| |
MPLS Virtual Private Networks
A VPN by itself is an isolated entity and therefore has no possibility of outside intrusion.
A significant technical advantage of MPLS VPNs is that they are connectionless. The Internet owes its success to its basic technology, TCP/IP. TCP/IP is built on packet-based, connectionless network paradigm. This means that no prior action is necessary to establish communication between hosts, making it easy for two parties to communicate.
To establish privacy in a connectionless IP environment, current VPN solutions impose a connection-oriented, point-to-point overlay on the network. Even if it runs over a connectionless network, a VPN cannot take advantage of the ease of connectivity and multiple services available in connectionless networks. When you create a connectionless VPN, you do not need tunnels and encryption for network privacy, thus eliminating significant complexity.
Centralized Service-Building VPNs in Layer 3 allows delivery of targeted services to a group of users represented by a VPN. A VPN must give service providers more than a mechanism for privately connecting users to intranet services. It must also provide a way to flexibly deliver value-added services to targeted customers. Scalability is critical, because customers want to use services privately in their intranet's and extranets. Because MPLS VPNs are seen as private intranets, you may use new IP services.
You can customize several combinations of specialized services for individual customers. For example, a service that combines IP multicast with a low-latency service class enables videoconferencing within an intranet.
Security-MPLS VPNs offer the high level of security, as connection-oriented VPNs. Packets from one VPN do not inadvertently go to another VPN. Security is provided.
At the edge of a provider network, ensuring packets received from a customer are placed on the correct VPN.
At the backbone, VPN traffic is kept separate. Malicious spoofing (an attempt to gain access to a PE router) is nearly impossible because the packets received from customers are IP packets. These IP packets must be received on a particular interface or sub interface to be uniquely identified with a VPN label.
Integrated Class of Service (CoS) Support-CoS is an important requirement for many IP VPN customers. It provides the ability to address two fundamental VPN requirements:
- Predictable performance and policy implementation
- Support for multiple levels of service in a MPLS VPN
Network traffic is classified and labeled at the edge of the network before traffic is aggregated according to policies defined by subscribers and implemented by the provider and transported across the provider core. Traffic at the edge and core of the network can then be differentiated into different classes by drop probability or delay.
A VPN contains customer devices attached to the CE routers. These customer devices use VPNs to exchange information between devices. Only the PE routers are aware of the VPNs.
Vsat
In a situation where other connectivity options are not feasible, we will be providing VSAT connectivity. VSAT offers two distant advantages: less deployment time and easy manageability.
The VSAT, which is to be installed at satellite medical centers premises, consists of three units, namely an Outdoor Unit, an Indoor Unit and Inter Facility Link (IFL) Cable interconnecting the two Units. The Outdoor Unit contains the Antenna assembly & associated RF Equipments. The antenna is of 2.4 meter diameter parabolic type and can be installed easily in any open space and required a floor area of about 4 Mt. X 4Mt. The RF equipment includes an Up converter, down converter, Solid-state power amplifier that together comprise the ODU and Low noise amplifier that are installed on the Antenna. The ODU and DIU are connected by means of IFL cable carries the telecom signals and power supply.
Broadband Connectivity
SMC are planned to be connected from their hospitals through broadband. Each hospital will be having our VPN routers establishing an Ipsec tunnel through the internet linking to the central router in our hub. The network is being designed as a overlay network using address that are distinct but mapped to the Global IP address space through the use of IP aliases to hosts and tunnels between the distant physical networks.
Ipsec tunnels are established between the internet routers in a star topology with one central internet router at the Hub facility and multiple remote routers, one each for the participating SMC.
Packets that travel between SMC network and public internet are not routed through the tunnel which would otherwise add load to the tunnel endpoints and increase physical path lengths. ISDN backups are explored as backup in place with bottleneck with the existing network.
The possibility of accessing telemedicine is done as R& D through the use of mobile. The bottleneck of bandwidth availability in the mobile spectrum is being explored and research is being done in-house to provide the best tool to overcome this bottleneck.
Firewall will be positioned at various points in the network to protect against any intruders and keep the system protected for against any attacks in security. The firewall will block and delete any incoming packets that have a source or destination into the whole network.
|
|
