World Connect ServiceTRAINING FOR WTD TEAM

BY SHRIKANT BHAVSAR

What is World Connect Service?

The world connect is a solution to provide services on public IP’s (Internet AS-6453)

To overcome the discrepancies of VPN where we use MPLS backbone with private IP’s.

IP SECURITY

IPSec technology has served the needs of global enterprises well, it has become very complex to deploy, manage and reaches its scalability limits when deployed in a generic router / firewall based CPE equipment.

IPSEC modes of operation

Transport mode: Only the payload of the IP packet is usually encrypted  and/or authenticated.

Tunnel mode: The entire IP packet is encrypted and/or authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create VPN for network-to-network communications

Benefits of IPSEC

Data Confidentiality Encryption & Decryption Key Management

IKE: Session management & establishment in both PE &CE

Sessions are rekeyed & deleted automatically.

Introduction to Certes Boxes Certes Boxes are used for Encryption & decryption of Data. Certes Networks enables us to encrypt data transmissions

over any type of network without compromising application or network performance

Certes Networks introduces three areas of improvement over traditional IPsec for network-wide encryption deployments: group policy definition, dynamic traffic flow and encryption without tunnels

We need copper for CEP5,10,100 & Fiber for CEP1G

Customer network Connectivity

Certes Enforcement Points (CEP) CEP Boxes are placed or installed between PE

device and the CPE device CEP boxes will have 4 interfaces remote

interface, local interface, management interface and console.

Topology

All three topologies are supported in Certes Full Mesh, Hub & Spoke and Peer to Peer. Our deployment will be mainly focusing on Full mesh and Hub & Spoke.

Layer 3 tunnel Mode will be used for IP Sec encryption and decryption for TCL deployment

Internet break out will be through the CEP, clear policy will be configured with low priority for internet access.

Layer 3 Tunnel Mode

In Layer 3 Tunnel Mode we have two types of deployment depending upon the redundancy requirement

a. Case 1: No redundant CEP available on customer end. Remote IP will be used for encrypting and decrypting the traffic.

b. Case 2: redundant CEP available on customer end. Virtual IP will be used for encrypting and decrypting the traffic.

Types of scenarios in which certes deployment is targeted

1) Single Router Single CEP Single WAN

2) Single Router Dual CEP Dual WAN

3) Dual Router Dual CEP Dual WAN

WTD Role in World Connect Circuits

1) First we have to understand the topology.2) LM will terminate on which Certes Box3) So basic Speed & Duplex settings we have to

take from LM provider.4) During turn up, NEECO has to do basic

configuration on Certes Box.5) Certes & CE router configuration will be done

by IPP.