DOC PREVIEW
WUSTL CSE 571S - Virtual Private Networks

This preview shows page 1-2-15-16-17-32-33 out of 33 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

17-1©2007 Raj JainCSE571SWashington University in St. LouisVirtual Private Virtual Private NetworksNetworksRaj Jain Washington University in Saint LouisSaint Louis, MO [email protected]/Video recordings of this lecture are available at:http://www.cse.wustl.edu/~jain/cse571-07/17-2©2007 Raj JainCSE571SWashington University in St. Louis Overview: What, When, Issues  Types of VPNs: PE/CE based, L2 vs. L3 PPP VPN Tunneling Protocols: GRE, PPTP, L2TPv3, MPLSOverview17-3©2007 Raj JainCSE571SWashington University in St. LouisWhat is a VPN?What is a VPN? Private Network: Uses leased lines Virtual Private Network: Uses public InternetInternetServiceProvider17-4©2007 Raj JainCSE571SWashington University in St. LouisWhen to VPN?When to VPN? More Locations, Longer Distances, Less Bandwidth/site, QoS less critical ⇒ VPN more justifiable Fewer Locations, Shorter Distances, More Bandwidth/site, QoS more critical ⇒ VPN less justifiableManyLocationsLongDistanceModestBandwidthQoS not Critical17-5©2007 Raj JainCSE571SWashington University in St. LouisVPN Design IssuesVPN Design Issues1. Security2. Address Translation3. Performance: Throughput, Load balancing (round-robin DNS), fragmentation4. Bandwidth Management: RSVP5. Availability: Good performance at all times6. Scalability: Number of locations/Users7. Interoperability: Among vendors, ISPs, customers (for extranets) ⇒ Standards Compatibility, With firewall17-6©2007 Raj JainCSE571SWashington University in St. LouisDesign Issues (Cont)Design Issues (Cont)8. Compression: Reduces bandwidth requirements9. Manageability: SNMP, Browser based, Java based, centralized/distributed10. Accounting, Auditing, and Alarming11. Protocol Support: IP, non-IP (IPX)12. Platform and O/S support: Windows, UNIX, MacOS, HP/Sun/Intel13. Installation: Changes to desktop or backbone only14. Legal: Exportability, Foreign Govt Restrictions, Key Management Infrastructure (KMI) initiative ⇒ Need key recovery17-7©2007 Raj JainCSE571SWashington University in St. LouisTypes of VPNsTypes of VPNs Ends:¾ WAN VPN: Branch offices¾ Access VPN: Roaming Users¾ Extranet VPNs: Suppliers and CustomersISPHead OfficeBranch OfficePartnerTelecommuter17-8©2007 Raj JainCSE571SWashington University in St. LouisTypes of VPNs (Cont)Types of VPNs (Cont) Payload Layer: L2 VPN (Ethernet), L3 VPN (IP) Tunneling Protocol: MPLS, L2TPv3, PPTP Who is in charge?: Provider Edge Device (PE Based) or Customer Edge Device (CE Based)VPNSite-to-SiteAccessPPVPN CE BasedL3 L2MPLS Virtual RouterL2TPv3IPsec GREPPTPVPWS VPLSL3 L217-9©2007 Raj JainCSE571SWashington University in St. LouisCE Based VPNsCE Based VPNs Customers Edge routers implement IPsec tunnelsCECECECECustomerNet 1CustomerNet 2CustomerNet 3CustomerNet 417-10©2007 Raj JainCSE571SWashington University in St. LouisPE Based VPNsPE Based VPNs Service providers offers privacy, QoS, and Routing Customer uses standard routersCECEPECustomerNet 1CustomerNet 2CustomerNet 4PEPEPECE17-11©2007 Raj JainCSE571SWashington University in St. LouisLayer 2 VPNsLayer 2 VPNs Customers' Layer 2 packets are encapsulated and delivered at the other end Looks like the two ends are on the same LAN or same wire ⇒Provides Ethernet connectivity Works for all Layer 3 protocols Virtual Private Wire Service (VPWS) Virtual Private LAN Service (VPLS) RFC4664, "Framework for L2 VPNs," Sep 2006.Provider Net Provider Net17-12©2007 Raj JainCSE571SWashington University in St. LouisLayer 3 VPNLayer 3 VPN Provides Layer 3 connectivity Looks like the two customer routers are connected Usually designed for IP packetsProvider Net17-13©2007 Raj JainCSE571SWashington University in St. LouisPPP: IntroductionPPP: Introduction Point-to-point Protocol Originally for User-network connection Now being used for router-router connection Three Components: Data encaptulation, Link Control Protocol (LCP), Network Control Protocols (NCP)DeadEstablish AuthenticateNetworkTerminateUPOpenedSuccess/NoneClosingDownFailFail17-14©2007 Raj JainCSE571SWashington University in St. LouisPPP ProceduresPPP Procedures Typical connection setup:¾ Home PC Modem calls Internet Provider's router: sets up physical link¾ PC sends series of LCP packets Select PPP (data link) parameters Authenticate¾ PC sends series of NCP packets  Select network parametersE.g., Get dynamic IP address Transfer IP packets17-15©2007 Raj JainCSE571SWashington University in St. LouisVPN Tunneling ProtocolsVPN Tunneling Protocols GRE: Generic Routing Encaptulation (RFC 1701/2) PPTP: Point-to-point Tunneling Protocol L2TP: Layer 2 Tunneling protocol IPsec: Secure IP  MPLS17-16©2007 Raj JainCSE571SWashington University in St. LouisGREGRE Generic Routing Encaptulation (RFC 1701/1702) Generic ⇒ X over Y for any X or Y Optional Checksum, Loose/strict Source Routing, Key Key is used to authenticate the source Over IPv4, GRE packets use a protocol type of 47 Allows router visibility into application-level header Restricted to a single provider network ⇒ end-to-endPayloadGRE HeaderDelivery Header17-17©2007 Raj JainCSE571SWashington University in St. LouisPPTPPPTP PPTP = Point-to-point Tunneling Protocol Developed jointly by Microsoft, Ascend, USR, 3Com and ECI Telematics PPTP server for NT4 and clients for NT/95/98PPTPServerNetworkAccessServerClientISPPPTP Tunnel17-18©2007 Raj JainCSE571SWashington University in St. LouisPPTP PacketsPPTP PacketsPPTPServerNetworkAccessServerClientInternetIPGREPPPIP/IPX/NetBEUIDataPPPIPGREPPPIP/IPX/NetBEUIDataIP/IPX/NetBEUIDataPrivateNetworkEncryptedPublic IPAddressingInternal IPAddressing17-19©2007 Raj JainCSE571SWashington University in St. LouisL2TPL2TP Layer 2 Tunneling Protocol L2F = Layer 2 Forwarding (From CISCO) L2TP = L2F + PPTPCombines the best features of L2F and PPTP Easy upgrade from L2F or PPTP Allows PPP frames to be sent over non-IP (Frame relay, ATM) networks also (PPTP works on IP only) Allows multiple (different QoS) tunnels between the same end-points. Better header compression. Supports flow control17-20©2007 Raj JainCSE571SWashington University in St. LouisL2TPv3L2TPv3 Allows service providers to offer L2 VPN over IP network. L2TPv2 was for tunneling PPP over packet switched data networks (PSDN) V3 generalizes it for other protocols over PSDN ⇒ PPP specific header removed Can handle


View Full Document

WUSTL CSE 571S - Virtual Private Networks

Documents in this Course
IP sec

IP sec

28 pages

Load more
Download Virtual Private Networks
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Virtual Private Networks and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Virtual Private Networks 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?