Upload
shikha29sinha
View
222
Download
0
Embed Size (px)
Citation preview
8/7/2019 05ce52
1/12
Virtual Private NetworksVirtual Private Networks
8/7/2019 05ce52
2/12
VPNsVPNs
Definition: A VPN is an emulation of a privatewide area network (WAN) facility using IP
facilities (including the public Internet, or private
IP backbones).
VPNs can be implemented in many ways:
CPE based solutions
Network based solutions
8/7/2019 05ce52
3/12
8/7/2019 05ce52
4/12
Internet Support VPNsInternet Support VPNs
Customer requirements for VPNs
Support for data security
Support for Quality of Service Guarantees
Need some form of IP tunneling
8/7/2019 05ce52
5/12
CPE Vs. Network Based VPNsCPE Vs. Network Based VPNs
Most current VPN implementations are based onCPE devices:
Firewalls
WAN edge routers
Network based solution: VPN is implemented on
network by Internet service provider (ISP)
Some mechanisms leverage tools that are applicable
only to ISPs rather than individual customers running
special CPE devices.
8/7/2019 05ce52
6/12
Different VPN typesDifferent VPN types
Virtual Leased Lines (VLLs) Virtual Private Routed Networks (VPRNs)
Virtual Private LAN Segment (VPLSs)
Virtual Private Dial Networks (VPDNs)
8/7/2019 05ce52
7/12
Virtual Leased Lines (VLLs)Virtual Leased Lines (VLLs)
VLL = IP tunnel forming a point-to-point link toemulate a physical leased line or dedicated
connection.
8/7/2019 05ce52
8/12
VPRNsVPRNs
Benefit: Configuration of the CPE router issimplified. ISP edge router appears to be a
neighbor router.
Forwarding is done at the network layer (Layer 3).
Each customer side CPE router is connected to an
ISP edge router through one or more stub links
(leased lines, ATM or Frame Relay)
Each VPRN supports only a single network layerprotocol.
8/7/2019 05ce52
9/12
VPRN Generic RequirementsVPRN Generic Requirements
Unique VPN identifier to refer to a particular VPN
VPRN membership
configuration
dissemination (directory lookup, explicit management
configuration, piggybacking in routing protocols).
Stub link reachability information
edge router must learn set of addresses/address prefixes
reachable via each stub link.
Each CPE router needs to learn the destinationsreachable by each stub link.
8/7/2019 05ce52
10/12
VPLS: Requirements & RecommendationsVPLS: Requirements & Recommendations
Very similar to VPRNs Unlike VPRNs, CPE nodes can either be bridges
or routers
nature of CPE (bridge Vs router) impacts nature of
encapsulation, addressing, forwarding and reachabilityprotocols within the VPLS.
Advantage: protocol transparency.
Commonality btw VPRNs and VPLSs can be
exploited to reduce complexity.
8/7/2019 05ce52
11/12
VPDNsVPDNs
Support compulsory tunneling a dial or network access server (LAC), extends a PPP
session across a backbone using L2TP to a remote
LNS.
Other issues: Call Routing
Security mechanism
Traffic management
Call multiplexing
Address management
Support for largeMTUs
8/7/2019 05ce52
12/12
SummarySummary
Further standardization efforts needed in defining a generic VPN tunneling protocol
a globally unique VPN identifier
a VPN membership information configuration and
dissemination mechanism
Further study is needed to address
security issues
scalability of membership configuration and
dissemination mechanism