Internet and Intranet Fundamentals - PowerPoint by bjb17276


									Internet and Intranet
       Class 9
      Session C
    Virtual Private Networks
• What is it?
• Technology Basis
• GTE’s VPN Advantage
                   What is it?
• Used to mean shared public telecom lines
  – e.g., frame relay vs. dedicated leased lines
• Now it means securely tunneling over the
  – extending a private Intranet across the Internet
     • I.e. enabling an Extranet
  – compatible with older meaning because Internet
    is shared public infrastructure
What is it?
Before VPNs
                  What is it?
• Features
  – security
  – QOS
     • router conspiracies?
                   What is it?
• Benefits
  – cost reduction: shared public infrastructure such
    as Internet only requires local connectivity
     • point-to-point leased lines are mileage sensitive
     • 20-40% for LAN-LAN
     • 60-80% for remote access
  – ubiquity: the Internet is everywhere
     • the Internet is the data dial-tone
     • can enable companies with no private network to
       create one virtually
                What is it?
• An Important Trend
  – Gartner Group predicts nearly 100% of all
    businesses will use VPNs to supplement their
    WANs by 2003
          Technology Basis
• Encryption
  – Phase 1: encrypt payload but not header
  – Phase 2: encrypt both payload and header and
    encapsulate in another IP packet
• Lots of “Standards” to Choose From
  – Cisco L2F = Layer 2 Forwarding
  – MS and Cisco L2TP = Layer 2 Tunneling
          Technology Basis
• Data Integrity Technology
  – MD-5 = message digest
  – SHA = Secure Hashing Algorithm
• Authentication
          Technology Basis
             Layer 2 Forwarding
• Developed by Cisco
  – Company Gateway is a Cisco router
  – Internet Direct VPN being launched
• How It Works
  – end-user exchanges PPP with ISP at POP
  – router at ISP communicates with company
    router via L2F
            Technology Basis
                Microsoft’s PPTP
•   Extension to PPP
•   Company Gateway is NT RAS server
•   Included with Win 95, 98, NT
•   Supports IP, IPX, and NetBEUI
•   Client-Server Protocol decouples functions
    in Network Access Servers (NAS)
    – PPTP Access Concentrator (PAC) (client)
    – PPTP Network Server (PNS) (server)
           Technology Basis
              Microsoft’s PPTP
• PPTP Access Concentrator (PAC)
  – device attached to one or more PSTN or ISDN
    lines capable of PPP operation and of handling
    PPTP protocol
  – PAC needs only to implement TCP/IP to pass
    traffic to one or more PNSs
  – May also tunnel non-IP protocols
           Technology Basis
                Microsoft’s PPTP
• PPTP Network Server (PNS)
  – envisioned to operate on general-purpose
    computing/server platforms
  – handles server side of PPTP protocol
  – relies completely on TCP/IP
     • is independent of interface hardware
     • may use any combination of IP interface hardware
       including LAN and WAN devices
           Technology Basis
               Microsoft’s PPTP
• Specifies call-control and management
  – allows server to control access for dial-in
    circuit switched calls originating from PSTN or
  – or to initiate outbound circuit-switched
          Technology Basis
              Microsoft’s PPTP
• Uses enhanced GRE (Generic Routing
  Encapsulation) mechanism
  – provides a flow- and congestion-controlled
    encapsulated datagram service for carrying PPP
           Technology Basis
       Microsoft’s and Cicso’s L2TP
• L2TP extends PPP model
  – allows L2 and PPP endpoints to reside on
    different devices interconnected by packet-
    switched network
  – a user has L2 connection to access concentrator
    (e.g., modem bank, ADSL DSLAM, etc.)
  – concentrator then tunnels individual PPP
    frames to the NAS
  – allows actual processing of PPP packets to be
    divorced from termination of L2 circuit
           Technology Basis
       Microsoft’s and Cicso’s L2TP
• L2TP Access Concentrator (LAC)
  – node that acts as one side of an L2TP tunnel
    endpoint and is peer to L2TP Network Server
  – sits between an LNS and remote system and
    forwards packets to and from each
  – packets sent from LAC to LNS require
    tunneling with L2TP protocol
  – connection from LAC to remote system is
    either local (see: Client LAC) or a PPP link
           Technology Basis
       Microsoft’s and Cicso’s L2TP
• L2TP Network Server (LNS)
  – node that acts as one side of an L2TP tunnel
  – peer to L2TP Access Concentrator (LAC)
  – termination point of PPP session being tunneled
    from remote system by LAC
  Technology Basis
Microsoft’s and Cicso’s L2TP
  Technology Basis
Microsoft’s and Cicso’s L2TP
            Technology Basis
        Microsoft’s and Cicso’s L2TP
• Three levels of end-to-end QoS service
  – Best Effort Service --Provides basic
    connectivity with no guarantees
  – Differentiated Service -- Some traffic is treated
    better than rest (more bandwidth on average,
    lower loss rate on average)
     • statistical preference; not a hard and fast guarantee
  – Guaranteed Service -- An absolute reservation
    of network resources for specific traffic
    Genuity’s VPN Advantage
• See Web Site
• Managed VPN Service
• SLA on Dedicated Access
  – 99.9% Availability
  – 125 ms Latency

To top