Network-Based VPNs BOF (nbvpn) Thursday, August 3 at 1530-1730 =============================== CHAIRS: Marco Carugi Rick Wilder DESCRIPTION: The goal of this effort is to standardize a framework and one or more sets of mechanisms for supporting network-based IP virtual private networks (NBVPN). A NBVPN is distinguished by the following characteristic : 1. They may require support for isolated routing. Reasons for this requirement include creation of closed user groups per VPN with confidentiality for VPN traffic and the use of non-globally-unique VPN addressing. 2. Site-to-site performance characteristics may need to be ensured. 3. Their operations can be at least partially outsourced to one or more SPs. Drivers for this work exist for both VPN users and Service Providers. VPN-user-based drivers include: 1. Desire to simplify the configuration and management of the VPN. 2. Desire to be able to outsource the management and configuration of the VPN. Service provider-based drivers include: 1. Efficient sharing of transmission resources and routing equipment in support of multiple VPNs. 2. Simplicity of management of aggregation routers which support multiple VPNs. Devices used for NBVPNs can meet both user and service-provider concerns by providing independent functions for the customer-facing side and the network-facing side. The customer-facing side has a customer-specific IP forwarding environment and VPN configuration, tailored for each customer. The network-facing side of the device participates in the SP network's routing (i.e., runs an IGP and IBGP as a standard router would). A critical function is the mapping of virtual site-to-site VPN connections onto a transport backbone which can support multiple VPNs as well as other communications services. An intelligent many-to-one mapping of virtual VPN connections onto a shared transport backbone can greatly improve the scaling properties of the backbone. There are 3 different tunneling mechanisms that are considered within the scope of this WG to support NBVPNs: MPLS, GRE and IPSEC. Note that IPSEC can be used as a tunneling protocol itself or an "inner wrapper" within another tunneling protocol such as MPLS or GRE. NBVPNs may also support traditional L2 tunneling protocols at the network-facing side although the use of these tunnels are outside the scope of this working group. A single VPN may make use of a mixture of tunnel mechanisms. AGENDA: The meeting is officially scheduled from 1530 to 1730. Due to limited time availability and to various slot requests, we propose a scheduling time from 1530 to 1800 Agenda bashing - co-chairs Charter presentation (work description, objectives, goals/milestones) and discussion - co-chairs - 30 min Recent work on MPLS-based VPNs at ITU SG13 (draft recommendation Y.ipvpn) - Carugi - 10 min Internet-Draft presentations (reduced slots due to limited total time availability) "BGP/MPLS VPNs" updates (draft-rosen-rfc2547bis-02.txt) - Rosen/Rekhter - 20 min Network based IP VPN Architecture using Virtual Routers (draft-ouldbrahim-vpn-vr-01.txt) - Ould-Brahim - 15 min A Core MPLS IP VPN Architecture (draft-muthukrishnan-mpls-corevpn-arch-03.txt) - Muthukrishnan - 10 min A framework for IP Based Virtual Private Networks (RFC2764) - Gleeson - 15 min A framework for NBVPN (draft-suzuki-nbvpn-framework-00.txt) - Suzuki/Sumimoto - 15 min BGP/IPSEC VPN (draft-declercq-bgp-ipsec-vpn-00.txt) - De Clercq/T'Joens - 10 min Criteria for evaluating VPN implementation mechanisms (draft-yu-vpn-criteria-00.txt) -Yu- 10 min Extensions to CR-LDP for VPNs (draft-zhang-crldp-ext-for-vpn-00.txt) - Zhang - 5 min MAILING LIST: The mailing list is available : general discussion at nbvpn@bbo.com, to subscribe send "subscribe nbvpn" as the text to nbvpn- request@bbo.com A web site (mail archive) will be also setup.