You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

MD-VPN service description

The GÉANT MD-VPN service is delivered by seamless transport infrastructure that is able to transport L3VPN (IPv4/IPv6), point-to-point L2VPN and in a near future (GN4) multipoint L2VPN over several network providers (domains). The most important interest of MD-VPN is that now providing any kind of VPN over European educational and scientist sites are now easy and fast. We expect that MD-VPN service will be a useful tool to foster the European educational and scientist collaboration.

The service is delivered jointly by NRENs and the pan-European network GÉANT and NORDUnet; This infrastructure can be joint by regional, metropolitan or campus network, campus and the MD-VPN service is  in this way extended over these  regional, metropolitan or campus networks.

The service is delivered to end-users over a point called Service Demarcation Point (SDP) at the edge of the NRENs or Regional Networks. In practice, the way the service is delivered to the end-users depends on NRENs but a widespread practice is:

  • For L3VPN in IP packets form
  • For point to point layer 2 circuit (i.e. Point-to-Point L2VPN) and Multipoint L2VPN (VPLS) in 802.1q packets form over dedicated VLANs or in a dedicated port;

Figure 1: MD-VPN infrastructure

This infrastructure allows the end-users (scientist, etc) of the IPv4/IPv6 or Layer2 networks to work as if their networks where coupled together directly (the intermediate networks are transparent for end-users). A typical scenario would be an international collaboration where a project wants to connect a number of sites from different physical locations to create a collaborative infrastructure as if they were in the same physical location; so the organization can access to the same level of security as all their sites would be in the same location. This security improvement allows very performance achievement by avoiding the usage of firewall deep inspection like with standard IP. Distributed infrastructures like Grid, cloud or HPC can typically take benefit of MD-VPN.

The MD-VPN service also provides privacy amongst different instances (VPNs) of the service i.e. the content being sent back and forth between the different sites is kept in the private entity that owns the data. This is achieved because the data flows of the MD-VPN customer are isolated from any other traffic, standard IP traffic and traffic of other the MD-VPN customers.

 

  • No labels