📄 rfc2764.txt
字号:
Network Working Group B. GleesonRequest for Comments: 2764 A. LinCategory: Informational Nortel Networks J. Heinanen Telia Finland G. Armitage A. Malis Lucent Technologies February 2000 A Framework for IP Based Virtual Private NetworksStatus of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.Copyright Notice Copyright (C) The Internet Society (2000). All Rights Reserved.IESG Note This document is not the product of an IETF Working Group. The IETF currently has no effort underway to standardize a specific VPN framework.Abstract This document describes a framework for Virtual Private Networks (VPNs) running across IP backbones. It discusses the various different types of VPNs, their respective requirements, and proposes specific mechanisms that could be used to implement each type of VPN using existing or proposed specifications. The objective of this document is to serve as a framework for related protocol development in order to develop the full set of specifications required for widespread deployment of interoperable VPN solutions.Gleeson, et al. Informational [Page 1]
RFC 2764 IP Based Virtual Private Networks February 2000Table of Contents 1.0 Introduction ................................................ 4 2.0 VPN Application and Implementation Requirements ............. 5 2.1 General VPN Requirements .................................... 5 2.1.1 Opaque Packet Transport: ................................. 6 2.1.2 Data Security ............................................. 7 2.1.3 Quality of Service Guarantees ............................. 7 2.1.4 Tunneling Mechanism ....................................... 8 2.2 CPE and Network Based VPNs .................................. 8 2.3 VPNs and Extranets .......................................... 9 3.0 VPN Tunneling ............................................... 10 3.1 Tunneling Protocol Requirements for VPNs .................... 11 3.1.1 Multiplexing .............................................. 11 3.1.2 Signalling Protocol ....................................... 12 3.1.3 Data Security ............................................. 13 3.1.4 Multiprotocol Transport ................................... 14 3.1.5 Frame Sequencing .......................................... 14 3.1.6 Tunnel Maintenance ........................................ 15 3.1.7 Large MTUs ................................................ 16 3.1.8 Minimization of Tunnel Overhead ........................... 16 3.1.9 Flow and congestion control ............................... 17 3.1.10 QoS / Traffic Management ................................. 17 3.2 Recommendations ............................................. 18 4.0 VPN Types: Virtual Leased Lines ............................ 18 5.0 VPN Types: Virtual Private Routed Networks ................. 20 5.1 VPRN Characteristics ........................................ 20 5.1.1 Topology .................................................. 23 5.1.2 Addressing ................................................ 24 5.1.3 Forwarding ................................................ 24 5.1.4 Multiple concurrent VPRN connectivity ..................... 24 5.2 VPRN Related Work ........................................... 24 5.3 VPRN Generic Requirements ................................... 25 5.3.1 VPN Identifier ............................................ 26 5.3.2 VPN Membership Information Configuration .................. 27 5.3.2.1 Directory Lookup ........................................ 27 5.3.2.2 Explicit Management Configuration ....................... 28 5.3.2.3 Piggybacking in Routing Protocols ....................... 28 5.3.3 Stub Link Reachability Information ........................ 30 5.3.3.1 Stub Link Connectivity Scenarios ........................ 30 5.3.3.1.1 Dual VPRN and Internet Connectivity ................... 30 5.3.3.1.2 VPRN Connectivity Only ................................ 30 5.3.3.1.3 Multihomed Connectivity ............................... 31 5.3.3.1.4 Backdoor Links ........................................ 31 5.3.3.1 Routing Protocol Instance ............................... 31 5.3.3.2 Configuration ........................................... 33 5.3.3.3 ISP Administered Addresses .............................. 33 5.3.3.4 MPLS Label Distribution Protocol ........................ 33Gleeson, et al. Informational [Page 2]
RFC 2764 IP Based Virtual Private Networks February 2000 5.3.4 Intra-VPN Reachability Information ........................ 34 5.3.4.1 Directory Lookup ........................................ 34 5.3.4.2 Explicit Configuration .................................. 34 5.3.4.3 Local Intra-VPRN Routing Instantiations ................. 34 5.3.4.4 Link Reachability Protocol .............................. 35 5.3.4.5 Piggybacking in IP Backbone Routing Protocols ........... 36 5.3.5 Tunneling Mechanisms ...................................... 36 5.4 Multihomed Stub Routers ..................................... 37 5.5 Multicast Support ........................................... 38 5.5.1 Edge Replication .......................................... 38 5.5.2 Native Multicast Support .................................. 39 5.6 Recommendations ............................................. 40 6.0 VPN Types: Virtual Private Dial Networks ................... 41 6.1 L2TP protocol characteristics ............................... 41 6.1.1 Multiplexing .............................................. 41 6.1.2 Signalling ................................................ 42 6.1.3 Data Security ............................................. 42 6.1.4 Multiprotocol Transport ................................... 42 6.1.5 Sequencing ................................................ 42 6.1.6 Tunnel Maintenance ........................................ 43 6.1.7 Large MTUs ................................................ 43 6.1.8 Tunnel Overhead ........................................... 43 6.1.9 Flow and Congestion Control ............................... 43 6.1.10 QoS / Traffic Management ................................. 43 6.1.11 Miscellaneous ............................................ 44 6.2 Compulsory Tunneling ........................................ 44 6.3 Voluntary Tunnels ........................................... 46 6.3.1 Issues with Use of L2TP for Voluntary Tunnels ............. 46 6.3.2 Issues with Use of IPSec for Voluntary Tunnels ............ 48 6.4 Networked Host Support ...................................... 49 6.4.1 Extension of PPP to Hosts Through L2TP .................... 49 6.4.2 Extension of PPP Directly to Hosts: ...................... 49 6.4.3 Use of IPSec .............................................. 50 6.5 Recommendations ............................................. 50 7.0 VPN Types: Virtual Private LAN Segment ..................... 50 7.1 VPLS Requirements ........................................... 51 7.1.1 Tunneling Protocols ....................................... 51 7.1.2 Multicast and Broadcast Support ........................... 52 7.1.3 VPLS Membership Configuration and Topology ................ 52 7.1.4 CPE Stub Node Types ....................................... 52 7.1.5 Stub Link Packet Encapsulation ............................ 53 7.1.5.1 Bridge CPE .............................................. 53 7.1.5.2 Router CPE .............................................. 53 7.1.6 CPE Addressing and Address Resolution ..................... 53 7.1.6.1 Bridge CPE .............................................. 53 7.1.6.2 Router CPE .............................................. 54 7.1.7 VPLS Edge Node Forwarding and Reachability Mechanisms ..... 54 7.1.7.1 Bridge CPE .............................................. 54Gleeson, et al. Informational [Page 3]
RFC 2764 IP Based Virtual Private Networks February 2000 7.1.7.2 Router CPE .............................................. 54 7.2 Recommendations ............................................. 55 8.0 Summary of Recommendations .................................. 55 9.0 Security Considerations ..................................... 56 10.0 Acknowledgements ........................................... 56 11.0 References ................................................. 56 12.0 Author Information ......................................... 61 13.0 Full Copyright Statement ................................... 621.0 Introduction This document describes a framework for Virtual Private Networks (VPNs) running across IP backbones. It discusses the various different types of VPNs, their respective requirements, and proposes specific mechanisms that could be used to implement each type of VPN using existing or proposed specifications. The objective of this document is to serve as a framework for related protocol development in order to develop the full set of specifications required for widespread deployment of interoperable VPN solutions. There is currently significant interest in the deployment of virtual private networks across IP backbone facilities. The widespread deployment of VPNs has been hampered, however, by the lack of interoperable implementations, which, in turn, derives from the lack of general agreement on the definition and scope of VPNs and confusion over the wide variety of solutions that are all described by the term VPN. In the context of this document, a VPN is simply defined as the 'emulation of a private Wide Area Network (WAN) facility using IP facilities' (including the public Internet, or private IP backbones). As such, there are as many types of VPNs as there are types of WANs, hence the confusion over what exactly constitutes a VPN. In this document a VPN is modeled as a connectivity object. Hosts may be attached to a VPN, and VPNs may be interconnected together, in the same manner as hosts today attach to physical networks, and physical networks are interconnected together (e.g., via bridges or routers). Many aspects of networking, such as addressing, forwarding mechanism, learning and advertising reachability, quality of service (QoS), security, and firewalling, have common solutions across both physical and virtual networks, and many issues that arise in the discussion of VPNs have direct analogues with those issues as implemented in physical networks. The introduction of VPNs does not create the need to reinvent networking, or to introduce entirely new paradigms that have no direct analogue with existing physical networks. Instead it is often useful to first examine how a particular issue is handled in a physical network environment, and then apply the same principle to an environment which containsGleeson, et al. Informational [Page 4]
RFC 2764 IP Based Virtual Private Networks February 2000 virtual as well as physical networks, and to develop appropriate extensions and enhancements when necessary. Clearly having mechanisms that are common across both physical and virtual networks facilitates the introduction of VPNs into existing networks, and also reduces the effort needed for both standards and product development, since existing solutions can be leveraged. This framework document proposes a taxonomy of a specific set of VPN types, showing the specific applications of each, their specific requirements, and the specific types of mechanisms that may be most appropriate for their implementation. The intent of this document is to serve as a framework to guide a coherent discussion of the specific modifications that may be needed to existing IP mechanisms in order to develop a full range of interoperable VPN solutions. The document first discusses the likely expectations customers have of any type of VPN, and the implications of these for the ways in which VPNs can be implemented. It also discusses the distinctions between Customer Premises Equipment (CPE) based solutions, and network based solutions. Thereafter it presents a taxonomy of the various VPN types and their respective requirements. It also outlines suggested approaches to their implementation, hence also pointing to areas for future standardization. Note also that this document only discusses implementations of VPNs⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -