VPN Explorer

The MPLS VPN Challenge

MPLS VPN services represent a significant source of revenue growth for Service Providers. However, the routing-centric nature of Layer 3 MPLS VPNs based on the IETF RFC 4364 (2547bis) standard, presents a number of complex operational challenges. Service Providers need tools to:

  • Maintain and monitor an accurate baseline of customer VPN routing operations
  • Detect and correct site-to-site reachability problems before they become service affecting
  • Avert privacy issues by assuring that Provider Edge (PE) router configurations are are not causing “route leakage” between customers, both initially and over time
  • Rapidly respond to customer inquiries with accurate information on edge-to-edge VPN routing availability both currently and historically
  • Collect and analyze useful forensics data for fast troubleshooting and data continuity during problem escalation

Introducing VPN Explorer–“Layer 3 Visibility for Layer 3 VPNs”

VPN Explorer is the first solution to address these important operational challenges and provide network-wide and per customer Layer 3 monitoring, visibility and analysis for RFC 4364 MPLS VPN networks. It is the only solution that provides real-time knowledge about individual customer’s VPN routed topology, VPN site-to-site reachability and routing policy enforcement, and inter-VPN privacy. By monitoring, recording and analyzing the information contained in the MP-BGP routing protocol, a single Route Explorer appliance can compute an accurate, real-time topology of each customer’s VPN, while providing automatic baselining, monitoring, visualization, reporting, alarming and detailed diagnosis on the current state of each VPN, as well as a full historical audit trail of all VPN routing events. By utilizing Packet Design’s patent-pending route processing algorithms, VPN Explorer offers highly scalable and responsive OA&M capabilities for MPLS VPN services without the overhead associated with traditional polling-based techniques, providing for greater service assurance, uptime and customer satisfaction.

Unlike traditional network management tools that only monitor core performance statistics or PE-CE device and interface status, VPN Explorer focuses on the Layer 3, or logical layer of the network, which is the source of almost 60% of all problems in today’s IP networks. More importantly, these are the core issues affecting day-to-day service operations that translate into customer satisfaction and revenue for Service Providers.

Key Features and Capabilities of VPN Explorer

  • At a glance summary view of network and customer VPN health
  • Monitors and alerts on per-customer changes in VPN site-to-site reachability and policy
  • Detects and alerts on potential VPN privacy issues (e.g. route leakage between separate customers due to misconfigured PE routers)
  • Accurate and complete routing event audit trail for each customer VPN
  • Automatically generates baseline of routed topology for each customer’s VPN
  • Per customer alarms with fully configurable thresholds and severity levels
  • Detailed customer reports for VPN routing analysis and long-term trending
  • Full VPN routing diagnostic capabilities not only detect, but help identify the root cause of problems
  • Network-wide Layer 3 topology discovery, visualization, monitoring and analysis with unified view of routing across all major protocols (BGP, MP-BGP, OSPF, IS-IS, EIGRP)
  • Multi-user support via X-Windows or VNC clients includes customizable views per user
  • 1U Rack Mountable appliance with GigE and FE interfaces hosts all functionality

Key Benefits

  • Maximizes network availability and customer satisfaction by rapidly identifying and diagnosing VPN routing faults
  • Increases NOC operational intelligence for proactive, real-time monitoring of customer services and deviations from baseline
  • Averts customer VPN provisioning misconfigurations enabling faster time-to-revenue and positive customer impression
  • Boosts network performance by isolating the root cause of layer 3 instabilities
  • Provides continuity of customer forensics information for more effective escalations from NOC to engineering staff
  • Verifies network routing is operating as intended including levels of redundancy
  • Lets network engineers predict routing-path problems and take action before they occur
  • Prevents embarrassing and costly router maintenance window errors
  • Highly cost effective appliance and low network overhead approach ensures quick return on investment
  • Reduces total operating cost by improving productivity of both network resources and network operations staff

VPN Baselining and Health Monitoring

VPN Explorer passively monitors and records the MP-BGP routing protocol exchanges in the Service Provider’s network to compute real-time and historical routed topologies for each VPN customer, while automatically generating baselines of each customer’s VPN across multiple data attributes, including:

  • PE routers participating in each customer’s VPN (or in each Route Target)
  • Prefixes (network addresses) advertised by each customer VPN site (or by each Route Target)

Using these baselines, VPN Explorer can provide network-wide and per-customer monitoring, reporting and alerting on deviations from baseline. Instead of having to manually “hunt and peck” for this information by logging into multiple routers, VPN Explorer provides at a glance visualizations of the Layer 3 status of each customer’s VPN. A top level VPN Explorer view provides the network administrator with a summary view of overall VPN service health, individual customer VPN site reachability and PE participation, status indicators of deviation from customer baselines, and potential VPN “hot spots” with a list of customers who have the highest percentage deviation from their baseline. A convenient explorer-style menu allows easy access to key reports and capabilities.

A topology map that can be viewed in real-time or historical mode shows the state of the network as of the specified time. By selecting an individual customer’s VPN, the topology map will indicate the PE routers that were participating in the customer’s VPN at the selected time. Further details can be shown, including the list of prefixes advertised per site and a complete list of all routing events pertaining to the customer’s VPN. Powerful event analysis and filtering tools let the network engineer rapidly analyze and diagnose any potential problems.

Detailed Analysis and Diagnosis of VPN Problems

When problems occur, VPN Explorer not only detects them in real-time, but helps the operator rapidly diagnose complex Layer 3 issues that are not a result of device failure and that traditional NMS products don’t even detect. Any deviation from baseline VPN operation is immediately detected, and historical graphs of prefix reachability and PE router participation allow the administrator to identify the exact moment when issues occurred in the network.

Administrators can view a complete and accurate audit trail per customer VPN, drill down to see every relevant event, and leverage VPN Explorer’s powerful sorting and filtering functions to isolate the root cause. Historical graphs of individual customer VPN prefix reachability and PE router participation allow the administrator to move back in time to see when issues first occurred in the network and more easily determine the cause.

Operators can zoom into the heart of any problem with detailed reports on individual routing events for each customer in any identified timeline, allowing them to pinpoint which routes changed or which PE routers were added/removed from the VPN.

 

Datasheet