VPN domain on BRAS, the user's layer-3 gateway address is configured on BRAS. In this way, for BRAS, it is as if the user is directly connected to the BRAS port, which can better complete the VPN function.

6. PPPOE User Access

For PPPOE users, the user accesses the Internet by running PPPOE dialing software on the user end, and entering a fixed account and password to access the Internet. The BRAS device will identify the route domain to be connected based on the domain name after @ and assign a private address to the BRAS. In this way, PPPOE users can access the VPN. However, in the actual network environment, this does not meet the requirements of VPN. The reason is that although the user uses an account with a domain name suffix of the VPN domain, it does connect to the VPN route domain for successful VPN access, but because PPPOE technology is essentially a layer-2 technology, therefore, this private network user is often in the same PPPOEVLAN as many other users, and can communicate with each other on the second layer, which does not meet the VPN requirements. Therefore, in the actual environment, VLAN technology is often used to route the user into a single VLAN, so that the VLAN is transparently transmitted to the BRAS. In this way, the routing domain and VLAN technology are combined, complete VPN access for PPPOE users.

Description of the VPN access method adopted by PPPOE users. Other Layer 2 access technologies, such as 802.1X and DHCP, can also adopt similar routing domain and VLAN access methods, because the implementation method is the same, we will not repeat it here.

3. Further Exploration

The above describes how to use the routing domain to implement the user VPN in the IP Man. However, you should note that in order to better utilize the virtual routing domain technology, you should also pay attention to some issues in Network Planning: Virtual routing domain: because the number of virtual routing domains supported on a BRAS is limited, in order to maximize resource utilization, we should make a good plan for the number of virtual routing domains used. At the same time, when purchasing equipment, the number of Route domains or the supported VPN tunnel mode should be considered as an important indicator. VLAN: In the routing domain and VLAN method, a better planning should be provided for the VLAN, in this way, the network can be better established. On the other hand, we should pay enough attention to some new technologies emerging in the industry, such as nested VLANs. In short, it is a good choice for operators to fully explore the capabilities of existing devices and build a VPN using the virtual routing domain technology.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.