rfc2764.txt

<VC++网络游戏建摸与实现>源代码

   AAL5 payload are opaque to the ISP node, and are not examined there.

               +--------+      -----------       +--------+
   +---+       | ISP    |     ( IP        )      | ISP    |      +---+
   |CPE|-------| edge   |-----( backbone  ) -----| edge   |------|CPE|
   +---+ ATM   | node   |     (           )      | node   |  ATM +---+
         VCC   +--------+      -----------       +--------+  VCC

                      <--------- IP Tunnel -------->

   10.1.1.5                subnet = 10.1.1.4/30              10.1.1.6
          Addressing used by customer (transparent to provider)


                          Figure 4.1: VLL Example

   To a customer it looks the same as if a single ATM VCC or Frame Relay
   circuit were used to interconnect the CPE devices, and the customer
   could be unaware that part of the circuit was in fact implemented
   over an IP backbone.  This may be useful, for example, if a provider
   wishes to provide a LAN interconnect service using ATM as the network
   interface, but does not have an ATM network that directly
   interconnects all possible customer sites.

   It is not necessary that the two links used to connect the CPE
   devices to the ISP nodes be of the same media type, but in this case
   the ISP nodes cannot treat the traffic in an opaque manner, as
   described above.  Instead the ISP nodes must perform the functions of
   an interworking device between the two media types (e.g., ATM and
   Frame Relay), and perform functions such as LLC/SNAP to NLPID
   conversion, mapping between ARP protocol variants and performing any
   media specific processing that may be expected by the CPE devices
   (e.g., ATM OAM cell handling or Frame Relay XID exchanges).

   The IP tunneling protocol used must support multiprotocol operation
   and may need to support sequencing, if that characteristic is
   important to the customer traffic.  If the tunnels are established
   using a signalling protocol, they may be set up in a data driven
   manner, when a frame is received from a customer link and no tunnel
   exists, or the tunnels may be established at provisioning time and
   kept up permanently.




Gleeson, et al.              Informational                     [Page 19]

RFC 2764           IP Based Virtual Private Networks       February 2000


   Note that the use of the term 'VLL' in this document is different to
   that used in the definition of the Diffserv Expedited Forwarding Per
   Hop Behaviour (EF-PHB) [30].  In that document a VLL is used to mean
   a low latency, low jitter, assured bandwidth path, which can be
   provided using the described PHB. Thus the focus there is primarily
   on link characteristics that are temporal in nature. In this document
   the term VLL does not imply the use of any specific QoS mechanism,
   Diffserv or otherwise.  Instead the focus is primarily on link
   characteristics that are more topological in nature, (e.g., such as
   constructing a link which includes an IP tunnel as one segment of the
   link). For a truly complete emulation of a link layer both the
   temporal and topological aspects need to be taken into account.

5.0  VPN Types:  Virtual Private Routed Networks

5.1  VPRN Characteristics

   A Virtual Private Routed Network (VPRN) is defined to be the
   emulation of a multi-site wide area routed network using IP
   facilities.  This section looks at how a network-based VPRN service
   can be provided.  CPE-based VPRNs are also possible, but are not
   specifically discussed here.  With network-based VPRNs many of the
   issues that need to be addressed are concerned with configuration and
   operational issues, which must take into account the split in
   administrative responsibility between the service provider and the
   service user.

   The distinguishing characteristic of a VPRN, in comparison to other
   types of VPNs, is that packet forwarding is carried out at the
   network layer.  A VPRN consists of a mesh of IP tunnels between ISP
   routers, together with the routing capabilities needed to forward
   traffic received at each VPRN node to the appropriate destination
   site.  Attached to the ISP routers are CPE routers connected via one
   or more links, termed 'stub' links.  There is a VPRN specific
   forwarding table at each ISP router to which members of the VPRN are
   connected.  Traffic is forwarded between ISP routers, and between ISP
   routers and customer sites, using these forwarding tables, which
   contain network layer reachability information (in contrast to a
   Virtual Private LAN Segment type of VPN (VPLS) where the forwarding
   tables contain MAC layer reachability information - see section 7.0).

   An example VPRN is illustrated in the following diagram, which shows
   3 ISP edge routers connected via a full mesh of IP tunnels, used to
   interconnect 4 CPE routers.  One of the CPE routers is multihomed to
   the ISP network.  In the multihomed case, all stub links may be
   active, or, as shown, there may be one primary and one or more backup
   links to be used in case of failure of the primary.  The term '
   backdoor' link is used to refer to a link between two customer sites



Gleeson, et al.              Informational                     [Page 20]

RFC 2764           IP Based Virtual Private Networks       February 2000


   that does not traverse the ISP network.

   10.1.1.0/30 +--------+                       +--------+ 10.2.2.0/30
   +---+       | ISP    |     IP tunnel         | ISP    |       +---+
   |CPE|-------| edge   |<--------------------->| edge   |-------|CPE|
   +---+ stub  | router |     10.9.9.4/30       | router |  stub +---+
         link  +--------+                       +--------+  link   :
                |   ^  |                         |   ^             :
                |   |  |     ---------------     |   |             :
                |   |  +----(               )----+   |             :
                |   |       ( IP BACKBONE   )        |             :
                |   |       (               )        |             :
                |   |        ---------------         |             :
                |   |               |                |             :
                |   |IP tunnel  +--------+  IP tunnel|             :
                |   |           | ISP    |           |             :
                |   +---------->| edge   |<----------+             :
                |   10.9.9.8/30 | router | 10.9.9.12/30            :
          backup|               +--------+                 backdoor:
           link |                |      |                    link  :
                |      stub link |      |  stub link               :
                |                |      |                          :
                |             +---+    +---+                       :
                +-------------|CPE|    |CPE|.......................:
                10.3.3.0/30   +---+    +---+      10.4.4.0/30


                         Figure 5.1: VPRN Example

   The principal benefit of a VPRN is that the complexity and the
   configuration of the CPE routers is minimized.  To a CPE router, the
   ISP edge router appears as a neighbor router in the customer's
   network, to which it sends all traffic, using a default route.  The
   tunnel mesh that is set up to transfer traffic extends between the
   ISP edge routers, not the CPE routers.  In effect the burden of
   tunnel establishment and maintenance and routing configuration is
   outsourced to the ISP.  In addition other services needed for the
   operation of a VPN such as the provision of a firewall and QoS
   processing can be handled by a small number of ISP edge routers,
   rather than a large number of potentially heterogeneous CPE devices.
   The introduction and management of new services can also be more
   easily handled, as this can be achieved without the need to upgrade
   any CPE equipment.  This latter benefit is particularly important
   when there may be large numbers of residential subscribers using VPN
   services to access private corporate networks.  In this respect the
   model is somewhat akin to that used for telephony services, whereby
   new services (e.g., call waiting) can be introduced with no change in
   subscriber equipment.



Gleeson, et al.              Informational                     [Page 21]

RFC 2764           IP Based Virtual Private Networks       February 2000


   The VPRN type of VPN is in contrast to one where the tunnel mesh
   extends to the CPE routers, and where the ISP network provides layer
   2 connectivity alone.  The latter case can be implemented either as a
   set of VLLs between CPE routers (see section 4.0), in which case the
   ISP network provides a set of layer 2 point-to-point links, or as a
   VPLS (see section 7.0), in which case the ISP network is used to
   emulate a multiaccess LAN segment.  With these scenarios a customer
   may have more flexibility (e.g., any IGP or any protocol can be run
   across all customer sites) but this usually comes at the expense of a
   more complex configuration for the customer.  Thus, depending on
   customer requirements, a VPRN or a VPLS may be the more appropriate
   solution.

   Because a VPRN carries out forwarding at the network layer, a single
   VPRN only directly supports a single network layer protocol.  For
   multiprotocol support, a separate VPRN for each network layer
   protocol could be used, or one protocol could be tunneled over
   another (e.g., non-IP protocols tunneled over an IP VPRN) or
   alternatively the ISP network could be used to provide layer 2
   connectivity only, such as with a VPLS as mentioned above.

   The issues to be addressed for VPRNs include initial configuration,
   determination by an ISP edge router of the set of links that are in
   each VPRN, the set of other routers that have members in the VPRN,
   and the set of IP address prefixes reachable via each stub link,
   determination by a CPE router of the set of IP address prefixes to be
   forwarded to an ISP edge router, the mechanism used to disseminate
   stub reachability information to the correct set of ISP routers, and
   the establishment and use of the tunnels used to carry the data
   traffic.  Note also that, although discussed first for VPRNs, many of
   these issues also apply to the VPLS scenario described later, with
   the network layer addresses being replaced by link layer addresses.

   Note that VPRN operation is decoupled from the mechanisms used by the
   customer sites to access the Internet.  A typical scenario would be
   for the ISP edge router to be used to provide both VPRN and Internet
   connectivity to a customer site.  In this case the CPE router just
   has a default route pointing to the ISP edge router, with the latter
   being responsible for steering private traffic to the VPRN and other
   traffic to the Internet, and providing firewall functionality between
   the two domains.  Alternatively a customer site could have Internet
   connectivity via an ISP router not involved in the VPRN, or even via
   a different ISP.  In this case the CPE device is responsible for
   splitting the traffic into the two domains and providing firewall
   functionality.






Gleeson, et al.              Informational                     [Page 22]

RFC 2764           IP Based Virtual Private Networks       February 2000


5.1.1  Topology

   The topology of a VPRN may consist of a full mesh of tunnels between
   each VPRN node, or may be an arbitrary topology, such as a set of
   remote offices connected to the nearest regional site, with these
   regional sites connected together via a full or partial mesh.  With
   VPRNs using IP tunnels there is much less cost assumed with full
   meshing than in cases where physical resources (e.g., a leased line)
   must be allocated for each connected pair of sites, or where the
   tunneling method requires resources to be allocated in the devices
   used to interconnect the edge routers (e.g., Frame Relay DLCIs).  A
   full mesh topology yields optimal routing, since it precludes the
   need for traffic between two sites to traverse a third.  Another
   attraction of a full mesh is that there is no need to configure
   topology information for the VPRN.  Instead, given the member routers
   of a VPRN, the topology is implicit.  If the number of ISP edge
   routers in a VPRN is very large, however, a full mesh topology may
   not be appropriate, due to the scaling issues involved, for example,
   the growth in the number of tunnels needed between sites, (which for
   n sites is n(n-1)/2), or the number of routing peers per router.
   Network policy may also lead to non full mesh topologies, for example
   an administrator may wish to set up the topology so that traffic
   between two remote sites passes through a central site, rather than
   go directly between the remote sites.  It is also necessary to deal
   with the scenario where there is only partial connectivity across the
   IP backbone under certain error conditions (e.g. A can reach B, and B
   can reach C, but A cannot reach C directly), which can occur if
   policy routing is being used.

   For a network-based VPRN, it is assumed that each customer site CPE
   router connects to an ISP edge router through one or more point-to-
   point stub links (e.g. leased lines, ATM or Frame Relay connections).
   The ISP routers are r