Data Sheet
Cisco MPLS for
Managed Shared Services
Enabling Greater Profitability
Cisco MPLS for Managed Shared Services is a set of features delivered in Cisco IOS® Software for enabling managed shared services for Multiprotocol Label Switching Virtual Private Networks (MPLS VPNs). Building on our leading MPLS capabilities, service providers now can provide their enterprise clients all the connectivity benefits associated with Cisco MPLS VPNs while creating additional revenue streams by providing economically attractive, IP services. Cisco has expanded its widely deployed MPLS VPN solution to include the following four technologies in Cisco IOS Software: Network Address Translation (NAT) for MPLS VPNs, On Demand Address Pools (ODAP) for MPLS VPNs, Multicast VPNs, and VPN Select. With these key new technologies, enterprise IP services can now be moved from the enterprise network into the service provider's MPLS VPN network, and shared across multiple VPNs for greater operational leverage and economies of scale.
Cisco MPLS for Managed Shared Services eliminates many of the problems—such as poor efficiency in resource utilization, high traffic loads, and management complexity—commonly associated with delivering advanced services to MPLS VPN customers. The Cisco MPLS technology incorporates features for more effectively managing shared IP services, delivering multicast-based services, and for adding flexibility to client service selection.
The Cisco MPLS offering includes a number of VPN Routing and Forwarding (VRF) features that present opportunities for new IP services revenue streams, as well as for cost savings. Network Address Translation (NAT) for MPLS VPNs, for instance, lets service providers more cost-effectively support services such as content hosting, ERP application hosting, and Managed Internet access. Other features add support in the MPLS network for industry-standard protocols, as well as improve or automate routing control. The comprehensive collection of functions can help service providers eliminate many of their customers' expressed barriers to entry by ensuring that MPLS VPN business clients have access to the robust functionality they expect in the enterprise environment.
Cisco MPLS For Managed Shared Services also incorporates multicast VPN functionality to help service providers meet enterprise market demands for IP services essential in applications such as telecommuting. By reducing packet replication in the MPLS network, multicast VPN technology allows for massively scalable distribution of data, voice, and video streams. Utilizing multicast VPN features, service providers can leverage existing infrastructure resources to offer competitive services in video conferencing, e-learning, and other Internet-based streaming applications.
Taken together, the Cisco MPLS For Managed Shared Services features give service providers powerful new MPLS VPN functionality and versatility—without deployment or management complexity.
Network Address Translation
In today's MPLS networks, enterprises have to pay for leased links and router ports for internet connectivity in addition to VPN connectivity, as well as the operational expenses associated with internally managing NAT. While service providers can currently provide NAT services to their enterprise clients with additional router/NAT devices, it is a highly complex design. NAT for MPLS VPNs is a simpler and more flexible way to integrate NAT services within MPLS VPNs with a single network connection that provides both MPLS VPN connectivity and access to shared services.
Because NAT for MPLS VPNs offers more economical NAT services, these services can be made more appealing to enterprise clients with a resulting revenue opportunity for service providers
The Cisco NAT for MPLS VPNs feature:
- Provides a simple and more flexible way of integrating NAT with MPLS VPNs
- Automatically manages the overlapping of VPN address spaces (allowable in MPLS VPNs) to ensure addresses are mapped correctly in shared-services applications
- Provides centralized delivery of full-VPN NAT services
- Enables NAT redundancy (NAT can be configured on one or more provider edge routers)
- Eliminates the requirement for physical connectivity between a shared service and the provider network that is performing network address translations
DHCP Relay
Service providers can take advantage of another centralized service to support Dynamic Host Configuration Protocol (DHCP) clients. DHCP Relay for MPLS VPNs enables a DHCP relay agent to forward information about the DHCP request and the VPN association when forwarding client-originated DHCP packets to a DHCP server. The DHCP server can then use that information to interpret IP addresses or other parameter-assignment policies. The DHCP relay agent information option is organized as a single DHCP option that contains one or more suboptions (VPN identifier, subnet selection, and server identifier override) to convey information known by the relay agent.
In some environments, a relay agent resides in a network element that also has access to one or more MPLS VPNs. A DHCP server that must offer service to DHCP clients on those different VPNs must know about the VPN association of the DHCP and therefore includes this information in the relay agent.
DHCP Relay for MPLS VPNs capability:
- Enables network administrators to conserve address space by allowing overlapping addresses (clients on multiple VPNs can share IP addresses)
- Enables host identification in multiple VPNs or global spaces
- Maintains integrity of existing enterprise customer DHCP/addressing schemes
On-Demand Address Pools
Today, service providers face challenges when it comes to efficient management of IP address space for customers. With MPLS VPNs SPs will have to allocate their IP address pools to independent RADIUS or DHCP servers for each VPN. Once the site threshold has been reached, new addresses have to be provided manually. With ODAP for MPLS VPNs, this process can now be fully automated and offered as a shared service on one or more servers. Once the site threshold is exceeded, ODAP for MPLS VPNs automates the process of expanding the overall address pool, reducing network loading and manual configuration effort.
The Cisco ODAP for MPLS VPNs feature provides:
- Capabilities for automated control
- Support for MPLS VPNs, with addresses assigned per subnet, per interface
- Easy monitoring capabilities (pool manager can assess address utilization and expand the pool as needed)
- Simplified VPN setup (upon configuration, pool manager can request an initial subnet from the address pool server)
HSRP
Cisco MPLS For Managed Shared Services also provides Hot Standby Router Protocol (HSRP) support on MPLS VPN interfaces. This feature provides transparent "first-hop IP routing" redundancy for workstations or routers connected to interfaces within the MPLS VPN. HSRP creates a hot standby router group with a lead router that services all packets sent to the hot standby address. Other routers within the group monitor the lead router. If the lead fails, a standby router inherits the lead position as well as the hot standby address. The HSRP protocol allows specification of active routers, preemption delays, hold times, and interface status tracking.
The benefits of HSRP for MPLS VPNs include:
- Improved network availability
- Transparent network topology modifications
- Simple, centralized control of hot standby parameters
VRRP
Similar to HSRP, Virtual Router Redundancy Protocol (VRRP) allows a group of routers to function as one virtual router. Cisco MPLS For Managed Shared Services includes VRRP for MPLS VPNs by enabling the group of routers to share one virtual IP address and one virtual MAC address. One master router performs packet forwarding for the local hosts, and the rest of the routers within the group can act as backup routers to protect from failures of the master. With VRRP, the backup routers stay idle as far as packet forwarding is concerned.
The benefits of VRRP for MPLS VPNs include:
- Improved network availability
- Standards based protocol
- The flexibility to choose the protocol that best suits each environment
Multicast VPN
Without integration of multicast support with MPLS VPNs, wide-scale distribution of large data, voice, and video streams is extremely inefficient. For example, full mesh GRE tunnels are currently required to send multicast traffic between sites within a VPN. This results in an unscalable and inefficient network design. By implementing native multicast functionality inside their MPLS VPN networks, service providers can now monetize multicast services. SPs can utilize current resources to support bandwidth-hungry streaming services such as telecommuting, video conferencing, e-learning, and a host of other business applications. Cisco Multicast VPN technology helps improve efficiency of bandwidth-hungry applications of enterprise networks by eliminating the packet replication and performance issues associated with distribution of multicast traffic.
Multicast VPN benefits service providers by:
- Enabling service provider's with MPLS VPN networks to offer multicast services to their enterprise clients
- Minimizing configuration time and complexity—configuration is required only at edge routers
- Ensuring transparency of the service provider network
- Providing the ability to easily build advanced enterprise-friendly services such as Virtual Multicast Networks
- Increasing network scalability
Ping and Traceroute
These enhancements provide simple-to-use mechanisms for testing network connections. By sending out short messages to designated servers (Ping) or along specified routes (Traceroute), the utilities allow network managers to quickly assess that a server or connection is up and running. These features are now VPN aware and can detect VPN specific faults.
The benefits of VRF Aware Ping and Traceroute include:
- Rapid fault detection for MPLS VPNs
- Ease of use with a variety of servers and network equipment
VPN Select
VPN Select allows access providers to offer VPN connectivity to broadband customers by extending the VPNs offered by SPs into access network. Broadband customer can now connect to any ISP that provides VPN capabilities. This opens a new market for service providers, who can now offer corporate VPN connectivity to broadband users.
VPN Select removes the restrictive association of a VPN to a single interface. A specified interface can route packets to any number of different VPNs, based on the source Internet Protocol (IP) address of the packet. This capability adds versatility to the service offering, and of particular importance for the global enterprise, allows remote users to connect to the corporate VPN irrespective of their access providers.
VPN Select enables:
- Decoupling of the association between a VPN and a single interface
- Cable and DSL environment support of multiple customers on a single interface (customers are placed within a VPN context based on their source IP address)
- Mapping of DSL and cable customers to any ISP that provides VPN capabilities
- Remote user connection to VPNs, regardless of the access provider
Platform Support
Current platform support for each of the Cisco MPLS For Managed Shared Services features can be accessed through the Cisco Feature Navigator at http://www.cisco.com/go/fn/.
Table 1: Key Features of Cisco MPLS For Managed Shared Services
| Categories and Features | Function | Benefits |
|---|---|---|
| NAT |
NAT for MPLS VPNs creates unique translations per VPN, allowing access to shared services even though addresses overlap |
Increased SP revenues with outsourcing of NAT services; efficient shared services delivery; simpler central management of resources; reduced network complexity and costs for the enterprise |
| DHCP Relay |
Enables a DHCP relay agent to forward VPN association to a DHCP server so that addresses can be allocated per VPN |
Availability of enterprise-essential protocols/services; maintenance of existing DHCP/addressing plans; conservation of address space |
| ODAP |
On-demand creation and assignment of addresses from pool; addresses are assigned per subnet, per VPN |
Automates IP address assignment from shared DHCP server or RADIUS server; necessary for efficiently implementing and managing VPNs |
| HSRP |
Provides first hop redundancy to VPN sites |
High network availability and transparent topology changes |
| VRRP |
Enables a group of routers to function as a single router, sharing one virtual IP address and one virtual MAC address |
High network availability; protocol selection to match environmental requirements |
| Multicast VPN |
Native, integrated support for multicast with MPLS VPNs |
Better utilization of infrastructure resources for enterprises; broader application services (videoconferencing, e-learning) availability from service providers |
| Ping and Traceroute |
Enables monitoring of packet transmissions and device status on a per VPN basis |
Rapid fault detection |
| VPN Select |
Switches packets to the appropriate VRF Selection table based on source IP address of the packets |
Support for client preferences in ISPs; remote connection to VPNs, irrespective of access provider; support for multiple VPNs per interface; greater scalability and redundancy |
Summary
Cisco MPLS For Managed Shared Services represents the next step on a continuum of MPLS VPN developments designed to increase functionality and to simplify management and deployment of new services in the MPLS VPN structure. The key features are summarized in Table 1. The latest Cisco MPLS capabilities offer service providers:
- Support for expanded service offerings such as Multicast VPNs, and broadband services utilizing VPN Select
- Technical functionality required to support advanced value-added services such as managed security and network services, and platform services
- Simpler implementation and scaling of full-mesh topologies
- Reduced management expenses
- Improved utilization of existing resources resulting in reduced capital expenditures
- Increased capability to attract and retain enterprise customers requiring robust functionality and broad protocol support