Scribd Logo
Hochladen

Willkommen bei Scribd!

  • IP VPN Overview

    Hochgeladen von

    Janek Podwala
    109 Ansichten34 Seiten
    VPN

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PPT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    VPN

    Copyright:

    © All Rights Reserved
    Als PPT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    109 Ansichten34 Seiten

    IP VPN Overview

    Hochgeladen von

    Janek Podwala
    VPN

    Copyright:

    © All Rights Reserved
    Als PPT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 34

    Security Level:

    IP VPN Overview
    ISSUE 1.0
    www.huawei.com

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Foreword

    VPN this technology has widely used in today


    network. Along with the increasingly wide
    application of the Internet, Virtual Private Network
    (VPN) emerged to construct private networks on
    public networks. Virtual here mainly indicates
    that VPN is a kind of logical networks.

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 2

    Objectives
    Describe the concept of VPN and the types
    of VPN
    Describe the protocols realized the IP VPN

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 3

    Chapter 1 VPN System Overview


    Chapter 2 VPN Working Mechanism

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 4

    VPN Definition

    VPNVirtual Private Network

    Private network can be established on public network.

    "Virtual" here mainly indicates: this network is a kind


    of logical network.

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 5

    VPN Definition
    Partner

    Headquarter

    Remote office

    Tunnel

    Internet

    Leased line

    Employees in
    business trips

    Office

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 6

    Branch

    VPN Features

    Private VPN is only be used by VPN users

    Virtual this network is a kind of logical network.

    Specific: VPN is especially for specific enterprises


    or users.

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 7

    VPN Advantages

    Reliable and safe connection

    Flexible application of VPN

    Creating VPN with service quality guarantee

    Supporting the mobile access of foreign VPN users

    Greatly improve utility of network resources,


    increase profit of the Internet Service Provider
    (ISP) accordingly.

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 8

    Classification of VPN

    IP VPN can be classified according to Operation Mode

    ,Service Application, Networking Mode, Realization Layer


    ,Connection Orientation

    Classified According to Operation Mod

    VPNCPE-based VPN (Customer Premises Equipment based VPN)

    Network-based VPN (NBIP-VPN)

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 9

    Classification of VPN

    Based on the Service applications

    Access VPN

    Intranet VPN

    Extranet VPN

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 10

    Access VPN
    Tunnel
    Originated by ISP
    POP

    POP
    POP

    HQ
    Originated by user

    Dial network expansion:

    Employees on errands

    Remote small office

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 11

    Intranet VPN
    HQ

    Research Institute

    Internet/ ISP IP
    ATM/FR
    Branch

    Tunnel

    Office
    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 12

    Extranet VPN
    HQ

    Remote Office

    Internet/ ISP IP
    ATM/FR

    Branch
    Partner

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 13

    Classification of VPN

    Based on networking Mode

    Virtual Leased Line (VLL)

    Virtual Private Dial Network (VPDN)

    Virtual Private LAN Segment (VPLS)

    Virtual Private Routing Network (VPRN)

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 14

    Classification of VPN

    Based on Connection Orientation

    Connection-oriented L2VPN

    Connection-oriented L3VPN

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 15

    Classification Based on Realization


    Layer

    Layer 2 VPN

    L2TP: Layer 2 Tunnel Protocol (RFC 2661)

    PPTP: Point To Point Tunnel Protocol

    L2F: Layer 2 Forwarding

    Layer 3 VPN

    GRE : General Routing Encapsulation

    IPSEC : IP Security Protocol

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 16

    Classification Based on Realization


    Layer
    Application layer

    Transport layer
    Network layer

    Data-link layer

    HUAWEI TECHNOLOGIES CO., LTD.

    S-MIME, Proxy,
    SET, Secure-PRC, SOCKS
    SSL, TLS, SSH
    IPSec, GRE, MPLS/VPN

    PPTP, L2F, L2TP

    Huawei Confidential

    Page 17

    Chapter 1 VPN System Overview


    Chapter 2 VPN Working Mechanism

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 18

    VPN Fundaments

    Through PSTN/ISDN network, the user accesses the ISP


    NAS (Network Access Server) server. After NAS server
    recognizes that this is a VPN user by checking user name
    or access number, it establishes a connection to the
    users destination VPN server, which is called tunnel.

    NAS will encapsulate the user data into IP packet and


    transmit it to the VPN server through this tunnel.

    VPN server will remove the encapsulation to get the


    original data after receiving this IP packet, and vice versa.

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 19

    Tunnel

    A tunnel is a logical extension for their PSTN/ISDN links


    and the operation is the same as the physical links.

    Tunneling can be implemented based on a tunneling


    protocol.

    Tunneling protocols can be divided into :


    a.

    Layer 2 tunneling protocol

    b.

    Layer 3 tunneling protocol.

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 20

    Layer 2 Tunneling Protocol

    Point-to-Point Tunneling Protocol (PPTP)

    Layer 2 Forwarding (L2F)

    Layer 2 Tunneling Protocol (L2TP)

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 21

    Layer 3 Tunneling Protocol

    Generic Routing Encapsulation RE (GRE )

    IP Security (IPSec)

    ESP (Encapsulating Security Payload)

    IKE (Internet Key Exchange)

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 22

    PPTP

    Point-to-Point Tunneling Protocol

    Supported by Microsoft, Ascend, 3COM and other companies


    and supported by Windows NT 4.0 and upper versions

    This protocol supports tunneling encapsulation of point-topoint PPP in IP network

    PPTP uses an enhanced Generic Routing Encapsulation (GRE)


    technology to provide encapsulation service of flow control
    and congestion control for transmitted PPP packet.

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 23

    L2F

    Layer 2 Forwarding

    Supported by many other companies

    Supports the tunneling encapsulation for the


    higher-level link layer, physically separating the
    dial-up server and dial-up protocol connection.

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 24

    L2TP

    Layer 2 Tunneling Protocol

    Drafted by IETF, Microsoft and other companies and absorbing


    the advantages of above two protocols, it is accepted by most
    companies and has become the standard RFC

    Provides both dial-up VPN service and special line VPN service

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 25

    GRE

    Generic Routing Encapsulation

    Can encapsulate the datagram of some network layer


    protocols (e.g. IP and IPX)

    The tunnel is a virtual point-to-point connection and can be


    regarded as virtual interface only supporting point-to-point
    connection in actual situation

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 26

    Packet Encapsulation and


    Decapsulation through GRE

    Internet

    Novell IPX
    Group1

    Novell IPX
    Group2

    Tunnel
    RouterA

    HUAWEI TECHNOLOGIES CO., LTD.

    RouterB

    Huawei Confidential

    Page 27

    GRES Application
    Multi-Protocol Local Network Being Transmitted through Single-Protocol
    Backbone Network

    Novell IPX
    Group 1

    Novell IPX
    Group 2

    Internet
    Tunnel
    IP
    Term 1

    RouterA

    HUAWEI TECHNOLOGIES CO., LTD.

    RouterB
    IP
    Term 2

    Huawei Confidential

    Page 28

    GRES Application
    Enlarge Operation Range of the Network with Hop-Limited Protocol

    Tunnel
    IP Network

    PC

    HUAWEI TECHNOLOGIES CO., LTD.

    IP Network

    IP Network

    Huawei Confidential

    PC

    Page 29

    GRES Application
    Connecting Some Discontinuous Sub-Networks to Establish VPN

    IP Network

    novell

    novell
    group2

    group 1
    Tunnel

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 30

    MPLS/VPN Overview

    Layer 2 MPLS/VPN
    The MPLS network is used to transfer layer 2 data for
    users transparently. From the perspective of users, MPLS
    is a layer 2 switching network, through which the layer 2
    connection can be established among different stations.

    Layer 2 MPLS/VPN modes

    Martini

    Kompella

    CCC

    VPLS

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 31

    MPLS/VPN Overview

    Layer 3 MPLS/VPN
    In the layer 3 MPLS/VPN network, users are provided with
    VPN services by service providers in such a way that they
    are not aware of public networks. Users are using an
    independent network resource.

    VPN packet forwarding

    Two layers of labels are encapsulated.

    The external-layer label is used for the forwarding of packets on public


    networks.

    The internal-layer label is used to indicate the destination station of


    packets.

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 32

    MPLS/VPN Security Advantages

    MPLS can identify the data packets of different applications. This


    capability of MPLS ensures the implementation of QoS with simpler
    methods than that of IP tunnels and VC-based networks.

    MPLS segregates the communication signals of irrelevant users and


    enhances the security.

    MPLS-based network differentiates data flows from each other to


    enhance the security without setting tunnels or encrypting the data.

    MPLS VPN meets the requirements of VPN users and reduces the
    workloads of both the network and users. MPLS VPN can be used to
    establish any connection with high scalability.

    HUAWEI TECHNOLOGIES CO., LTD.

    Huawei Confidential

    Page 33

    Summery

    Summery

    HUAWEI TECHNOLOGIES CO., LTD.

    VPN working mechanism

    The VPN technique

    Huawei Confidential

    Page 34

    Das könnte Ihnen auch gefallen