LOGO

www.themegallery.com
Ging vin: Hong Thanh Nam

CHNG II: GIAO THC VPN TI
TNG 2


LOGO
8/4/2014 2
Mc tiu
Hiu c cc giao thc mng ring
o ti tng 2
nh dng ca cc giao thc
M hnh ng hm ca cc giao thc
Qu trnh thc hin
Cc u nhc im
LOGO
www.themegallery.com
Ni dung
2.1. Giao thc PPP
1
2.2. Giao thc ng hm im - im (PPTP)
2
2.3. Giao thc chuyn tip tng 2 (Layer 2
Forwarding Protocol - L2F)
3
2.4. Giao thc ng hm tng 2 (Layer 2
Tunneling Protocol - L2TP)
4
LOGO
Nhc li mt s kin thc
LOGO
Nhc li mt s kin thc
1. Hai loi k thut truyn tin c bn (circuit-
switched & packet switched))
2. Cc giao thc mng & M hnh tham chiu
3. Mng Internet
4. Tng Data link
5. Mt s thit b mng
LOGO
Mng truyn thng
circuit-switched
networks
(vd. telephone)
communication
networks
switched
networks
broadcast
networks
(vd. Radio,
Broadcast TV)
packet-switched
networks
datagram
networks
(vd. Internet)
virtual circuit-
switched
networks
(vd. ATM)
FDM
TDM
LOGO
Hai k thut truyn tin c bn:

Circuit-switched (truyn knh)
Packet-switched (truyn gi)
Datagram
Virtual Circuit

LOGO
Circuit switching
Khi hai nt mun
trao i thng tin
thit lp knh
(circuit).
Knh c gi ring
cho hai nt cho ti
khi kt thc phin
trao i.
VD: Mng in thoi.
LOGO
Packet switching
D liu c chia thnh cc gi tin (packet).Mi gi u c
phn thng tin iu khin (header, trailer) cho bit ngun
gi, ch nhn
Cc gi tin c th n v i theo nhng ng khc nhau
dn knh (multiplexing), c lu tr ri chuyn tip khi
i qua nt trung gian (store & forward).
Header Data Trailer
101001.1010001101011011110.11001
packet
LOGO
So snh circuit switching v packet switching
Packet switching
Khng chim dng ng truyn cho php nhiu
ngi dng hn, hiu sut s dng ng truyn
cao.
Khng cn thit lp knh truyn (call setup).
C tr gi tin.
Cn phi c c ch khc phc li.
Circuit switching
Call setup
Thch hp vi truyn tin cht lng cao, tc th.
LOGO
11 1-6/2005
Packet switching
packet-switched
networks
datagram
networks
(vd. Internet)
virtual circuit-
switched
networks
(vd. ATM)
Hai model c bn ca packet switching (tng mng):
- Knh o (virtual circuit)
- Lc d liu (datagram)

LOGO
12 1-6/2005
Virtual Circuit
Thit lp lin kt trc khi truyn d liu v hu b lin
kt sau khi truyn xong.
VC setup: trc khi truyn, tng mng phi thit lp mt knh
truyn o (VC) t sender ti receiver ( bit a ch).
Data transfer: d liu c truyn qua VC.
VC teardown: mt khi sender hoc receiver mun ngt VC, n
thng bo cho network layer bit, network layer s hu b VC.
Cn c gi l connection-oriented
Mi gi tin cha thm thng tin v knh m n s i qua
(VC identifier number).
Cc routers/packet switches trn knh o (VC) lun nm
gi trng thi ca knh i qua n.
LOGO
Chng 4. Giao thc
tng mng
13 1-6/2005
Datagram network
Khng thit lp knh truyn.
Cc thit b chuyn mch khng cn nm gi trng thi cc
knh.
Gi tin c truyn da trn a ch ca receiving host.
ng i ca cc gi tin gia hai host c th khc nhau.
application
transport
network
data link
physical
application
transport
network
data link
physical
1. Send data
2. Receive data
LOGO
Packet switching: Datagram & Virtual Circuit
Host A
Host B
Host E
Host D
Host C
Node 1
Node 2
Node 3
Node 4
Node 5
Node 6
Node 7
Datagram packet switching
V d: Internet
LOGO
Packet switching: Datagram & Virtual Circuit
Host A
Host B
Host E
Host D
Host C
Node 1
Node 2
Node 3
Node 4
Node 5
Node 6
Node 7
Virtual-Circuit packet switching
V d: ATM Network
LOGO
Chng 4. Giao thc
tng mng
16 1-6/2005
Datagram or VC network
Internet
Mng my tnh (datagram):
dch v nhy cm.
khng gii hn thi gian.
Cc h thng cui thng
minh (computer):
c kh nng thch nghi,
kim sot, khi phc li.
kin trc bn trong mng
n gin nhng kt ni cc
mng phc tp.
Nhiu dng lin kt mng dn
n mt dch v thun nht
(knh) l khng thch hp.
ATM
Mng in thoi (chuyn mch
knh).
Tng tc ngi-ngi i
hi:
thi gian truyn.
tin cy.
dch v phi c m
bo.
Cc thit b cui n gin,
dng nh c nh:
in thoi.
mc phc tp nm bn
trong mng.
LOGO
Giao thc mng & M hnh
tham chiu
LOGO
Giao thc mng

Giao thc (protocol): Tp hp cc quy tc giao tip gia
cc h my tnh.
Giao thc truyn thng c chia lm hai loi:
Truyn tin c lin kt (connection-oriented): 3
giai on
1. Thit lp lin kt (handshaking).
2. Truyn d liu (data transferring).
C cc c ch kim sot li
3. Hu b lin kt (terminating).
Truyn thng khng lin kt (connectionless): ch
c giai on truyn d liu.
Thng s dng cho cc tng thp, ng truyn c
tin cy cao.
LOGO
Giao thc mng
M hnh giao thc mng hin nay tun theo kin trc
phn tng (layer architecture).
Mi tng m nhn nhng chc nng nht nh.
Ch c tng dui cng l giao tip trc tip vi nhau.
Mt tng t tng 2 tr ln ch giao tip vi nhiu nht
hai tng (k trn, k di).
Thng tin truyn t tng N ca h thng 1 sang tng
N ca h thng 2 phi truyn qua cc tng N-1 N-2
1 ca h thng 1 v cc tng 12N-1
ca h thng 2.

LOGO
M hnh trao i d liu gia cc tng
LOGO
M hnh trao i d liu gia cc tng
Data
Data
(N+1) PDU
(N+1) PCI
(N) PCI
User
(N+1) Layer
(N) Layer
PCI Protocol Control Information
PDU Protocol Data Unit
LOGO
Cc m hnh tham chiu (Reference Models)
M hnh OSI (Open System Interconnection
Reference Model):
a ra bi ISO nm 1984.
M hnh tham chiu l thuyt cho cc h thng m
ni chung.
7 tng: Physical, Data Link, Network, Transport,
Session, Presentation, Application.
M hnh TCP/IP:
S dng cho mng Internet.
4 tng: Host-to-network, Internet, Transport,
Application.
LOGO
M hnh OSI
Application
Presentation
Session
Transport
Network
Data Link
Physical
ng dng
Trnh din
Phin
Giao vn
Mng
Lin kt d liu
Vt l
011010100011001111
System #1
H thng #2
7

6

5

4

3

2

1
All

People

Seem

To

Need

Data

Processing
LOGO
TCP/IP Reference Model
M hnh OSI ch mang tnh cht l thuyt, phc
v nghin cu v hc tp.
TCP/IP l m hnh p dng cho mng Internet.
TCP = Transmission Control Protocol.
IP = Internet Protocol.
TCP, IP l hai giao thc ph bin trong h
giao thc TCP/IP.
LOGO
TCP/IP Layers & Protocols
Layers
Protocols
+ Network Access = Host-to-network = Data link + Physical
+ Network = Internet
LOGO
i snh OSI v TCP/IP
LOGO
Cc t chc v chun thng dng
ISO (International Organization for Standardization)
http://www.iso.org
CCITT (Commit Consultatif International pour Tlgraphe
et Tlphone)
Khng ban hnh cc chun m ban hnh cc khuyn ngh
(X.25).
ANSI (American National Standard Institute)
NIST (National Institute of Standards and Technology)
IEEE (Institute of Electrical and Electronics Engineers)
IAB (Internet Architecture Board).
RFCs (Request For Comments).
IRTF (Internet Research Task Force).
IETF (Internet Engineering Task Force).
ISOC (Internet Society)
LOGO
Mng Internet

LOGO
Mng Internet
Hng trm triu nt mng c kt ni khp hnh tinh.
Hng triu dch v c cung cp (web, mail).
Global network of networks.
Mng xng sng (Internet backbone).
LOGO
Kin trc mng Internet
Mng internet c xy dng trn c s cc ng trc
(Backbone) l h thng cp c bng thng cao truyn d
liu dng cho truyn d liu qua mng Internet
Cc ng trc ny kt ni cc NSP (Network Service
Provider) cc NSP l ngang hng trong vic trao i thng
lng gi tin
Mt s NSP: UUNet, CerfNet, IBM, BBN Planet,
SprintNet, PSINet
Cc nh cung cp dch v internet (ISP-Internet Service
Provider) mua li bng thng ca cc NSP v bn cho
cc khch hng l cc t chc, cng ty, trng hc, c
nhn vv..

LOGO
31 1-6/2005
Lung d liu mng
LOGO
Tng lin kt d liu
(Data link)

www.themegallery.com
LOGO
33 1-6/2005
Data Link
Data link: Lin kt d
liu; tng 2.
PDU: frame.
packet nhiu frame
Nhim v ca tng data
link l truyn cc cc
packet (datagram) t nt
ny ti nt khc.
link
LOGO
34 1-6/2005
Data Link & frame
Link:
router-router; host-host; router-host
frame: d liu ca tng data link
application
transport
network
link
physical


network
link
physical
M
M
M
M
H
t
H
t
H
n
H
t
H
n
H
l
M H
t
H
n
H
l
frame
phys. link
data link
protocol
LOGO
35 1-6/2005
Thc thi
Tng lin kt c thc thi ti network adapter (NIC
Network Interface Card):
NIC = RAM + DSP chips + host bus interface + link
interface
application
transport
network
link
physical


network
link
physical
M
M
M
M
H
t
H
t
H
n
H
t
H
n
H
l
M H
t
H
n
H
l
frame
phys. link
data link
protocol
adapter card
LOGO
36 1-6/2005
a truy cp (Multiple Access)
C hai loi links:
im im (point-to-point)
PPP (dial-up access: kt ni Internet ti nh qua modem)
Lin kt im-im gia Ethernet switch v host
Qung b (broadcast)
Radio; Bus LAN;
802.11 wireless LAN
LOGO
37 1-6/2005
a cha tng Data Link
32-bit IP address:
network-layer address
IP c ng trong cc gi tin (ngun, ch).
LAN (or MAC or physical) address:
48 bit (6 bytes) MAC address (i vi hu ht
LANs)
c ghi trong adapter ROM

* Link layer = MAC + LLC
* MAC: Media Access Control
* LLC: Logical Link Control
LOGO
38 1-6/2005
a ch LAN v ARP
Mi adapter c mt a ch vt l duy nht, tng t nh s CMTND.
Broadcast address =
FF-FF-FF-FF-FF-FF
= adapter
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
(wired or
wireless)
LOGO
39 1-6/2005
Khi A gi gi tin ti B
223.1.1.1
223.1.1.2
223.1.1.3
223.1.1.4 223.1.2.9
223.1.2.2
223.1.2.1
223.1.3.2
223.1.3.1
223.1.3.27
A
B
E
A gi packet ti B, A s:
Tra cu a ch mng ca B,
pht hin ra B cng mng vi A
link layer gi packet ti B thng
qua frame.
Bs MAC
addr
As MAC
addr
As IP
addr
Bs IP
addr
IP payload
datagram
frame
frame source,
dest address
packet source,
dest address
LOGO
40 1-6/2005
ARP: Address Resolution Protocol
Mi nt mng (Host,
Router) u c ARP
table
ARP Table: cho php t
IP tra cu ra MAC addr
Cu to bn ghi:
< IP address; MAC address; TTL>
TTL (Time To Live):
thi gian tn ti ca bn
ghi ti khi b xo.
???: Lm th no
bit a ch vt l ca B khi
bit IP ca B?
1A-2F-BB-76-09-AD
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
71-65-F7-2B-08-53
LAN
237.196.7.23
237.196.7.78
237.196.7.14
237.196.7.88
LOGO
41 1-6/2005
Trng hp cha bit MAC addr ca nt
Nu A mun bit MAC addr ca B (khng
c trong ARP table)
A bit IP ca B (ipb).
A gi ARP query packet ti tt c cc nt
(broadcast), trong c cha IP ca B (ipb)
hi xem nt no c a ch IP l ipb.
Tt c cc nt u nhn c v kim tra
xem ipb c trng vi IP ca mnh khng, nu
trng th tr li (nt B).

LOGO
42 1-6/2005
Trng hp hai nt hai mng khc nhau
A (111.111.111.111) mun gi tin ti B
(222.222.222.222)
A khng bit MAC addr ca B, nu gi ARP pkt hi
LAN1 khng c nt no tr li.
A
R
B
LOGO
43 1-6/2005
A to gi IP vi ngun l A, ch l B
A dng ARP ly /c tng vt l ca R ng vi /c IP 111.111.111.110
A to frame vi /c vt l ca R l ch, trong frame cha gi IP t A-
ti B.
Tng lin kt d liu ca A gi frame
Tng lin kt d liu ca R nhn frame
R ly ra gi IP t frame, nhn thy /c ch trong gi IP l B.
R dng ARP ly a ch vt l ca B
R to frame cha gi Ip t A-ti-B gi ti B
A
R
B
LOGO
Cc cng ngh tng Data link
Ethernet
PPP
Wireless Networks
ATM
Frame Relay

www.themegallery.com
LOGO
Mt s thit b mng
Repeater (b lp): khi phc tn hiu b yu.
Hub:
Hot ng tng vt l vi chc nng chnh l chuyn cc bit nhn
c t mt cng ti cc cng cn li.
Bridge (cu): c s dng kt ni cc on mng
(segment) khc nhau, hot ng ti tng data link.
Khng cn cu hnh (plug-n-play)
L thit b store and forward
Switch: hot ng tng data link
C chc nng ging vi bridge, nhng s lng cng ca
switch ln hn; switch cho php kt ni cc mng khc nhau
(10BaseT vi 100BaseT).
Router: hot ng tng network
Router cn phi c cu hnh, c a ch IP th mi hot ng.
Thc thi cc gii thut chn ng (routing algorithms).
Chuyn tip (forwarding) cc gi tin t cng vo ti cng ra thch hp.


www.themegallery.com
LOGO
46 1-6/2005
Hub + switch + router in a company
LOGO
47 1-6/2005
ATM (Asynchronous Transfer Mode)
Ra i gn y (mid-1980s).
L mng WAN kt hp truyn telephone voice v d liu
vi tc cao.
ATM l mt kin trc mng vi b giao thc y
(application physical).
ATM s dng phng php chuyn mch gi (packet
switch) vi kch thc gi c nh = 53 bytes (cell); s
dng Virtual Circuit (Virtual Channel)
Gi thnh cao, cc ng dng cho ATM cha c pht
trin mnh ATM cha ph bin.
Mt s tng di ca ATM hin c s dng xy
dng mng xng sng ca Internet (IP over ATM).
LOGO
48 1-6/2005
ATM: Internet backbone
LOGO
49 1-6/2005
Frame Relay & X.25
Ra i vo u 1980s.
X.25 c coi nh cng ngh chuyn mch gi cng
cng u tin.
Frame Relay k tha t X.25.
X.25 v Frame Relay u l cc cng ngh WAN.
Cng ging ATM, X.25 v Frame Relay np di bng
ca IP, c s dng truyn cc packet ca tng IP
gia cc router.
X.25, Frame Relay l nhng cng ngh ca qu kh
LOGO
8/4/2014 50
Thank you!
LOGO

www.themegallery.com
LOGO
Chng 4. Giao thc
tng mng
52 1-6/2005
NAT: Network Address Translation
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
138.76.29.7
local network
(e.g., home network)
10.0.0/24
rest of
Internet
Datagrams with source or
destination in this network
have 10.0.0/24 address for
source, destination (as usual)
All datagrams leaving local
network have same single source
NAT IP address: 138.76.29.7,
different source port numbers
LOGO
Chng 4. Giao thc
tng mng
53 1-6/2005
NAT: Network Address Translation (cont)
Mt LAN ch s dng mt IP duy nht khi giao
tip vi mng ngoi.
T :
Khng cn tm di IP t ISP cp pht cho cc thit
b mng trong (my trm) v ch dng 1 IP.
Thay i IP ca my trm ni b m khng nh
hng ti mng ngoi.
Thay i ISP m khng cn thay i a ch cc thit
b mng trong.
Cc thit b mng trong khng nhn thy c t
mng ngoi.
LOGO
Chng 4. Giao thc
tng mng
54 1-6/2005
NAT: Implementation
NAT router:
outgoing datagrams: replace (source IP address, port #)
of every outgoing datagram to (NAT IP address, new
port #)
. . . remote clients/servers will respond using (NAT IP
address, new port #) as destination addr.

remember (in NAT translation table) every (source IP
address, port #) to (NAT IP address, new port #)
translation pair

incoming datagrams: replace (NAT IP address, new port
#) in dest fields of every incoming datagram with
corresponding (source IP address, port #) stored in NAT
table
LOGO
Chng 4. Giao thc
tng mng
55 1-6/2005
NAT example
10.0.0.1
10.0.0.2
10.0.0.3
S: 10.0.0.1, 3345
D: 128.119.40.186, 80
1
10.0.0.4
138.76.29.7
1: host 10.0.0.1
sends datagram to
128.119.40, 80
NAT translation table
WAN side addr LAN side addr
138.76.29.7, 5001 10.0.0.1, 3345

S: 128.119.40.186, 80
D: 10.0.0.1, 3345

4
S: 138.76.29.7, 5001
D: 128.119.40.186, 80
2
2: NAT router
changes datagram
source addr from
10.0.0.1, 3345 to
138.76.29.7, 5001,
updates table
S: 128.119.40.186, 80
D: 138.76.29.7, 5001

3
3: Reply arrives
dest. address:
138.76.29.7, 5001
4: NAT router
changes datagram
dest addr from
138.76.29.7, 5001 to 10.0.0.1, 3345

LOGO
Chng 4. Giao thc
tng mng
56 1-6/2005
ICMP (Internet Control Message Protocol)
Giao tip mc mng gia
cc hosts, routers
thng bo li (vd: khng tm
c ng i, khng gi tin
c ti host, port).
echo request/reply.
ICMP c th coi l mt thnh
phn ca IP
v mt kin trc, ICMP thuc v
tng ng dng.
s dng UDP.
ICMP msg
c ng gi trong IP
datagrams/packet.
type + code + 8 bytes of IP
datagram.
Type Code description
0 0 echo reply (ping)
3 0 dest. network unreachable
3 1 dest host unreachable
3 2 dest protocol unreachable
3 3 dest port unreachable
3 6 dest network unknown
3 7 dest host unknown
4 0 source quench (congestion
control - not used)
8 0 echo request (ping)
9 0 route advertisement
10 0 router discovery
11 0 TTL expired
12 0 bad IP header

LOGO
Chng 4. Giao thc
tng mng
57 1-6/2005
IPv6
IPv4: s dng 32-bit a ch IP s l khng
???
IPv6:
s dng 128-bit a ch.
phn tiu (header) cung cp kh nng x
l nhanh hn, cht lng hn (QoS).
40 bytes header.
khng cho php phn mnh (fragmentation).
ICPM v6.
LOGO
Chng 4. Giao thc
tng mng
58 1-6/2005
IPv6: chuyn i IPv4 IPv6
Chuyn i tt c cc hosts, routers sang
s dng IPv6: khng th!!!
Chuyn i dn dn:
tn ti cc nt mng IPv4 v IPv6.
IPv6 c kh nng x l gi tin IPv4.
Tunneling: gi tin IPv6 c coi nh phn
data (payload) ca IPv4 khi i qua cc nt
mng IPv4.
LOGO
Chng 4. Giao thc
tng mng
59 1-6/2005
Tunneling
A B E F
IPv6 IPv6 IPv6 IPv6
tunnel
Logical view:
Physical view:
A B E F
IPv6 IPv6 IPv6 IPv6
C D
IPv4 IPv4
Flow: X
Src: A
Dest: F


data
Flow: X
Src: A
Dest: F


data
Flow: X
Src: A
Dest: F


data
Src:B
Dest: E
Flow: X
Src: A
Dest: F


data
Src:B
Dest: E
A-to-B:
IPv6
E-to-F:
IPv6
B-to-C:
IPv6 inside
IPv4
B-to-C:
IPv6 inside
IPv4