1 / 23

Internet and Intranet Fundamentals

Internet and Intranet Fundamentals. Class 9 Session C. Virtual Private Networks. What is it? Technology Basis GTE’s VPN Advantage. VPN What is it?. Used to mean shared public telecom lines e.g., frame relay vs. dedicated leased lines Now it means securely tunneling over the Internet

eara
Télécharger la présentation

Internet and Intranet Fundamentals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet and Intranet Fundamentals Class 9 Session C

  2. Virtual Private Networks • What is it? • Technology Basis • GTE’s VPN Advantage

  3. VPNWhat is it? • Used to mean shared public telecom lines • e.g., frame relay vs. dedicated leased lines • Now it means securely tunneling over the Internet • extending a private Intranet across the Internet • I.e. enabling an Extranet • compatible with older meaning because Internet is shared public infrastructure

  4. VPNWhat is it?

  5. Before VPNs

  6. VPNWhat is it? • Features • security • QOS • router conspiracies?

  7. VPNWhat is it? • Benefits • cost reduction: shared public infrastructure such as Internet only requires local connectivity • point-to-point leased lines are mileage sensitive • 20-40% for LAN-LAN • 60-80% for remote access • ubiquity: the Internet is everywhere • the Internet is the data dial-tone • can enable companies with no private network to create one virtually

  8. VPNWhat is it? • An Important Trend • Gartner Group predicts nearly 100% of all businesses will use VPNs to supplement their WANs by 2003

  9. Technology Basis • Encryption • Phase 1: encrypt payload but not header • Phase 2: encrypt both payload and header and encapsulate in another IP packet • Lots of “Standards” to Choose From • Cisco L2F = Layer 2 Forwarding • MS PPTP • MS and Cisco L2TP = Layer 2 Tunneling Protocol

  10. Technology Basis • Data Integrity Technology • MD-5 = message digest • SHA = Secure Hashing Algorithm • Authentication

  11. Technology BasisLayer 2 Forwarding • Developed by Cisco • Company Gateway is a Cisco router • Internet Direct VPN being launched • How It Works • end-user exchanges PPP with ISP at POP • router at ISP communicates with company router via L2F

  12. Technology BasisMicrosoft’s PPTP • Extension to PPP • Company Gateway is NT RAS server • Included with Win 95, 98, NT • Supports IP, IPX, and NetBEUI • Client-Server Protocol decouples functions in Network Access Servers (NAS) • PPTP Access Concentrator (PAC) (client) • PPTP Network Server (PNS) (server)

  13. Technology BasisMicrosoft’s PPTP • PPTP Access Concentrator (PAC) • device attached to one or more PSTN or ISDN lines capable of PPP operation and of handling PPTP protocol • PAC needs only to implement TCP/IP to pass traffic to one or more PNSs • May also tunnel non-IP protocols

  14. Technology BasisMicrosoft’s PPTP • PPTP Network Server (PNS) • envisioned to operate on general-purpose computing/server platforms • handles server side of PPTP protocol • relies completely on TCP/IP • is independent of interface hardware • may use any combination of IP interface hardware including LAN and WAN devices

  15. Technology BasisMicrosoft’s PPTP • Specifies call-control and management protocol • allows server to control access for dial-in circuit switched calls originating from PSTN or ISDN • or to initiate outbound circuit-switched connections.

  16. Technology BasisMicrosoft’s PPTP • Uses enhanced GRE (Generic Routing Encapsulation) mechanism • provides a flow- and congestion-controlled encapsulated datagram service for carrying PPP packets.

  17. Technology BasisMicrosoft’s and Cicso’s L2TP • L2TP extends PPP model • allows L2 and PPP endpoints to reside on different devices interconnected by packet-switched network • a user has L2 connection to access concentrator (e.g., modem bank, ADSL DSLAM, etc.) • concentrator then tunnels individual PPP frames to the NAS • allows actual processing of PPP packets to be divorced from termination of L2 circuit

  18. Technology BasisMicrosoft’s and Cicso’s L2TP • L2TP Access Concentrator (LAC) • node that acts as one side of an L2TP tunnel endpoint and is peer to L2TP Network Server (LNS) • sits between an LNS and remote system and forwards packets to and from each • packets sent from LAC to LNS require tunneling with L2TP protocol • connection from LAC to remote system is either local (see: Client LAC) or a PPP link

  19. Technology BasisMicrosoft’s and Cicso’s L2TP • L2TP Network Server (LNS) • node that acts as one side of an L2TP tunnel endpoint • peer to L2TP Access Concentrator (LAC) • termination point of PPP session being tunneled from remote system by LAC

  20. Technology BasisMicrosoft’s and Cicso’s L2TP

  21. Technology BasisMicrosoft’s and Cicso’s L2TP

  22. Technology BasisMicrosoft’s and Cicso’s L2TP • Three levels of end-to-end QoS service • Best Effort Service --Provides basic connectivity with no guarantees • Differentiated Service -- Some traffic is treated better than rest (more bandwidth on average, lower loss rate on average) • statistical preference; not a hard and fast guarantee • Guaranteed Service -- An absolute reservation of network resources for specific traffic

  23. Genuity’s VPN Advantage • See Web Site • http://www.genuity.com/services/security/vpnadvantage/index.htm • Managed VPN Service • SLA on Dedicated Access • 99.9% Availability • 125 ms Latency

More Related