MD-VPN service description
The GÉANT MD-VPN service is delivered by seamless transport infrastructure that is able to transport L3VPN (IPv4/IPv6), point-to-point L2VPN and in a near future (GN4) multipoint L2VPN over several network providers (domains). The most important interest of MD-VPN is that now providing any kind of VPN over European educational and scientist sites are now easy and fast. We expect that MD-VPN service will be a useful tool to foster the European educational and scientist collaboration.
The service is delivered jointly by NRENs and the pan-European network GÉANT and NORDUnet; This infrastructure can be joint by regional, metropolitan or campus network, campus and the MD-VPN service is in this way extended over these regional, metropolitan or campus networks.
The service is delivered to end-users over a point called Service Demarcation Point (SDP) at the edge of the NRENs or Regional Networks. In practice, the way the service is delivered to the end-users depends on NRENs but a widespread practice is:
- For L3VPN in IP packets form
- For point to point layer 2 circuit (i.e. Point-to-Point L2VPN) and Multipoint L2VPN (VPLS) in 802.1q packets form over dedicated VLANs or in a dedicated port;
Figure 1: MD-VPN infrastructure
This infrastructure allows the end-users (scientist, etc) of the IPv4/IPv6 or Layer2 networks to work as if their networks where coupled together directly (the intermediate networks are transparent for end-users). A typical scenario would be an international collaboration where a project wants to connect a number of sites from different physical locations to create a collaborative infrastructure as if they were in the same physical location; so the organization can access to the same level of security as all their sites would be in the same location. This security improvement allows very performance achievement by avoiding the usage of firewall deep inspection like with standard IP. Distributed infrastructures like Grid, cloud or HPC can typically take benefit of MD-VPN.
The MD-VPN service also provides privacy amongst different instances (VPNs) of the service i.e. the content being sent back and forth between the different sites is kept in the private entity that owns the data. This is achieved because the data flows of the MD-VPN customer are isolated from any other traffic, standard IP traffic and traffic of other the MD-VPN customers.
Use Cases for GÉANT MD-VPN
There is a wide scope for GÉANT MD-VPN use, from the long-term infrastructure with intensive network usage to quick point-to-point services for a conference demonstration. The following cases give examples of how GÉANT MD-VPN can be used to support R&E collaboration;
International Collaboration - Universities, labs and all scientific projects based on international collaboration will benefit from the use of GÉANT MD-VPN services as the end-to-end service demarcation and the ability to support "out of area" connections improve ease of use. LHCONE, ITER and CONFINE are examples of success. Future Internet projects are also target users for GÉANT MD-VPN using proxy services to provide outreach. Ad hoc P2P connections - For example conference demonstrations or P2P data transport between sites needed only rarely and only for short periods of time. The rapid deployment of VPNs will enable such projects to take advantage of the service whereas the time for deployment of earlier services would have been prohibitive. Distributed Infrastructure Services - Cloud service providers, Grid and HPC centres could offer services across VPNs to increase service assurance and to separate traffic flows for management and (possibly) billing purposes Scientific Infrastructure – GÉANT MD-VPN is ideally suited to hub and spoke network structures enabling access to centralised infrastructure projects. Also distributed networking for remote sensors could benefit from higher levels of assurance offered by VPNs Education – Ad hoc and semi-permanent VPNs can provide linkages between school and campus networks in a clearly separated manner. This can be used to support outreach projects and collaboration. Transparent Transport Services - As GÉANT MD-VPN can provide a transparent data transport, it can be used by high level network services like SDN, BoD and in general by future internet projects.