Introduction VPN On NGN (v5)

1
GII THIU DCH V VPN

TRN MNG TH H MI

Msc. Nguyn Nam Long
i iu hnh Chuyn Mch Lin tnh
Trung Tm Vin thng Khu vc II

TP HCM ngy 20/05/2005
2
S MNG NGN
HiQ4000
HiQ9200
HiQ20/30
HiR200
NetManager
HiQ9200
HiQ20/30
HiR200
NetManager/
Boot Remote
HANOI HCM
MG-HTY
PSTN-HTY
PSTN-HBH
PSTN-LCU
PSTN-SLA DSLAM HUB/
ATM Concentrator
(HTY,BHB,LCU,SLA)
ERX-1410
MSS+BRAS
(HTY)
MG-PTO
PSTN-PTO
PSTN-VPC
PSTN-LCI
PSTN-YBI
DSLAM/
DSLAM HUB/
ATM Concentrator
(PTO,VPC,LCI,YBI)
ERX-1410
MSS+BRAS
(PTO)
MG-BNH
PSTN-BGG
PSTN-BNH
PSTN-LSN
DSLAM/
DSLAM HUB/
ATM Concentrator
(BNH,BGG,LSN)
ERX-1410
MSS+BRAS
(BNH)
MG-TNN
DSLAM/
DSLAM HUB/
ATM Concentrator
(TNN,BCN,CBG,TQG,HGG)
ERX-1410
MSS+BRAS
(TNN)
PSTN-HGG
PSTN-TQG
PSTN-TNN
PSTN-BCN
PSTN-CBG
MG-HPG
DSLAM/
DSLAM HUB/
ATM Concentrator
(HPG)
ERX-1410
MSS+BRAS
(HPG)
PSTN-HPG
MG-QNH
DSLAM/
DSLAM HUB/
ATM Concentrator
(QNH)
ERX-1410
MSS+BRAS
(QNH)
PSTN-QNH
ERX-1410
MSS+BRAS
(HDG)
MG-NDH
PSTN-NDH
PSTN-TBH
PSTN-NBH
PSTN-HNM
DSLAM/
DSLAM HUB/
ATM Concentrator
(NDH,TBH,NBH,HNM)
ERX-1410
MSS+BRAS
(NDH)
MG-NAN
PSTN-NAN
PSTN-THA
PSTN-HTH
DSLAM/
DSLAM HUB/
ATM Concentrator
(NAN,THA,HTH)
ERX-1410
MSS+BRAS
(NAN)
MG-HNI
ERX-1410
MSS-HNI
DSLAM/
DSLAM HUB/
ATM Concentrator
ERX-1410
BRAS-HNI
MG-HDG
DSLAM/
DSLAM HUB/
ATM Concentrator
(HDG,HYN)
PSTN-HDG
PSTN-HYN
PSTN-HNI
VMS1
GPC1
VTI1
BDTW
ERX-1410
MSS-HCM DSLAM/
DSLAM HUB/
ATM Concentrator
ERX-1410 BRAS-125 HCM
MG-DNI
DSLAM/
DSLAM HUB/
ATM Concentrator
(DNI)
ERX-1410
MSS
(DNI)
PSTN-DNI
ERX-705 (BRAS)
MG-CTO
DSLAM/
DSLAM HUB/
ATM Concentrator
(CTO)
ERX-1410
MSS+BRAS
(CTO)
PSTN-CTO
MG-BLU
PSTN-BLU
PSTN-STG
PSTN-CMU
DSLAM/
DSLAM HUB/
ATM Concentrator
(BLU,STG,CMU)
ERX-1410
MSS+BRAS
(BLU)
MG-VTU
DSLAM/
DSLAM HUB/
ATM Concentrator
(VTU)
ERX-1410
MSS+BRAS
(VTU)
PSTN-VTU
MG-LDG
PSTN-LDG
PSTN-NTN
DSLAM/
DSLAM HUB/
ATM Concentrator
(LDG,NTN,BTN)
ERX-1410
MSS+BRAS
(LDG)
MG-TGG
PSTN-TGG
PSTN-LAN
PSTN-DTP
DSLAM/
DSLAM HUB/
ATM Concentrator
(TGG,LAN,BTE)
ERX-1410
MSS+BRAS
(TGG)
MG-VLG
PSTN-BTE
DSLAM/
DSLAM HUB/
ATM Concentrator
(VLG,TVH,TP)
ERX-1410
MSS+BRAS
(VLG)
MG-BDG
DSLAM/
DSLAM HUB/
ATM Concentrator
(BDG)
ERX-1410
MSS
(BDG)
PSTN-BDG
ERX-705
(BRAS)
PSTN-BPC
PSTN-TNH
DSLAM HUB/
ATM Concentrator
(BPC,TNH)
MG-AGG
DSLAM/
DSLAM HUB/
ATM Concentrator
(KGG)
ERX-1410
MSS
(AGG)
PSTN-AGG
ERX-705
(BRAS)
PSTN-KGG
DSLAM/
DSLAM HUB/
ATM Concentrator
(AGG)
PSTN-HCM
VMS2
VTI2
MG
HCM
MG-HUE
PSTN-QBH
PSTN-QTI
PSTN-HUE
DSLAM/
DSLAM HUB/
ATM Concentrator
(HUE,QBH,QTI)
ERX-1410
MSS+BRAS
(HUE)
MG-DNG
PSTN-QNM
PSTN-QNI
PSTN-DNG
DSLAM/
DSLAM HUB/
ATM Concentrator
(DNG,QNM,QNI)
ERX-1410
MSS+BRAS
(DNG)
MG-GLI
PSTN-DLK
PSTN-KTM
PSTN-GLI
DSLAM/
DSLAM HUB/
ATM Concentrator
(DLK)
ERX-1410
MSS+BRAS
(GLI)
DSLAM HUB/
ATM Concentrator
(GLI,KTM)
ERX-705
BRAS
MG-KHA
PSTN-BDH
PSTN-PYN
PSTN-KHA
DSLAM/
DSLAM HUB/
ATM Concentrator
(KHA,BDH,PYN)
ERX-1410
MSS+BRAS
(KHA)
VMS3
GPC3
VTI3
NetManager/
Remote
DNG
GPC2
M160
DNG
VTI
HiG 50
VDC
M160
HNI
M160
HCM
DSLAM/
DSLAM HUB/
ATM Concentrator
ERX-1410 BRAS-TBH HCM
M20 HNI M20 HCM
ER16
PSTN-BTN
PSTN-VLG
PSTN-TVH
3
Router bin ERX1410
Route B-RAS
ERX 705
Router li M160
Cc router ang s dng trong mng NGN
Router Gateway
M20
4
Router li M160
Router li M160
Router M160 :
- L Router ca Juniper ng
vai tr core Router c bng
thng ti a ln n 160 Gb/s.
- Thc hin chc nng chuyn
ti lu lng IP gia cc khu
vc.
- Gm c 3 router ca 3 min
t H Ch Minh, Nng,
H Ni lm thnh mng li ca
NGN.
5
Router bin ERX1410
Router bin ERX1410

Router ERX-1410 :
- L router ca Juniper
ng vai tr router bin c
bng thng ti a 10Gb/s
- Ly lu lng t BRAS
v HiG 1000 y ra mng
li
- Cc router ny t cc
trm vin thng ca VTN
- Cng c tnh ERX1410
kim lun vai tr BRAS.

6
Router B-RAS
ERX 705
Router Access ERX705
Router ERX- 705 :
- L router ca Juniper ng vai
tr BRAS c bng thng ti a
5 Gb/s
-u trc tip vi cc DSLAM
ca B Tnh, cc thu bao
ADSL u vo DSLAM
truy cp Internet bng rng
(Mega VNN).
-C vi Tnh c router ny nh
KGG, NI, BDG, cn cc tnh
cn li router bin ERX1410
ng lun vai tr BRAS

7
Router Gateway M20

Router Gateway M20 :
- L router ca Juniper ng
vai tr Border Gateway c
bng thng ti a 20Gb/s
-u trc tip vi M160 v
VDC.
- Chuyn lu lng IP
Internet i qua VDC

Router Gateway M20
8
nh ngha: Mng ring o (VPN : Virtual private
network ) l mt mng ring ca khch hng da
trn c s h tng mng cng cng dng chung.
Vn phng
Trung tm
Lm vic
ti nh
POP
Nhn vin
Vn phng
Chi nhnh
Vn phng
i din
i tc
Virtual Private
Network
Mng ring o (VPN)
9
PE
PE
CPE
CPE
Subscriber
Site 3
PP-VPN
Subscriber
Site 2
CPE
PE CPE
PE PE
PE
CPE
CPE
CPE-VPN
VPN Tunnel
Subscriber
Site 1
Subscriber
Site 3
Subscriber
Site 2
VPN
Subscriber
Site 1
Phn loi VPN
- Network-based : l VPN
c cu hnh trn cc
thit b ca nh cung cp
dch v v c qun l
bi nh cung cp dch v.
MPLS VPN l mt tiu
biu ca loi ny.
- Customer-based: l VPN
c cu hnh trn cc thit
b ca khch hng s dng
cc giao thc ng hm
xuyn qua mng cng cng,
thng thng nht l dng
giao thc IPSec .
VPN c chia thnh hai loi chnh :
10
L dch v VPN Network-based da vo cng
ngh MPLS trn nn tng NGN: Layer 3
BGP/MPLS/VPN. Tn thng hiu l MegaWAN, (hay
cn gi l mng xDSL-WAN, IP/VPN)
Dch v mng ring o do VTN cung cp
Dch v Mng ring o do VTN cung cp l g ?
VPN
11
- m bo bng thng n nh ng cam kt (chnh lch
khng qu 20%). Tt c cc thit b tham gia vo VPN
(BRAS, DSLAM Hub, DSLAM, Modem) u phi khai
bo CBR vi bng thng cam kt vi khch hng.
- Mm do, d cu hnh, trin khai nhanh chng . Vic cu
hnh mng do VTN m nhn, khch hng ch cn thng
bo cho v tnh trng mng hin ti hoc mng trong tng
lai.
- Tnh bo mt cao hn.

u im ca VPN do VTN cung cp so vi cc VPN khc
12

MPLS vit tt ca ch MultiProtocol Label Switching l
mt k thut forwarding dng forward traffic qua mng
da trn nhn c gn vo traffic.
Gi tin vo vng MPLS s c gn mt nhn c nh, sau
khi qua tng router trong vng MPLS s c gn thm
mt nhn khc v c nh tuyn n router k tip trong
vng , ti router k tip cng vic bc nhn c v gn nhn
mi s xy ra lin tc cho n router cui cng trong vng
MPLS th gi tin s c bc nhn v nh tuyn n site
ca khch hng

3
MPLS domain
PE1
PE2
P1 P2
CE1
CE2
Khi nim MPLS
13
Mo u m MPLS (1-n)
MPLS qua knh PPP v LAN s dng mo u m
chn gia mo u lp 2 v lp 3
Nhn Exp.
S
TTL
Nhn: gi tr nhn, 20 bits (0-16 d phng)
Experimental: 3 bits (trc y l trng lp dch v CoS)
Stacking bit: y ngn xp, 1 bit (1 =n cui cng trong ngn xp
nhn)
TTL: Thi gian sng, 8 bits
Mo u lp 2
( PPP, 802.3)

Mo u lp mng
v gi tin (IP)
4 Octets
1
n
Khun dng
ngn xp
nhn
Nhn MPLS
14
Kt ni n gin vi chi ph thp

Mm do, linh hot: c th va kt ni mng ring o
va truy cp Internet (nu khch hng c nhu cu)

Cung cp cho khch hng cc knh thu ring o c
tin cy cao
ng k dch v n gin: khch hng ch cn ng
k cc im v tc cng cn kt ni theo nhu cu
s dng, h thng s thc hin kt ni cc im
qua cc knh ring o
Dch v mng ring o rt thch hp cho cc c
quan, doanh nghip c nhu cu kt ni mng thng tin
hin i, hon ho, tit kim.
Li ch ca dch v mng ring o ?
15
Khch hng l cc c nhn, c quan t chc doanh
nghip Vit Nam v nc ngoi hot ng hp php ti
Vit Nam s dng dch v kt ni cc mng my tnh
trn ng dy xDSL do Tng cng ty BCVT VN cung
cp thng qua hp ng cung cp v s dng dch v
Dch v VPN c cung cp ti cc a phng, ni
cung cp dch v xDSL
i tng v phm vi cung cp dch v ?
Dch v ny thch hp cho cc doanh nghip hot
ng kinh doanh c din tri rng, gm nhiu im, c
nhu cu kt ni s liu nh: Ngn hng, Bo him, Hng
khng,...
16
thit lp mng VPN:
khch hng ch cn ng
k cc im v tc
cng cn kt ni theo nhu
cu s dng, sau h
thng NGN s thc hin kt
ni cc im qua knh
ring o.
Thit lp mng VPN nh th no ?
VPN
17
S kt ni s dng VPN
PE 1
VPN A
Site 3
CEA3
10.3/16
VPN A
Site2
CEA2
10.2/16
VPN B
Site3
CEB3
10.3/16
VPN B
Site2
CEB2
10.2/16
VPN A
Site 1
HeadQuater

CEA1
10.1/16
VPN B
Site 1
HeadQuater
CEB1
10.1/16
P
P
P
PE 2
PE 3
P
18
Mt s thut ng VPN
Provider Network (P-Network)
Mng ng trc ca nh cung cp dch v
Customer Network (C-Network)
Mng khch hng
CE router
Customer Edge Router: Router ti u khch hng thuc mng
khch hng, u ni vi PE router
PE router
Provider Edge router: Router ca nh cung cp dch v, thuc
mng ca nh cung cp, u ni vi CE router
P router
Provider (core) router: Router li ca nh cung cp.
PE
CE
P P
PE CE
CE
CE
VPN A
VPN A
VPN B VPN B
PE
19
1. Full-meshed: tt c cc im trong VPN u c th
trao i d liu trc tip vi nhau. Tt c cc CE
qung b khong a ch IP ca mng con. Cc a ch,
routing c cp nht trn cc PE.

2. Hub-and-Spoke: Ti Hub trung tm c th trao i d
liu vi tt c cc im khc trong VPN (im Hub).
Cc im khc trao i d liu vi nhau thng qua Hub
phi gi d liu n Hub ri t Hub mi i ti cc
im khc trong VPN (im Spoke).
- Nh vy Hub l im chuyn tip trung tm cho tt c
cc Spoke, kim sot c cc gi d liu trn mng.
Cu hnh VPN - Topology
20
Cc dch v VPN (cp nht 15-08-2006)
1) Cc u ni ho mng

Cc
u
ni
ho
mng
cng
Thu bao mi ADSL 600.000 VN/ln/cng
SHDSL 1.000.000VN/ln/cng
ng dy
thu bao c sn
ADSL 300.000VN/ln/cng
SHDSL 700.000VN/ln/cng
Chuyn i loi
cng
ADSL->SHDSL 400.000VN/ln/cng
SHDSL->ADSL Khng thu cc

Cc
thu
cng
ADSL 181.818VN/cng/thng
SHDSL 272.727VN/cng/thng
21
2) Cc thu knh ng ln MegaWAN ni tnh
Thu bao mi Tc < 512 Kb/s 150.000VN/ln/knh
Tc t 512 Kb/s n 2Mb/s 500.000VN/ln/knh
Chuyn i tc knh Di 512 Kb/s ln 512Kb/s hoc cao hn 400.000VN/ln/knh
Cc trng hp khc 100.000VN/ln/knh
a) Cc u ni ho mng knh
b) Cc thu knh ng ln ni tnh
Tc
(Kb/s)
Cc
(1000VN/
thng)
Tc
(Kb/s)

Cc
(1000VN/
thng)

Tc
(Kb/s)

Cc
(1000VN/
thng)

Tc
(Kb/s)

Cc
(1000VN/
thng)

64 183 576 915 1.088 1.438 1.600 1.881
128 303 640 970 1.152 1.584 1.664 1.921
192 406 704 979 1.216 1.627 1.728 1.962
256 525 768 1.033 1.280 1.670 1.792 2.002
320 601 832 1.098 1.344 1.713 1.856 2.043
384 676 896 1.162 1.408 1.755 1.920 2.083
448 768 960 1.226 1.544/
1536
1.841 1.984 2.124
512 860 1.024 1.291 2.048 2.164
22
3) Cc thu knh ng ln MegaWAN lin tnh
Tc t 512 Kb/s n 2Mb/s 500.000VN/ln/knh
b) Cc thu knh ng ln lin tnh
Tc
(Kb/s)
Cc ng ln (1000VN/thng)
Ni vng Cn vng Cch vng
64 668 948 1386
128 954 1283 1752
192 1121 1502 2041
256 1307 1619 2179
384 1456 1836 2454
512 1673 2037 2701
768 1973 2268 2984
1024 2579 2889 3809
1152 3110 4040 5391
1544/1536 4033 4252 6606
2048 4692 5328 7095
23
4) Cc thu knh ng ln MegaWAN quc t
Tc t 512 Kb/s n 2Mb/s 1.300.000VN/ln/knh
b) Cc thu knh quc t
Tc
(Kb/s)
Cc thu knh quc t (USD/thng)
Vng 1 Vng 2
64 780 858
128 1114 1225
192 1309 1440
256 1526 1679
384 1700 1870
512 1952 2148
768 2303 2533
896 2536 2789
1024 3211 3533
1152 3430 3773
2048 3649 4013
24
Khch hng c bit
Knh thu ring
85% mc cc ni tnh
85% mc cc lin tnh
85% mc cc quc t
MegaWAN
85% mc cc thu knh ng ln

25
Cc truy nhp Internet 2M/640K
t mng MegaWAN
Cc u ni ho mng: khng thu
Cc thu bao: khng thu
Cc truy nhp/Megabyte: p dng theo
mc ca dch v MegaVNN ng vi tc
2Mbps/640kbps (Maxi)
Cc trn: khng qu
727.273/thng/ng truy nhp
2Mbps/640Kbps
26
Gi cc cc trng hp trn
khng bao gm thu GTGT
27
4) Cch tnh cc dch v VPN
Trong :
-Cc thu 1 cng=Cc u ni ho mng (thu mt ln)+cc thu cng hng thng
-Cc thu 1 knh ng ln=Cc u ni ho mng + Cc thu knh hng thng
V d : Khch hng c nhu cu thit lp knh nh sau :
-H Ni :
+ 40 Tng Bt H : Dng SHDSL, tc 256 kb/s (kt ni i Tp.HCM)
+ 55 L Thng Kit : Dng ADSL, tc 64 kb/s (kt ni ti Tng Bt H)
-Tp.HCM : Dng SHDSL, tc 256 kb/s (kt ni i 40 Tng Bt H, H Ni)
Cch tnh nh sau :
1. Ti 40 Tng Bt H khch hng phi tr : cc thu cng SHDSL + cc thu knh
ng ln lin tnh tc 256Kb/s (cc cch vng)
2. Ti 55 L Thng Kit khch hng phi tr : cc thu cng ADSL + cc thu knh
ng ln ni tnh tc 64Kb/s (cc ni vng)
3. Ti tp.HCM khch hng phi tr : cc thu cng SHDSL + cc thu knh ng
ln lin tnh tc 256Kb/s (cc cch vng)

Cc thit lp knh MegaWAN = Cc thu cng + Cc thu knh ng ln
28
155Mb/s
DSLAM HUB
Thit b u cui khch hng: NT G.SHDSL
- Speech Touch (Alcatel) series 610
- Speed Stream (Siemens) series 5100, 5200, 5660
- Patton, Adtran, Planet, Zyxel, Paradyne, Telindus
-Khong cch t DSLAM n khch hng ti a 3 5 Km (tu cht lng
Mng cp ng B Tnh)
SHDSL
100BT
NT
SHDSL
CE
nx2Mb/s IMA
155Mb/s
CE
ADSL
Splitter
DSLAM
SHDSL
SIEM EN S N IXD OR F
NT
SHDSL
100BT
DSLAM
S KT NI VT L
IP Core Network
PE
P
P
P
29
IP Backbone

Cp
ng

DSLAM

Ethernet
10/100BT

Internet VDC

Modem ADSL
BRAS/Edge
Router

ATM

S cung cp dch v mng ring o VPN

-Hin nay VTN c th cung cp dch v ny ti 64 tnh thnh trong c nc
155Mb/s
BRAS: BroadBand Remote Access Service
DSLAM: Digital Subscriber Line Access Multiplexer
Splitter
SS7
Switch
30
cu hnh mt VPN cn lm cc bc sau :
1. Thu thp thng tin khch hng :
Cu hnh mng (topology) khch hng yu cu.
a ch mng ring LAN ca tng site.
Cu hnh gia BRAS v modem (route, bridge).
2. Thit k bn v chi tit.
3. Cung cp cp ng t khch hng n
DSLAM gn nht ca Bu in.
4. Cu hnh ti cc BRAS ca VTN v 2 BRAS
ca Bu in Tp.HCM, Tp.HNI.
5. Cu hnh ti modem G.SHDSL hoc ADSL.
Cu hnh VPN
31
Phn bit gia Bridge v Routed
Cu hnh VPN
1) Cu hnh Bridge
2) Cu hnh Routed
32

Cc v d s u ni VPN
- Ti BRAS khai bo :
Encapsulation routed trn subinterface ATM ni vi khch hng
Routing mng ca khch hng qua subinterface ATM, hoc next hop
- Modem G.SHDSL ng vai tr nh mt router :
TI interface WAN phI cu hnh routed.
Phi khai bo routing nh tuyn.

Trng hp gia BRAS v NT.GSHDSL l Routed
33

Cu hnh Bridge gia VTN v khch hng
- TI BRAS khai bo : Encapsulation Bridge trn subinterface ATM nI vI khch hng.
- Modem G.SHDSL ng vai tr nh mt Bridge: interface WAN phI cu hnh Bridge.
- Cc my tnh trong mng ca khch hng ly default gateway l a ch subinterface
ATM trn BRAS.

Trng hp gia BRAS v NT.GSHDSL l Bridged
34
Cu hnh VPN ti BRAS

Bc 1 : Khai bo VRF trong virtual router
default, bao gm cc tham s route-
distinguisher v route-target.
Bc 2 : Khai bo cc interface trn VRF kt ni
ti cc site khch hng.
Bc 3 : Qung b VRF vo routing BGP cc
VRF trong cng mt VPN hiu c
nhau.
Bc 4 : Kim tra VPN va khai bo trn BRAS.

Cc bc cu hnh VPN ti BRAS
35
Cu hnh VPN ti BRAS

1) Khai bo VRF
Khai bo VRF theo s sau
Config
IP
vrf
Export
map
Import
map
rd
ASN:nn or IP Address:nn
Route-target
import
export
both
36
Cu hnh VPN ti BRAS

To mt VRF trong virtual router default
Router(config)# ip vrf vrf-name
V d :
Router(config)# ip vrf VPN

To gi tr RD phn bit gia cc VRF trong mt virtual
router, iu ny cho php chng ta dng cc a ch trng lp trong
cc VRF khc nhau
Router(config-vrf)# rd AS number: RouterIDxxxx
V d :
Router(config-vrf)# rd 65400:1078000

To cc gi tr route-target nhn dng ra cc VRF trn cc
router PE l chung VPN, v quyn truy xut gia cc VRF vi nhau,
cch thc cp nht bng nh tuyn (routing table).
Router(config-vrf)# route-target {import | export | both}
Router(config-vrf)# route-target {import | export | both}

37
a ch VPN-IPv4
Tng cng 96 bit, c cu trc nh sau:
a ch IPv4
Phn bit tuyn (RD)
64 bits
L a ch IPv4 duy nht ton
cu,RD c lp trong PE cho
mi VRF,RD c th hoc khng
lin quan n site hay VPN
32 bits
IP subnet thng
bo li bi CE
router cho PE
router
a ch VPN-IPv4
38
Cu hnh VPN ti BRAS

Gi s gi tr Red = 65400:8001, ti VRF trong cc router PE1,
PE2, PE3 khai bo nh sau :
Router(config-vrf)# route-target both 65400:8001

V d route-target trong Full-mesh VPN
39
Cu hnh VPN ti BRAS

V d route-target trong Hub-and-spoke VPN

Gi s gi tr Hub= 65400:8002 v Spoke=65400:8003
Ti VRF trong cc router PE1, PE2 khai bo nh sau :
Router(config-vrf)#route-target import 65400:8002
Router(config-vrf)# route-target export 65400:8003
Ti VRF trong cc router PE3 khai bo nh sau :
Router(config-vrf)#route-target import 65400:8003
Router(config-vrf)# route-target export 65400:8002

40
Cu hnh VPN ti BRAS

Sau khi to VRF xong, vo VRF to cc interface kt ni site CE ca
khch hng, trc khi to yu cu Bu in Tnh cung cp v tr card trong
DSLAM, v tr port trong card xc nh gi tr VPI/VCI v subinterface
ATM tng ng.
Vo VRF :
Router#show virtual-router
Router#virtual-router : tn VRF
V d :
Router#virtual-router :VPN
Router:default:VPN#
Khai bo interface trn VRF:
Khai bo bridge
Router:default:VPN#config terminal
Router:default:VPN(config) # interface atm 2/2.961
Router:default:VPN(config-if) #encapsulation bridge1483
Router:default:VPN(config-if) #atm pvc 961 1 61 aal5snap
Router:default:VPN(config-if) #ip description VPN test
Router:default:VPN(config-if) #ip address 192.168.1.1 255.255.255.0
Router:default:VPN(config-if) #no shutdown

2) Khai bo cc interface trn VRF

41
Cu hnh VPN ti BRAS

Khai bo routed
Router:default:VPN(config-if) #no shutdown

Ghi ch :
- Khi khai bo interface nh l khai bo theo trnh t t lp 2 ri mi n
lp 3
- Trong trng hp mun tit kim a ch, chng ta dng a ch
loopback cho cc interface, khi phi khai thm :
Router:default:VPN(config) #interfcae loopback 0
Ti interface atm khai bo nh sau:
Router:default:VPN(config-if) #ip unnumbered loopback0

42
Cu hnh VPN ti BRAS

3) Qung b VRF trong routing BGP
Router:default:VPN(config) # router bgp 65400
Router:default:VPN(config-router) #address-family ipv4 vrf VPN
Router:default:VPN(config-router) #redistribute static
Router:default:VPN(config-router) #redistribute connected

4) Kim tra hot ng ca VPN :
1) Hin th thng tin cc VRF v cc interface lin quan
Router# show ip vrf [{brief | detail | interfaces}] vrf-name
2) Hin th routing table cho VRF
Router# show ip route vrf vrf-name
3) Hin th thng tin v BGP
Router# show ip bgp vpnv4 vrf vrf-name
4) Vo VRF kim tra thng tin
Router:default:VPN#show ip route
Router:default:VPN#ping .
Router:default:VPN#traceroute

43
Cu hnh VPN ti NT G.SHDSL

Bc 1: Kim tra cp t DSLAM Bu in tnh n khch hng.

Bc 2: Cu hnh ti NT G.SHDSL c hai cch :
- Dng cng console ca modem kt ni vi cng COM ca my tnh : cu hnh
bng command line hoc menu.
- Dng cng Ethetnet ca modem kt ni vi card mng ca my tnh, ch : a
ch ca LAN my tnh phi cng mng vi a ch ca card mng. Vo Web
Browser nhp a ch IP ca port Ethernet cu hnh bng WEB.
Ci t cc tham s cho ph hp:
+ Encapsulation: Routed, Bridge
+ ATM Encapsulation: LLC
+ VPI/VCI=8/35 i vi DSLAM Alcatel, 0/35 i vi DSLAM Siemens
+ Q.991.2 Annex A/B : Annex A (Bc m) , Annex B (chu u)

Bc 3: Cm dy in thoi vo cng Line, kim tra mt trc ca modem xem n Link
(khu vc WAN) c sng khng ? Nu chp lin tc th ang ng b vi DSLAM,
bao gi n sng v dng li (khng chp) th port u vo DSLAM tt. Nu
khng thy n ny sng phi yu cu Bu in Tnh kim tra li.

Bc 4: Thay i a ch IP ca my tnh, chn Default gateway ph hp

Bc 5: Ping kim tra cc im trong mng VPN ca khch hng
44
Cu hnh VPN ti NT G.SHDSL hiu PATTON

45
Cu hnh VPN ti NT hiu PATTON

- Vo cng console ca NT dng command line khai bo a ch interface Ethernet

- Khai bo a ch my tnh cng lp mng vi a ch IP ca interface Ethernet

46

Cu hnh bng WEB
- Nhp a ch IP ca interface Ethernet vo IE vo WEB config, nh nhp
username v password mc nh l superuser
47

- Click Service Configuration vo cu hnh WAN interface
48

- Click WAN, Click Create a new service
49

Cu hnh routed gia BRAS v NT
-Chn RFC 1483 routed, click Continute =>
50

-in tham s VPI/VCI, a ch WAN IP address, Click Create
51

Hon thnh vic to interface WAN
52

-Click IP routes vo mc Edit Routes, Click Advanced Options
53

in cc tham s default route, chn interfcae rfc1483-0
54

Cu hnh bridged gia BRAS v NT
- Vo WAN chn RFC 1483 bridged, click Continue=>
55

- Nhp tham s VPI/VCI, Click create :
56

-Hon thnh vic to interface WAN
57

-Ci t cc tham s cho ng G.SHDSL :
58

- Lu cu hnh : Click System Configuration Save
59

- Restart router: Click System Configuration Restart
60
Kim tra hot ng ca VPN

- T my tnh ping cc a ch trong mng VPN
61
Gii thiu NT G.SHDSL hiu PLANET

62

- a ch mc nh ca Ethernet trong NT hiu Plannet l 192.168.0.1,
chn mt a ch IP my tnh thuc mng 192.168.0.0/24.

Cu hnh NT G.SHDSL hiu PLANET
63

- Nhp a ch 192.168.0.1vo Internet Explorer

64

- Nhp User Name = root v Password = root

65

- Click Basic cu hnh
66

Cu hnh NT nh mt Router
- Chn ROUTE , click Next
67

Cu hnh LAN :Nhp a ch IP Address, Subnet Mask, Click Next
68

Cu hnh WAN : Nhp VPI/VCI, Protocol . Click Next
69

Cu hnh WAN : IP Address, Subnet Mark, click Next
70

Kim tra cc tham s, click Restart
71

Sau khi restart cu hnh mi c nhp vo NT
72

Cu hnh NT nh mt Bridge
Chn Bridge, click Next
73

Nhp cc tham s LAN, WAN (VPI/VCI). Click Next
74

Kim tra cc tham s . Click Restart
75

Sau khi restart cu hnh mi c nhp vo NT
76
Cu hnh NT ADSL hiu ZOOM X5

- a ch mc nh ca Ethernet trong NT hiu Zoom l
10.0.0.2, chn mt a ch IP my tnh thuc mng 10.0.0.0/8.
77

Nhp a ch 10.0.0.2
78

Nhp user name : admin v password: zoomadsl
79

Mn hnh Basic Setup xut hin, bn c th chn cu hnh routed hoc
bridge
80

in cc tham s VPI/VCI=8/35, Encapsulation=Routed,
click Save Changes
81

Click Advanced Setup, Click WAN Settings
82

in a ch IP, tc bit. Click Save Changes
83

Click Advanced Setup, Click LAN Settings
84

in a ch IP ca LAN interface, click save changes,
click write settings to Flash and reboot
85

in cc tham s VPI/VCI=8/35, Encapsulation= Bridged,
click Save Changes, click write settings to Flash and reboot
86

Xin Chn thnh Cm n

Introduction VPN On NGN (v5)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Introduction VPN On NGN (v5)

Uploaded by

Copyright:

Available Formats

1

GII THIU DCH V VPN

You might also like