world connect training
TRANSCRIPT
World Connect ServiceTRAINING FOR WTD TEAM
BY SHRIKANT BHAVSAR
What is World Connect Service?
The world connect is a solution to provide services on public IP’s (Internet AS-6453)
To overcome the discrepancies of VPN where we use MPLS backbone with private IP’s.
IP SECURITY
IPSec technology has served the needs of global enterprises well, it has become very complex to deploy, manage and reaches its scalability limits when deployed in a generic router / firewall based CPE equipment.
IPSEC modes of operation
Transport mode: Only the payload of the IP packet is usually encrypted and/or authenticated.
Tunnel mode: The entire IP packet is encrypted and/or authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create VPN for network-to-network communications
Benefits of IPSEC
Data Confidentiality Encryption & Decryption Key Management
IKE: Session management & establishment in both PE &CE
Sessions are rekeyed & deleted automatically.
Introduction to Certes Boxes Certes Boxes are used for Encryption & decryption of Data. Certes Networks enables us to encrypt data transmissions
over any type of network without compromising application or network performance
Certes Networks introduces three areas of improvement over traditional IPsec for network-wide encryption deployments: group policy definition, dynamic traffic flow and encryption without tunnels
We need copper for CEP5,10,100 & Fiber for CEP1G
Customer network Connectivity
Certes Enforcement Points (CEP) CEP Boxes are placed or installed between PE
device and the CPE device CEP boxes will have 4 interfaces remote
interface, local interface, management interface and console.
Topology
All three topologies are supported in Certes Full Mesh, Hub & Spoke and Peer to Peer. Our deployment will be mainly focusing on Full mesh and Hub & Spoke.
Layer 3 tunnel Mode will be used for IP Sec encryption and decryption for TCL deployment
Internet break out will be through the CEP, clear policy will be configured with low priority for internet access.
Layer 3 Tunnel Mode
In Layer 3 Tunnel Mode we have two types of deployment depending upon the redundancy requirement
a. Case 1: No redundant CEP available on customer end. Remote IP will be used for encrypting and decrypting the traffic.
b. Case 2: redundant CEP available on customer end. Virtual IP will be used for encrypting and decrypting the traffic.
Types of scenarios in which certes deployment is targeted
1) Single Router Single CEP Single WAN
2) Single Router Dual CEP Dual WAN
3) Dual Router Dual CEP Dual WAN
WTD Role in World Connect Circuits
1) First we have to understand the topology.2) LM will terminate on which Certes Box3) So basic Speed & Duplex settings we have to
take from LM provider.4) During turn up, NEECO has to do basic
configuration on Certes Box.5) Certes & CE router configuration will be done
by IPP.