Embed Size (px)
DESCRIPTION
Internet and Intranet Fundamentals. Class 9 Session C. Virtual Private Networks. What is it? Technology Basis GTE’s VPN Advantage. VPN What is it?. Used to mean shared public telecom lines e.g., frame relay vs. dedicated leased lines Now it means securely tunneling over the Internet - PowerPoint PPT Presentation
Citation preview
Internet and Intranet Fundamentals
Class 9
Session C
Virtual Private Networks
• What is it?
• Technology Basis
• GTE’s VPN Advantage
VPNWhat is it?
• Used to mean shared public telecom lines– e.g., frame relay vs. dedicated leased lines
• Now it means securely tunneling over the Internet– extending a private Intranet across the Internet
• I.e. enabling an Extranet
– compatible with older meaning because Internet is shared public infrastructure
VPNWhat is it?
Before VPNs
VPNWhat is it?
• Features– security– QOS
• router conspiracies?
VPNWhat is it?
• Benefits– cost reduction: shared public infrastructure such
as Internet only requires local connectivity• point-to-point leased lines are mileage sensitive
• 20-40% for LAN-LAN
• 60-80% for remote access
– ubiquity: the Internet is everywhere• the Internet is the data dial-tone
• can enable companies with no private network to create one virtually
VPNWhat is it?
• An Important Trend– Gartner Group predicts nearly 100% of all
businesses will use VPNs to supplement their WANs by 2003
Technology Basis
• Encryption– Phase 1: encrypt payload but not header– Phase 2: encrypt both payload and header and
encapsulate in another IP packet
• Lots of “Standards” to Choose From– Cisco L2F = Layer 2 Forwarding– MS PPTP– MS and Cisco L2TP = Layer 2 Tunneling Protocol
Technology Basis
• Data Integrity Technology– MD-5 = message digest– SHA = Secure Hashing Algorithm
• Authentication
Technology BasisLayer 2 Forwarding
• Developed by Cisco – Company Gateway is a Cisco router – Internet Direct VPN being launched
• How It Works– end-user exchanges PPP with ISP at POP– router at ISP communicates with company
router via L2F
Technology BasisMicrosoft’s PPTP
• Extension to PPP
• Company Gateway is NT RAS server
• Included with Win 95, 98, NT
• Supports IP, IPX, and NetBEUI
• Client-Server Protocol decouples functions in Network Access Servers (NAS)– PPTP Access Concentrator (PAC) (client)– PPTP Network Server (PNS) (server)
Technology BasisMicrosoft’s PPTP
• PPTP Access Concentrator (PAC)– device attached to one or more PSTN or ISDN
lines capable of PPP operation and of handling PPTP protocol
– PAC needs only to implement TCP/IP to pass traffic to one or more PNSs
– May also tunnel non-IP protocols
Technology BasisMicrosoft’s PPTP
• PPTP Network Server (PNS)– envisioned to operate on general-purpose
computing/server platforms– handles server side of PPTP protocol– relies completely on TCP/IP
• is independent of interface hardware
• may use any combination of IP interface hardware including LAN and WAN devices
Technology BasisMicrosoft’s PPTP
• Specifies call-control and management protocol – allows server to control access for dial-in
circuit switched calls originating from PSTN or ISDN
– or to initiate outbound circuit-switched connections.
Technology BasisMicrosoft’s PPTP
• Uses enhanced GRE (Generic Routing Encapsulation) mechanism – provides a flow- and congestion-controlled
encapsulated datagram service for carrying PPP packets.
Technology BasisMicrosoft’s and Cicso’s L2TP
• L2TP extends PPP model – allows L2 and PPP endpoints to reside on
different devices interconnected by packet-switched network
– a user has L2 connection to access concentrator (e.g., modem bank, ADSL DSLAM, etc.)
– concentrator then tunnels individual PPP frames to the NAS
– allows actual processing of PPP packets to be divorced from termination of L2 circuit
Technology BasisMicrosoft’s and Cicso’s L2TP
• L2TP Access Concentrator (LAC)– node that acts as one side of an L2TP tunnel
endpoint and is peer to L2TP Network Server (LNS)
– sits between an LNS and remote system and forwards packets to and from each
– packets sent from LAC to LNS require tunneling with L2TP protocol
– connection from LAC to remote system is either local (see: Client LAC) or a PPP link
Technology BasisMicrosoft’s and Cicso’s L2TP
• L2TP Network Server (LNS)– node that acts as one side of an L2TP tunnel
endpoint – peer to L2TP Access Concentrator (LAC) – termination point of PPP session being tunneled
from remote system by LAC
Technology BasisMicrosoft’s and Cicso’s L2TP
Technology BasisMicrosoft’s and Cicso’s L2TP
Technology BasisMicrosoft’s and Cicso’s L2TP
• Three levels of end-to-end QoS service– Best Effort Service --Provides basic
connectivity with no guarantees– Differentiated Service -- Some traffic is treated
better than rest (more bandwidth on average, lower loss rate on average)
• statistical preference; not a hard and fast guarantee
– Guaranteed Service -- An absolute reservation of network resources for specific traffic
Genuity’s VPN Advantage
• See Web Site– http://www.genuity.com/services/security/
vpnadvantage/index.htm
• Managed VPN Service
• SLA on Dedicated Access– 99.9% Availability– 125 ms Latency
