1、INTERNATIONAL TELECOMMUNICATION UNION ITU=T TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Y.1311 (03/2002) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE AND INTERNET PROTOCOL ASPECTS Internet protocol aspects - Transport Network-based VPNs - Generic architecture and service requirements ITU-T Recomm
2、endation Y. 131 1 ITU-T Y-SERIES RECOMMENDATIONS GLOBAL INFORMATION INFRASTRUCTURE AND INTERNET PROTOCOL ASPECTS II GLOBAL INFORMATION INFRASTRUCTURE General Services, applications and middleware Network aspects Interfaces and protocols Numbering, addressing and naming Operation, administration and
3、maintenance Security Performances General Services and applications Architechire, access, network capabilities and resource management Transport Interworking Quality of service and network performance Signalling Operation, administration and maintenance Charging “ERNET PROTOCOL ASPECTS Y. 100-Y. 199
4、 Y.200-Y.299 Y.300-Y.399 Y.400-Y.499 Y.500-YS99 Y .600-Y ,699 Y.700-Y.799 Y.800-Y.899 Y. 1000-Y. 1099 Y. 1 100-Y. 1 199 Y. 1200-Y. 1299 Y.1300-Y.1399 Y. 1400-Y. 1499 Y. 1500-Y.1599 Y. 1600-Y. 1699 Y.1700-Y.1799 Y. 1 800-Y. 1899 I For further details, please refr to the list of ITU-T Recommendations.
5、 ITU-T Recommendation Y.1311 Network-based VPNs - Generic architecture and service requirements Summary This Recommendation specifies the generic architecture and service requirements that are applicable to the provision of Network-Based Virtual Private Networks by Network Service Providers. Source
6、ITU-T Recommendation Y. 13 1 1 was prepared by ITU-T Study Group 13 (200 1-2004) and approved under the WTSA Resolution 1 procedure on 16 March 2002. ITU-T Rec. Y.1311(03/2002) 1 FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecom
7、munications. The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommu
8、nication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas
9、of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with IS0 and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operat
10、ing agency. INTELLECTUAL, PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual P
11、roperty Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However,
12、 implementors are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database. O ITU 2002 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. 11
13、ITU-T Rec. Y.1311 (03/2002) CONTENTS Page 1 Scope and field of application 1 2 References . 2.1 Normative references Terms and definitions . 3.1 Network-based Virtual Private Network (NB VPN) 3.2 NE3 Layer 1 VPN 3.2.1 Optical VPN . 3.3 NE3 Layer 2 VPN 3.4 NE3 Layer 3 VPN 3.4.1 NB IP VPN . 3.5 Virtua
14、l Services Network (VS N) 3.6 Virtual Transport Network . 4 Abbreviations and Acronyms . 5 Service definition Introduction Types of VPN service . NB VPN service view . 5.1 5.1.1 5.1.2 5.1.3 5.2 5.2.1 5.2.2 NB VPN service deployment scenarios Designation of VPN network elements Auto-discovery among n
15、etwork elements NE3 VPN service reference model 6 Abstract framework of NB VPN 6.1 Operational environment 6.2 VSNNTN overview . 6.2.1 General model 6.2.2 VSN and VTN components 6.3 VPN management . 7 Service requirements 7.1 Service requirements for virtual services network . 7.1.1 General VSN serv
16、ice requirements 7.1.2 Configuration management 7.1.3 Fault management 7.1.4 Performance management 7.1.5 Accounting . 7.1.6 Security . 2 2 3 9 9 9 10 10 10 10 10 ITU-T Rec . Y.1311 (03/2002) iii 7.1.7 Service Level Agreements and QoS . 7.2 Service requirements for virtual transport network 7.2.1 Ge
17、neral service provision . 7.2.2 Configuration management 7.2.3 Fault management 7.2.4 Performance management 7.2.5 Accounting . 7.2.6 Security . Appendix I . Service deployment scenarios for NI3 IP VPN Introduction I . 1 Intranet (connectivity between sites in the same organization) 1.2 Extranet (co
18、nnectivity between sites across multiple organizations) . 1.3 VPNs across multiple autonomous systems or service providers 1.4 Simultaneous VPN and Internet access 1.5 Hierarchical VPNs (VPNs within VPNs) 1.6 Multiple Access Scenarios (Dial, DSL, fixed wireless. cable) Appendix II . Service deployme
19、nt scenarios for NB Layer 2 VPN Appendix III . Service deployment scenarios for NI3 Layer 1 VPN . Appendix IV . Examples of practical realizations of VTN approaches for NI3 IP VPN Page 11 11 11 12 12 12 12 12 13 13 13 14 15 16 17 18 19 19 19 iv ITU-T Rec . Y.1311(03/2002) ITU-T Recommendation Y.1311
20、 Network-based VPNs - Generic architecture and service requirements 1 This Recommendation describes a number of generic architectural aspects and specifies a number of generic service requirements involved in the provision of network-based Virtual Private Networks (Nl3 VPNs). Network-based VPNs have
21、 a common set of requirements and are related through the use of a common set of mechanisms. This Recommendation describes NB VPN service definitions, framework and requirements. The scope of this Recommendation covers the various core implementations of an NI3 VPN, as well as the services offered t
22、o the customer at the access interface. The scope is also illustrated in Figure 1, which depicts the principles arrangement between services and implementation approaches: Scope and field of application Services supported Approaches for implementing network-based VPN transport 4 b Network-based WN s
23、ervice service provides uses transport u T131831-02 Figure 1N.1311- General Scope NOTE 1 - The examples shown above are non-exhaustive. NOTE 2 - Not all combinations of elements shown in the figure are feasible, or are within the scope of this Recommendation. Further explanation of the concepts show
24、n in Figure 1, are contained in clauses 5 and 6. ITU-T Rec. Y.1311 (03/2002) 1 2 References 2.1 Normative references The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publica
25、tion, the editions indicated are valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the c
26、urrently valid ITU-T Recommendations is regularly published. i 2 ITU-T Recommendation Y. 1241 (2001), Support of IP-based services using IP transfer capabilities. ITU-T RecommendationY. 13 1 1.1 (2001), Network-based IP VPN over MPLS architecture. 3 Terms and definitions This Recommendation defines
27、the following terms. 3.1 A network-based virtual private network is that part of a network which provides connectivity amongst a limited and specific subset of the total set of users served by the network provider. A VPN has the appearance of a network that is dedicated specifically to the users wit
28、hin the subset. This dedication is achieved through logical rather than physical means, hence the use of the word virtual. Users within a VPN cannot communicate, via the VPN provider, with users not included in the specific VPN subset and vice versa. NOTE - The term “network based is used to disting
29、uish the network provider solutions described in this Recommendation fiom VPN solutions which are implemented solely through the use of customer equipment based solutions. Whenever the term “VPN“ is used in this Recommendation it shall be taken to mean a “network-based VI“. Network-based Virtual Pri
30、vate Network (NB VPN) 3.2 NB Layer 1 VPN A network-based Layer 1 VPN is a NE3 VPN where the VPN service operates at layer 1 and provides optical or TDM connections between the customer devices belonging to the VPN, i.e. between a port on one customer device and a port on another customer device. 3.2
31、.1 Optical VPN A network-based optical VPN is a layer 1 VPN that uses optical interconnections between customer devices as the basis for providing the VPN facilities. 3.3 NB Layer 2 VPN A network-based Layer 2 VPN is a NE3 VPN where the VPN service operates at layer 2 and provides a data link servic
32、e between customer devices belonging to the VPN, e.g using IEEE 802, FR or ATM protocols. 3.4 NB Layer 3 VPN A network-based Layer 3 VPN is a NE3 VPN where the VPN service operates at layer 3, and provides a layer 3 service between customer devices belonging to the VPN, e.g using IP protocols. 2 ITU
33、-T Rec. Y.1311(03/2002) 3.4.1 NBIPVPN A network-based IP VPN is a network-based layer 3 VPN that uses IP addressing, IP forwarding and routing, and the IP protocol for control and data, and IP technology as the basis for providing the VPN facilities. 3.5 Virtual Services Network (VSN) The Virtual Se
34、rvices Network is an abstract representation of the set of services that can be made available to a customer of an NB VPN. These services include services which enable the control, administration and management of the VPN. 3.6 Virtual Transport Network The Virtual Transport Network is an abstract re
35、presentation of the set of forms of implementation of an NE3 VPN. 4 Abbreviations and Acronyms This Recommendation uses the following abbreviations. ATM CE FR GRE IEEE IETF IP MPLS NB P PE PPVPN QOS SLA TDM VPN VSN VTN Asynchronous Transfer Mode Customer Edge Frame Relay Generic Routing Encapsulatio
36、n Institute of Electrical ans Electronics Engineers Internet Engineering Task Force Internet Protocol Multiprotocol Label Switching Network Based Provider Provider Edge Provider Provisioned Virtual Private Network Quality of Service Service Level Agreement Time Division Multiplex Virtual Private Net
37、work Virtual Service Network Virtual Transport Network 5 Service definition 5.1 Introduction This clause provides a generic functional definition of a “Network-based VPN“ network service. Implementation issues as well as implementation-specific service aspects are out of scope of this part of Recomm
38、endation. ITU-T Rec. Y.1311(03/2002) 3 5.1.1 Types of VPN service The following three types of service are identified. 5.1.1.1 Layer 1 VPN service In a layer 1 VPN service the customer edge device is connected to the network provider via one or more links, where each link may consist of one or more
39、channels or sub-channels (e.g. wavelength, or wavelength and timeslot respectively, or just timeslot). The customer edge device and the provider edge device are peered to each other only at the physical link layer across the access network. A link has two end-points: a) b) The scope of a layer 1 ser
40、vice is related to port-based VPNs only. 5.1.1.2 Layer 2 VPN service In a layer 2 VPN service, customer edge device receives data link layer (i.e. layer 2) service from the network provider. The customer edge device and the provider edge device are peered to each other at the data link layer across
41、the access network. The network performs forwarding of user data packets based on information in the packets data link layer headers, such as a for example frame relay DLCI, ATM VCC, or 802. Iq VLAN tag. 5.1.1.3 Layer 3 VPN service In a layer 3 VPN service, customer edge device receives network laye
42、r service (typically in the form of IP packets) from the network provider. The customer edge device and the provider edge device are peered to each other at the netwoi-k layer across the access network. The network performs forwarding of user data packets based on information in the IP layer header,
43、 such as an IPv4 or IPv6 destination address. The customer sees the network as a layer 3 device such as an IPv4 or IPv6 router. one on the customer edge (CE) device, known as the port; one on the provider edge device , known as the provider edge (PE) port. 5.1.2 NB VPN service view Figure 2 depicts
44、the service view for three instances of the NE3 VPN service, illustrating different various applications. 4 ITU-T Rec. Y.1311(03/2002) T13183-02 Figure 2N.1311- NB VI“ service view 5.1.3 A number of generic service deployment scenarios are envisaged for Network-Based VPNs. Scenarios for layer 3, 2,
45、and 1 VPNs are described in further detail in Appendices I, II and III respectively. It should be noted that these are some of the more commonly envisaged deployment scenarios, and not necessarily an all-encompassing list of the scenarios to be supported by network-based VPN services. In other words
46、, a service provider may provide an VPN service supporting a subset or a superset of the above scenarios based on customer requirements and constrained by technical or other limitations. NF3 VPN service deployment scenarios 5.2 NB VPN service reference model 5.2.1 The generic VPN reference model for
47、 a VPN is shown in Figure 3 below. Designation of WN network elements ITU-T Rec. Y.1311(03/2002) 5 ./ T131833OO2 ._/ CE layer _._I. -L -. -_ -_ - . CE Customer Edge PE ProviderEdge P Provider Figure 3N.1311- VPN reference model For ease of provision of a VPN, by a network provider, it is essential t
48、o accommodate addition, deletion, moves and/or changes among sites and members with as little manual intervention as possible. A key enabler of VPN provision is the establishment of the “tunnels“ which separate the traffic of a given VPN from that of another VPN, and from traffic of the open network
49、 across a common infiastructure. If key VPN network elements can announce their presence to one another through auto-discovery techniques, then the required tunnels can be configured with a minimum of manual intervention. The principle of auto-discovery applies to all types of VPN irrespective of the layer at which the service is offered. For example, the CE-PE peer relationship established for the VPN service may occur at layer 1,2, or 3. The tunnels for VPN between PE devices across the core may be constructed at layer 1, or layer 2 or layer 3. Examples of layer 1 tunnels a
copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1