- Overview
- Plan Files and Patch Files
- User Interface
- Plan Objects
- Traffic Demand Modeling
- Simulation
- Simulation Analysis
- Forecasting Traffic
- IGP Simulation
- MPLS Simulation
- RSVP-TE Simulation
- Segment Routing Simulation
- Layer 1 Simulation
- Quality of Service Simulation
- BGP Simulation
- Advanced Routing with External Endpoints
- VPN Simulation
- Multicast Simulation
- Metric Optimization
- RSVP-TE LSP Optimization
- LSP Optimization
- SR-TE Optimization
- SR-TE Bandwidth Optimization
- LSP Disjoint Path Optimization
- LSP Setup Bandwidth Optimization
- LSP Loadshare Optimization
- Capacity Planning Optimization
- Changeover
- Patch Files
- Reports
- Cost Modeling
- Plot Legend for Design Layouts
VPN Simulation
The WAE Design virtual private network (VPN) model is a representation of a virtual subnetwork within the plan file. Viewing and simulating VPN within WAE Design facilitates numerous network tasks and can answer many questions. The following are a few.
- Which VPNs are on my network? Where and how are they configured?
- Which VPNs are using congested interfaces?
- Which VPNs will experience congestion under any of a given list of failure scenarios?
- Which failures scenarios cause the worst-case congestion or latency for a VPN?
There are many varieties of VPNs. For example, there are Layer 2 (L2) VPNs and Layer 3 (L3) VPNs, each having different categories within it, and there are vendor-specific VPN implementations as well. Each VPN type has its own specific configuration and terminology. The WAE Design VPN model supports a number of these VPN types based on either route-target or full-mesh connectivity.
VPN Model
VPN Objects
|
|
|
---|---|---|
Connection points in a VPN. They exist on standard nodes, and each node can contain multiple VPN nodes. A VPN node can be in only one VPN. |
VPN Topology and Connectivity
WAE Design VPN topologies route connections are established through route targets (RTs) or through a full mesh of VPN nodes. This Connectivity property is set in the VPN Properties dialog box.
Knowing a VPN’s topology and connectivity enables WAE Design to calculate which demands between VPN nodes carry traffic for a particular VPN, and thus which interfaces carry traffic for that VPN. In turn, WAE Design can calculate the vulnerability of a VPN to certain failure and congestion scenarios.
A demand is associated with a VPN, meaning it carries traffic for that VPN, if each of the following points are true.
- The two VPN nodes are in the same VPN.
- The demand is in the same service class as the VPN.
- Only for VPNs with RT connectivity, the RT Export property of one VPN node must match the RT Import property of another VPN node.
Once demands are associated with the VPN, this configuration simulates the associated access circuits exchanging traffic as if they were on the same LAN.
Note that a demand associated with a VPN can additionally contain other traffic that is for that VPN.
VPNs
Each VPN consists of a set of VPN nodes that can exchange data within it. VPNs have three key properties that uniquely identify them and define how the traffic within them is routed.
- Name—Unique name of the VPN.
- Type—The type of VPN. You can select from the defaults, which are VPWS, VPLS, or L3VPN, or you can enter a string value to create a new one. Once entered, the new VPN type appears in the drop-down list and is available for other VPNs and VPN nodes.
- Connectivity—Determines how WAE Design calculates connectivity and associated demands for VPNs.
– Full Mesh—Connectivity is between all nodes in the VPN. WAE Design ignores the RT Import and RT Export properties of the VPN nodes.
– RT—Connectivity is based on the RT Import and RT Export properties of its VPN nodes.
VPNs Table
The VPNs table lists the VPN properties described above, its associated service class, traffic, and the number of VPN nodes within that VPN ( Table 17-1 ). For information on QoS measurements, see the Quality of Service Simulation chapter. For information on the Worst-Case columns not listed here, see Table 17-3 .
Note Since the traffic and QoS calculations are based on all interfaces within the VPN for the service class specified for that VPN, the plot view might differ from the table. For example, the plot view could show Internet traffic while a VPN carrying voice traffic is selected.
VPNs are not selectable from the network plot; you can only select and filter to VPNs through tables. When selected, all VPN nodes within the VPN are highlighted in the plot (Figure 17-1).
Identify Interfaces Used by VPNs
To view which interfaces are associated with a VPN, right-click a VPN in the VPNs table and select Filter to Interfaces from the context menu. his is useful for viewing the VPN topology in the network plot. If you then select all of these filtered interfaces, you can see the VPN outlined in the network plot.
To view which VPNs are associated with an interface, right-click an interface in the Interfaces table and select Filter to VPNs from the context menu. This is useful for determining which VPNs would be affected should a circuit fail or go down for maintenance.
Note Utilization measurements might be different between the tables since the VPN table calculates measurements only for the service class associated with that VPN.
VPN Nodes
VPN nodes are defined by several properties that together, determine which VPNs the nodes belong to and how the demands are routed. The following are required properties.
- Node—Name of the node on which the VPN node resides. This node name corresponds with one in the Nodes table.
- Type—The type of VPN. You can select from the defaults, which are VPWS, VPLS, or L3VPN, or you can enter a string value to create a new one. Once entered, the new VPN type appears in the drop-down list and is available for other VPN nodes and VPNs.
- Name—Name of the VPN node.
- VPN—Name of the VPN in which this VPN node resides. The drop-down lists shows existing VPNs of the same type set in the Type field. You can create a VPN node without setting its VPN, but without this selected, the VPN node is not included in simulations as a member of any VPN.
To simulate RT connectivity, you must set the VPN Connectivity property to RT and then set the RT Import and RT Export properties on the individual VPN nodes within it.
- RT Import and RT Export—The pairing of RT values identify which VPN nodes connect with each other. For more information, see the VPN Topology and Connectivity section.
- Optional: RD—Route distinguisher (RD) uniquely identifies routes within a VRF as belonging to one VPN or another, thus enabling duplicate routes to be unique within a global routing table.
VPN Nodes Table
The VPN Nodes table lists the VPN node properties described above, as well as columns that identify the VPN nodes’ relationship within the VPN and its traffic. Table 17-2 describes the columns.
VPN nodes are not selectable from the network plot; you can only select and filter to them through tables.
Once selected from the VPN Nodes or VPNs table, the associated site and the nodes within that site appear with a green circle on it (Figure 17-1).
Figure 17-1 VPN Nodes within a VPN
Layer 3 VPN Example
This example illustrates a scenario where the Acme manufacturing company has three offices, but permits the two branch (er1.par and er1.fra) offices to exchange data only with headquarters (er1.lon).
Additionally, headquarters communicates with an SP VPN node (er1.bru) that is not in the Acme VPN. Figure 17-2 shows the footprint of the Acme VPN and the RTs set for all VPN nodes in this example.
In turn, each branch office is set to the Acme VPN, with a Type of L3VPN.
- To exchange data with two other VPN nodes in the Acme VPN, headquarters (er1.lon) imports the offices’ exported route targets of 2:1 (er1.par) and 3:1 (er1.fra).
- In turn, headquarters (er1.lon) exports a route target of 1:1.
All three of these other VPN nodes import it (both offices and the SP VPN node).
Since the SP VPN node (er1.bru) is not in the Acme VPN, its communication with er1.lon is not within the context of that VPN.
The VPN footprint in Figure 17-2 shows that if the circuit between er1.fra and er1.bru became congested or failed, the VPN would be impacted. A failure of the circuit between the two branch offices however, would not impact it. This failure is illustrated in Figure 17-3, which shows that none of the demands associated with the VPN are rerouted.
Figure 17-2 Example RT Connectivity and Acme VPN Footprint
Figure 17-3 Example Failure Between Branch Offices in the Acme VPN
For this example, Figure 17-4 illustrates the filtering of VPN nodes to its associated Acme VPN and the filtering of the Acme VPN to its associated demand traffic. It also shows the calculations of the Total Connect and VPN Connect columns in the VPN Nodes table.
- The Total Connect for the VPN node residing on er1.lon, headquarters is highest because it exchanges data with three other VPN nodes.
Each of the offices and the service provider VPN node have only 1 in the Total Connect column because they each exchange data only with (have RT pairings with) headquarters.
- The VPN Connect for the VPN node residing on er1.lon, headquarters is highest because it exchanges data with and is in the same VPN as the two offices; all three VPN nodes share the same VPN name.
Each of the offices have 1 in the VPN Connect column because they are communicating with only one VPN node in the same VPN.
The service provider VPN node (er1.bru) has 0 VPN Connects because it does not reside in a defined VPN.
Figure 17-4 VPN Nodes Filtered to Acme VPN, and Acme VPN Filtered to Demands
VPN Simulation Analysis
When you run a Simulation Analysis, you have the option to record worst-case utilization and latency for VPNs in the VPNs table ( Table 17-3 ). You can then right-click a VPN to fail it to its worst-case utilization or to fail it to its worst-case latency.
For information on running Simulation Analysis and failing VPNs to their worst-case utilization, see the Simulation Analysis chapter.
Create VPN Nodes
Step 1 Either right-click in an empty plot area and select New->VPN->VPN Node from the context menu, or select the Insert->VPN->VPN Node. A properties dialog box appears.
Step 2 In the Site and Name fields respectively, select the site in which the VPN node will exist, and select the node on which the VPN node is being configured.
Step 3 Either select a VPN type or enter a string value for a new one. The defaults are VPWS, VPLS, and L3VPN.
Step 4 In the Name field, enter the name of the VPN node. This does not have to be unique.
Step 5 In the VPN drop-down list, select the VPN to which you are adding this VPN node. If you do not see the VPN that you expect to see, verify you correctly selected the type.
Step 6 Optional: Enter a description that further identifies the VPN node. A customer name, for example, might be helpful.
Step 7 If the Connectivity for the VPN is RT, enter the applicable route targets in the RT Import and RT Export fields. All VPN nodes with the same import RT as another VPN node’s export RT can receive traffic from that VPN node. Those VPN nodes with the same export RT as another VPN node’s import RT can send traffic to that VPN node. For more information, see the VPN Topology and Connectivity section.
Step 8 Optional: Enter a route distinguisher in the RD field.
Create VPNs
You can create VPNs from existing VPN nodes or you can create VPNs and then later add VPN nodes with them.
Create VPNs from Existing VPN Nodes
When you create VPNs from existing VPN nodes, all VPN nodes are assigned to these newly created VPNs and the existing VPNs become empty. This is because VPN nodes can belong to only one VPN at a time.
Step 1 If you are creating a VPN for specific nodes, select VPN nodes from the VPN Nodes table.
Step 2 Either right-click in an empty plot area and select New->VPN->VPNs from VPN Nodes from the context menu, or select the Insert->VPN->VPNs from VPN Nodes. A properties dialog box appears.
Step 3 In the drop-down list, select the method for creating the VPN: VPN node name, RD, or VPN node tag.
Step 4 If applicable, enter the VPN node name or VPN node RD, and enter the VPN name. These two fields work together to create and name the VPN. Both fields use regular expressions. The $ in the VPN Name field identifies which parenthetical expression in the VPN Node Name or VPN Node RD field to use. For instance, $2 means use the second set of parenthesis from which to create the VPN name.
- The default is a regular expression that matches the entire VPN node name and to create one VPN for each unique VPN node name. That is, the default in VPN Node Name is (.+) and the default VPN Name is $1, which creates a VPN with a name that is identical to each VPN node (or all VPN nodes if none are selected).
If your convention is to use the same VRF name or the same service ID for every VPN node, this default works well. If, however, the VPN name is encoded in the VRF name or service ID, use a regular expression to isolate the part of the VPN node name that is to be used.
Example: By adding characters before or after the parenthesis, you can create a set of VPNs that are similar to VPN node names.
Selected VPN node names: AG-VPN-AMS and AG-VPN-FRA
Results in two VPNs: VPN-AMS and VPN-FRA
Selected VPN node names: vrf_AKD_V001_Amsterdam, vrf_AKD_V001_Paris, and vrf_AKD_V001_Frankfurt
VPN Node Name: (vrf)_(.+)_(V[0-9]+)_(.+)
Example: Create a VPN named “7” from three existing VPN nodes with RDs of 7:1, 7:2, and 7:3.
- If you selected to create a VPN from VPN node tags, WAE Design uses a tag to create the new VPN. If a VPN node has more than one tag, only the first tag listed is used. (To create VPN node tags or to change the order of their appearance, use the VPN Node Properties dialog box. Access it by double-clicking on one or more VPN nodes.)
Step 5 To see a list of VPN nodes that will be included in the VPN and the VPN names being created, click the Update Preview button.
Step 6 Select the service class for this VPN. Then click OK.
Create VPNs
Step 1 Either right-click in an empty plot area and select New->VPN->VPN from the context menu, or select the Insert->VPN->VPN. A New VPN dialog box appears.
Step 2 Enter a unique name for the VPN.
Step 3 Select the VPN type: VPWS, VPLS, or L3VPN.
Step 4 Select the service class for this VPN.
Step 6 If desired, add VPN nodes to the newly created VPN. See the Add VPN Nodes to VPNs section.
Add VPN Nodes to VPNs
Step 1 Select one or more VPN nodes from the VPN Nodes table.
Step 2 Right-click any of the selected VPN nodes, and select Properties from the context menu.
Step 3 In the drop-down list of the Properties dialog box, select the VPN to which you are adding the selected VPN nodes. Then click OK.
Related Topics
- Traffic Demand Modeling chapter
- Simulation chapter