Virtual Private Networks
-
Upload
networkingcentral -
Category
Documents
-
view
2.113 -
download
1
Transcript of Virtual Private Networks
![Page 1: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/1.jpg)
Virtual Private Networks
BAD 64046Vladislav Hrosinkov
4/30/2003
![Page 2: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/2.jpg)
Traditional Corporate WAN
Traditional corporate WANs are built using private lines or private Frame Relay/ATM
The remote access needs are accommodated by remote access servers and modems. The users dial in through the public switched telephone network.
![Page 3: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/3.jpg)
Traditional corporate WAN
Main advantages Predictable bandwidth Security and privacy
Main disadvantages: High telecommunication costs Not easily scalable
![Page 4: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/4.jpg)
Virtual Private Network
Definition - A VPN is a private network constructed within the public Internet
Goals Connect private networks using shared public
infrastructure Simplify distributed network creation Desirable properties Security – An obvious issue because a public
network (Internet) becomes physical part of the private network
Quality of service guarantees
![Page 5: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/5.jpg)
VPN Architectures
Site-to-site intranet VPNs - Connect different networks. A VPN gateway is located at the boundary between a private corporate network and the public Internet
![Page 6: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/6.jpg)
VPN Architectures
Remote access VPNs – Enable remote connectivity using any Internet access technology. The remote user launches the VPN client to create a VPN tunnel to the gateway
![Page 7: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/7.jpg)
VPN Architectures
Extranet VPNs – Provide customers and suppliers with access to the corporate LAN. VPN tunnels are created through the Internet between the corporate gateway and a gateway or a client located in a partner’s network
![Page 8: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/8.jpg)
Tunneling
Tunnel – A logical link between the tunnel client and the tunnel server. The path through which the packets travel
Tunneling is the process of encapsulating (placing an entire packet within another packet (which provides the routing information) and sending it over the Internet.
Tunnels serve three major purposes in VPNs: To enable different protocols to be transported over IP To route privately addressed packet through the Internet To provide data integrity and confidentiality
![Page 9: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/9.jpg)
TunnelingExample: If node C takes the original packet and
places it completely within a new packet addressed for node G, the nodes D, E and F would not know the original destination I.
![Page 10: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/10.jpg)
Tunneling protocols
PPTP (Point-to-point Tunneling Protocol)� Developed by Microsoft and other companies� Layer 2 protocol� For encapsulation uses the GRE (Generic Routing
Encapsulation) protocol� Voluntary tunneling (the VPN client manages
connection setup)� Disadvantage: Does not provide strong encryption
![Page 11: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/11.jpg)
Tunneling Protocols
L2F (Layer 2 Forwarding Protocol) Developed by Cisco and other vendors Layer 2 protocol Compulsory tunneling: no VPN client, the Internet
service provider manages the VPN connection. Can use any packet-oriented protocol for
encapsulation Tunnels can support more than one connection Disadvantage: does not define encryption for the
encapsulated packet.
![Page 12: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/12.jpg)
Tunneling Protocols
L2TP (Layer 2 Tunneling Protocol) Combines features of the previous two to
overcome their shortcomings and become a standard
Supports both voluntary and compulsory tunneling Has its own encapsulation protocol Again lack of good security features. The current L2TP draft standard recommends that
IPSec be used for encryption and key management in IP environments.
![Page 13: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/13.jpg)
Tunneling Protocols
IPSec Probably the most important protocol used in VPNs Layer 3 protocol. Provides the sender with the opportunity to
authenticate or encrypt (or both) each IP packet. Two methods of using IPSec (modes) Transport mode – only the transport-layer segment
of a IP packet is authenticated or encrypted Tunnel mode – the entire packet is authenticated or
encrypted.
![Page 14: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/14.jpg)
Tunneling Protocols
IPSec (cont.) Supports AH (Authentication Header) protocol for per-
packet authentication. Supports ESP (Encapsulating Security Payload)
protocol for authentication, encryption, anti-replay. Either one or both can be used Uses a number of standardized cryptographic
technologies Supports both manual key exchange and IKE (Internet
Key Exchange) protocol for automated key management.
IPSec is considered for the best VPN solution for IP environment
![Page 15: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/15.jpg)
VPNs - Performance IPSec solves the problem of VPN security,
but performance remains an issue. VPN performance depends on: The speed of transition through the Internet – the
public Internet cannot provide guaranteed levels of response time and reliability. Some SP offer quality of service agreements.
The efficiency of the VPN processing at each end of the connection. Encapsulation and encryption require adding data fields to each packet – long packets, likelihood of fragmentations. Encryption is very computationally intensive. Must be performed on products that are optimized for these functions.
![Page 16: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/16.jpg)
VPN Gateways A key element of a VPN Sit between public and private network, preventing
intrusions Can perform also tunneling and encryption Generally, fits in one of the following categories: routers,
firewalls, integrated hardware, software. Routers – usually are preferred for high throughput VPNs Firewalls – can provide tunneling and encryption only on
small VPNs with low traffic Integrated hardware – some of them provide very high
throughput and number of tunnels. Software Gateways – usually low-cost solutions for small
VPNs
![Page 17: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/17.jpg)
VPNs - Advantages
Eliminate the need for expensive private or leased lines
Reduce the long-distance telephone charges Reduced equipment costs (modem banks,
CSU/DSUs) Reduced technical support Scalability – easy adding of new locations to the
VPN Security
![Page 18: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/18.jpg)
VPNs - Disadvantages Require an in-depth understanding of public
network security issues and taking proper precautions in VPN deployment
The availability and performance of a corporate VPN (over the Internet) depends on uncontrollable external factors.
Shortage of standardization. The products from different vendors may not work well together.
VPNs need to accommodate complicated protocols other than IP
![Page 19: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/19.jpg)
VPNs – Global Market1997-2001
$-
$10,000
$20,000
$30,000
$40,000
$M
2000 2001 2002 2003 2004
VPN Services
Managed CPE Unmanaged Managed Cloud
Source: Infonetics Research, June 2000
$-
$1,000
$2,000
$3,000
$4,000
$M
2000 2001 2002 2003 2004
VPN Equipment
In 2000 – VPN Hardware $1.2 B
VPN Services $5.1 B
![Page 20: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/20.jpg)
VPN Market – Major Players Check Point –
62% Nortel – 15% Net Screen – 6% Avaya – 4%
Source: Data Monitor June 2001
![Page 21: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/21.jpg)
VPNs – Some Implications
Facilitate place-displacement work
Facilitate the creation of virtual corporations
![Page 22: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/22.jpg)
VPNs – Future?
Forecasts predict fast growth in the next 5 years
The future of VPNs depends mainly on the savings they provide
What if the telecommunication costs continue to drop?
![Page 23: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/23.jpg)
Sources Yuan, R., Strayer, T. “Virtual private networks”,
2001. Mairs, J. “VPNs – a beginner’s guide”, 2002 VPN Tutorial
http://www.iec.org/online/tutorials/vpn/
Virtual Private Networks – research of Infonetics Inc.http://www1.avaya.com/enterprise/whitepapers/vpnetworkswp.pdf
![Page 24: Virtual Private Networks](https://reader036.fdocuments.net/reader036/viewer/2022062405/55839112d8b42a282c8b5246/html5/thumbnails/24.jpg)
Questions?