Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Internet and Intranet Fundamentals

advertisement 
Internet and Intranet
Fundamentals
Class 9
Session C
Virtual Private Networks
• What is it?
• Technology Basis
• GTE’s VPN Advantage
VPN
What is it?
• Used to mean shared public telecom lines
– e.g., frame relay vs. dedicated leased lines
• Now it means securely tunneling over the
Internet
– extending a private Intranet across the Internet
• I.e. enabling an Extranet
– compatible with older meaning because Internet
is shared public infrastructure
VPN
What is it?
Before VPNs
VPN
What is it?
• Features
– security
– QOS
• router conspiracies?
VPN
What is it?
• Benefits
– cost reduction: shared public infrastructure such
as Internet only requires local connectivity
• point-to-point leased lines are mileage sensitive
• 20-40% for LAN-LAN
• 60-80% for remote access
– ubiquity: the Internet is everywhere
• the Internet is the data dial-tone
• can enable companies with no private network to
create one virtually
VPN
What is it?
• An Important Trend
– Gartner Group predicts nearly 100% of all
businesses will use VPNs to supplement their
WANs by 2003
Technology Basis
• Encryption
– Phase 1: encrypt payload but not header
– Phase 2: encrypt both payload and header and
encapsulate in another IP packet
• Lots of “Standards” to Choose From
– Cisco L2F = Layer 2 Forwarding
– MS PPTP
– MS and Cisco L2TP = Layer 2 Tunneling
Protocol
Technology Basis
• Data Integrity Technology
– MD-5 = message digest
– SHA = Secure Hashing Algorithm
• Authentication
Technology Basis
Layer 2 Forwarding
• Developed by Cisco
– Company Gateway is a Cisco router
– Internet Direct VPN being launched
• How It Works
– end-user exchanges PPP with ISP at POP
– router at ISP communicates with company
router via L2F
Technology Basis
Microsoft’s PPTP
•
•
•
•
•
Extension to PPP
Company Gateway is NT RAS server
Included with Win 95, 98, NT
Supports IP, IPX, and NetBEUI
Client-Server Protocol decouples functions
in Network Access Servers (NAS)
– PPTP Access Concentrator (PAC) (client)
– PPTP Network Server (PNS) (server)
Technology Basis
Microsoft’s PPTP
• PPTP Access Concentrator (PAC)
– device attached to one or more PSTN or ISDN
lines capable of PPP operation and of handling
PPTP protocol
– PAC needs only to implement TCP/IP to pass
traffic to one or more PNSs
– May also tunnel non-IP protocols
Technology Basis
Microsoft’s PPTP
• PPTP Network Server (PNS)
– envisioned to operate on general-purpose
computing/server platforms
– handles server side of PPTP protocol
– relies completely on TCP/IP
• is independent of interface hardware
• may use any combination of IP interface hardware
including LAN and WAN devices
Technology Basis
Microsoft’s PPTP
• Specifies call-control and management
protocol
– allows server to control access for dial-in
circuit switched calls originating from PSTN or
ISDN
– or to initiate outbound circuit-switched
connections.
Technology Basis
Microsoft’s PPTP
• Uses enhanced GRE (Generic Routing
Encapsulation) mechanism
– provides a flow- and congestion-controlled
encapsulated datagram service for carrying PPP
packets.
Technology Basis
Microsoft’s and Cicso’s L2TP
• L2TP extends PPP model
– allows L2 and PPP endpoints to reside on
different devices interconnected by packetswitched network
– a user has L2 connection to access concentrator
(e.g., modem bank, ADSL DSLAM, etc.)
– concentrator then tunnels individual PPP frames
to the NAS
– allows actual processing of PPP packets to be
divorced from termination of L2 circuit
Technology Basis
Microsoft’s and Cicso’s L2TP
• L2TP Access Concentrator (LAC)
– node that acts as one side of an L2TP tunnel
endpoint and is peer to L2TP Network Server
(LNS)
– sits between an LNS and remote system and
forwards packets to and from each
– packets sent from LAC to LNS require
tunneling with L2TP protocol
– connection from LAC to remote system is
either local (see: Client LAC) or a PPP link
Technology Basis
Microsoft’s and Cicso’s L2TP
• L2TP Network Server (LNS)
– node that acts as one side of an L2TP tunnel
endpoint
– peer to L2TP Access Concentrator (LAC)
– termination point of PPP session being tunneled
from remote system by LAC
Technology Basis
Microsoft’s and Cicso’s L2TP
Technology Basis
Microsoft’s and Cicso’s L2TP
Technology Basis
Microsoft’s and Cicso’s L2TP
• Three levels of end-to-end QoS service
– Best Effort Service --Provides basic
connectivity with no guarantees
– Differentiated Service -- Some traffic is treated
better than rest (more bandwidth on average,
lower loss rate on average)
• statistical preference; not a hard and fast guarantee
– Guaranteed Service -- An absolute reservation
of network resources for specific traffic
Genuity’s VPN Advantage
• See Web Site
– http://www.genuity.com/services/security/vpna
dvantage/index.htm
• Managed VPN Service
• SLA on Dedicated Access
– 99.9% Availability
– 125 ms Latency
Related documents
514-11-L2TP
514-11-L2TP
51858-PPTP_VPN_RV - Cisco Support Community
51858-PPTP_VPN_RV - Cisco Support Community
Point-to-Point Tunneling Protocols (PPTP)
Point-to-Point Tunneling Protocols (PPTP)
DFL-200_700_1100_A2_Release - D-Link
DFL-200_700_1100_A2_Release - D-Link
VPN Tunneling Protocols
VPN Tunneling Protocols
Peplink SpeedFusion
Peplink SpeedFusion
PT Activity 2.5.3
PT Activity 2.5.3
Supporting Document LNS Configuration
Supporting Document LNS Configuration
Chapter 1Computer Concept
Chapter 1Computer Concept
Download
advertisement