Paragon Planner Virtual Private Networks Overview
The Virtual Private Networks chapter describes Paragon Planner’s VPN module (also known as VPNView) capabilities, which include VPN construction via router configuration extraction, VPN topology display and reporting, VPN-related integrity checking, and VPN design and modeling. When used in conjunction with the Online module, the VPN module also allows the user to perform VPN monitoring and diagnostics.
The types of VPNs supported include Layer3 (L3), Layer2 Kompella (L2K), Layer2 Martini (L2M), Layer2 Circuit Cross-Connect (L2CCC), and VPLS (both LDP-based and BGP-based VPLS). VPNView supports hub-and-spoke and other complex VPNs. Depending on the type of VPN, different information is extracted from the router configuration files to construct the different type of VPN. For instance, the extracted information for L3 VPNs based on RFC 2547bis would include PE routers and CE devices (if managed), export/import route targets, route distinguisher, interfaces, protocols, etc.
Besides VPN construction via configuration import, the VPN module also offers the network planner the ability to construct VPNs from scratch via a VPN Wizard. Once VPNs have been constructed in the network, VPN traffic can be added (by adding traffic demands or via a gravity model using the VPN Traffic Generation feature), and its effect on the network can be studied. The VPN module’s VPN configlet generation feature can be used to create configuration statements that can pushed onto the router by the network engineer.
Depending on the type of VPN (e.g. for L3 VPNs, L2K VPNs, and VPLS-BGP VPNs), various rules (e.g. based on export/import route-targets) are used to determine when two routers can talk with each other; the VPN path tracing feature can be used to study the routing between two routers. Paragon Planner’s VPN module features help the network engineer to understand, design, and analyze various types of VPNs.