Page History

High Level Description

Overview

The GÉANT L3VPN service offers the National Research and Education Networks (NRENs) the ability to profit from the network reach and versatility of the GÉANT network for multi-point to multi-point connections over great distances.

Many research projects require the additional security and reassurance of a Virtual Private Network (VPN) to ensure data services are isolated from general IP traffic. GÉANT L3VPN can provide privately routed networks over the existing GÉANT infrastructure from/to any connected locations in Europe, North America and China. This allows for a higher level of separation from the global IP routing information, when required. By creating a virtual IP network, all sites on the VPN can flexibly communicate without the need to set-up separate networks. These VPN sites will also benefit from the confidentiality and security of a private infrastructure.

L3VPN offers a cost-effective solution for teams requiring many-to-many site connectivity support where GÉANT Plus virtual circuits would be too complex to administer.

The service is delivered over the GÉANT IP network, and takes full advantage of the statistical multiplexing available at the IP layer. It is available for all NRENs and shares the NREN’s existing IP capacity. The service is offered over a VLAN on the existing IP port. Per-VLAN rate limiting is available, if required, and should be specified at the time of the L3VPN request. 

Technical Description

Infrastructure

The Multi-Protocol Label Switching (MPLS) Layer 3 VPNs use a peer-to-peer model that uses Border Gateway Protocol (BGP) to distribute VPN-related information. This highly scalable, peer-to-peer model allows NRENS to outsource routing information to GÉANT, creating a large-scale virtual router.

Technical Parameters

This section highlights the parameters defining the standard service offered.

    L3VPN interface connection

    New L3VPNs are setup using VLAN over the same interface supporting the NREN’s IP subscription.  If the L3VPN requires a new port, standard (one-off) port price will be charged.

    L3VPN prefix limits

    The total number of dynamic routes that a customer is allowed to send into the GÉANT network per location and per VPN is limited to 1000 routes per Virtual Routing and Forwarding (VRF), and 30 routes per connected site.

    L3VPN limitation per interface

    The IP capacity is limited by the NREN’s IP subscription. The setup of up to 10 (ten) L3VPNs (on existing interfaces) is offered at no additional charge to the NRENs. Above that threshold, a €10k/year fee will be charged per NREN for every additional 10 VPNs configured on the NREN’s access.    

    L3VPN participant limit per instance

    For L3VPN design involving more than 12 sites, or where the design involves connectors outside the GÉANT consortium (non-EU NRENs or organisations not connected to EU NRENs), a request for quote (RFQ) should be issued.

More information on the offered solutions can be found on the Partner Portal: https://partner.geant.net

Demarcation Points

The management demarcation point between DANTE and the NREN is a port on the Optical Distribution Frame (ODF) rack.

The exact port will be specified at the time of the connection. The responsibility of the GÉANT Operations Centre (OC) ends at the declared demarcation point, patching beyond that point is the responsibility of the ordering NREN.

Connections to Destinations Outside of Europe

Although the primary focus of the GÉANT L3VPN service is to offer European NRENs the ability to quickly and flexibly provision multi-point to multi-point connections, it is possible to extend this network reach even further. As the GÉANT L3VPN service leverages the IP infrastructure, NRENs connected to the GÉANT network can reach Internet2 and ESnet in the US and Canarie in Canada.

The possibility of extending an NREN’s global reach can be discussed on a case-by-case basis, as the remote end of the network needs to be able to accept circuits and enable BGP sessions. For further information, please contact the GÉANT Partner Relations Team: partner-relations@geant.netorg

Access to a Bespoke Solution

If the requirement for multi-point to multi-point connection does not fit the current description of the service, the GÉANT Partner Relations Team can be contacted to evaluate the feasibility of a bespoke implementation (partner-relations@geant.netorg). Such implementations may incur extra costs.

Service Description

Availability Target

GÉANT L3VPN is delivered over the highly resilient IP network, and as such, offers extremely high availability:

    99.999% in the core backbone    99.4% 9% (across GÉANT, including client interfaces)

The service, client interface to client interface is defined as a single-homed, unprotected service, but the inherent structure of the network allows for service availability over 99.4%.

The GÉANT L3VPN is considered unavailable when the point-to-point virtual connection is not able to transit traffic because of an outage on the GÉANT Backbone.

Time to Fix a Fault and Time to Respond Target

The targeted time to fix a fault on the network applies only to hardware issues in the GÉANT backbone.

The GÉANT OC provides 24×7 support throughout the year. Notifications are issued to the affected partner within 15 minutes of incident detection by a central network monitoring system.

Request procedure, service implementation and delivery time

Requesting Additional GÉANT Access Capacity

The bandwidth capacity used by the L3VPN service is part of the involved NRENs GÉANT IP subscriptions. If more capacity is needed, NRENs only need to increase their access capacity.

For any further details please contact the GÉANT Partner Relations Team: partner-relations@geant.net.org

Service Implementation and Delivery Time