Upload File

vpn overview

30
1 Overview of VPN

Upload: maxmilan-kavungal

Post on 27-Sep-2015

16 views

Category:

Documents


0 download

Report

Tags:

DESCRIPTION

The Basics of VPN,Leased lines secure VPN etc

TRANSCRIPT

  • Overview of VPN

  • Private NetworksLeased LinesOrganization ASite 1Organization ASite 2Organization ASite 3Organization BSite 1Organization BSite 2Organization BSite 3

  • Private NetworkAdvantages:Leased lines are securedPrivacy and QoS GuarnteedDisadvantagesLeased lines are very expensiveNo of links required grows exponentially if full mesh connectivity is required and network expands.More nos of CPE ports are requiredNetwork complexity increases as network grows. All existing sites requires reconfiguration in case of a new site addition.

  • Internet Based Private NetworkOrganization ASite 1Organization ASite 2Organization ASite 3Organization BSite 1Organization BSite 2Organization BSite 3InternetShared Infrastructure

  • Internet Based Private NetworkAdvantages:Single physical connectivity at each site. No reconfiguration required at existing sites in case of addition of new site to the network.Saving on CPE portsHuge saving in annual connectivity charges.Disadvantages:Highly insecure environmentNo guarantee of Privacy and QoSAny unauthorized traffic can enter in private network

  • Virtual Private NetworkDifferent solutions are available to make communication over internet safe, secure and it can also ensure desired grade of quality of service.These solutions are known as VPN solutions.Different protocols like L2TP, PPTP, IPSec etc are available to provide VPN solutions to customers. These Protocols take care of data authenticity, data integrity, and if required data confidentiality.

  • Virtual Private NetworkOrganization ASite 1Organization ASite 2Organization ASite 3Organization BSite 1Organization BSite 2Organization BSite 3Organization ASite 4InternetFirewalls

  • Deploying VPNs in the 21st CenturyUses IP InfrastructureMay be shared with Internet servicesIncreasing importance of IP/MPLS (not ATM/FR)Subscriber requirementsLower operational expensesA single network connection for multiple servicesProvider requirementsMultiservice infrastructureCreate additional source of revenueInternetRemote AccessIntranetExtranetMobile Users and TelecommutersBranchOfficeCorporate HeadquartersSuppliers, Partnersand Customers

  • Virtual Private Network CategoriesVPN can be classified in two categoriesCustomer ProvisionedVPN Tunnels originate and terminate at customer premisesProvisioning of equipment and allied activities is the responsibility of the customerProvider may not be aware of the VPN tunneling through his networkProvider ProvisionedVPN Tunnels originate and terminate at the service providers edgeResponsibilities of creating and maintaining these tunnels lies with the provider

  • Customer Provisioned VPNsOrganization ASite 1Organization BSite 1Organization BSite 2InternetOrganization BSite 3

  • Provider Provisioned VPNsOrganization ASite 1Organization BSite 1Organization BSite 2InternetOrganization BSite 3Secured Tunnels

  • MPLS Based VPNsMPLS Based Layer 3 VPNsProviders router participates incustomers layer 3 routingProvider router manages VPN-specific routing tables, distributes routes to remote sitesCPE routers advertise their routes to the providerMPLS Based Layer 2 VPNsCustomer maps their layer 3 routing to the circuit meshProvider delivers Layer 2 circuits to the customer, one for each remote siteCustomer routes are transparent to provider

  • MPLS Based Layer 3 VPNPPPPE 2 VPN ASite 3VPN ASite 1

    VPN BSite2VPN BSite 1PE 1PE 3VPN ASite2 CEA1CEB1CEA3CEA2CEB2PVPN BSite3CEB3CEC1VPN CSite 1VPN CSite 2CEC2A VRF is createdfor each VPN connected to the PEStatic RoutesOSPF RoutingE-BGP

  • MPLS Based Layer 3 VPNsEach VRF is populated with:Routes received from directly connected CE routers associated with the VRFRoutes received from other PE routers with acceptable BGP attributesOnly the VRF associated with a VPN is used for packets from a site of that VPNProvides isolation between VPNs

  • MPLS Based Layer 3 VPNsCustomers can use overlapping IP addressesCustomers are free to use any IP address even private IP addresses.Very little manual configuration. Auto discovery of new sites. No reconfiguration of existing sites in case of new site addition.Cheaper than leased lines as it works on MPLS based IP infrastructure which is a shared infrastructure.QoS can be assured as MPLS has the capability to provide differentiated QoS

  • MPLS Based Layer 3 VPNs Customers can create intranet as well as extranet with the help of layer 3 VPNs.Extranet allows the customers to allow business partners, suppliers to access their network.100 % secured intranet as well as extranet.Single physical connectivity at every site resulting in very simple network topology.Provider participates in customers routing process.

  • MPLS Based Layer 2 VPNsProvider edge device delivers Layer 2 circuit IDs (DLCI, VPI/VCI, or VLAN ID) to the customer Customer sees standard FR or ATM PVCsFrom my site, one for each reachable siteProvider edge device maps the circuit ID to an MPLS LSP to traverse the provider coreLabel stacking could be used to improve scalabilityCustomer maps their own routing architecture to the circuit mesh Customer routes are transparent to providerSeparation of administrative responsibility

  • MPLS Based Layer 2 VPNsPPPPE 2 VPN ASite 3VPN ASite 1

    VPN BSite2VPN BSite 1PE 1PE 3VPN ASite2 CEA1CEB1CEA3CEA2CEB2PA VFT is createdfor each CE connected to the PEATMATMATMEach VFT is populated with:The information provisioned for the local CEsVPN Connection Tables received from other PEs via BGP or LDP

    FRFR

  • MPLS Based Layer 2 VPNsLayer 2 VPN supported TechnologiesFrame RelayATMEthernetEthernet VLANsHDLCPPP

  • MPLS Based Layer 2 VPNsSeparation of customers and providers routing provides extra confidence to customer about security of his network.Customer can choose any layer 2 connectivity which is supported by layer 2 VPN.

  • Virtual Private LAN Service VPLSDifferent sites of customers network can get connected to MPLS network on Ethernet just like they connect with any LAN switch.With auto discovery of MAC addressed of devices each site can learn about the machines connected with VPLS service.To customer it appears very much like a ordinary Ethernet connectivity. To customer MPLS network appears like a huge LAN switch with which its different site are connected just like connected with Ethernet LAN switch.

  • Virtual Private LAN ServiceA private Ethernet network constructed over a shared infrastructure which may span several metro areasMultipoint to Multipoint Ethernet connectivity where the SP network looks like an Ethernet broadcast domainCompliments Layer 3 2547 and Layer 2 VPNsPPPPE 2 VPN ASite 3VPN ASite 1

    VPN BSite2VPN BSite 1PE 1VPN ASite2 CEA1CEB1CEA3CEA2CEB2PPE 3

  • What is Quality of ServiceDesktop Conferencing,Distance LearningMission-Critical ApplicationsFTPE-Mail

  • Role of QoSProtect mission-critical applicationsVoice, ERP, data warehouse, sales force automationPrioritize groups of usersFinance, sales, suppliersEnable multimedia applicationsDistance learning, desktop video conferencing

  • Quality of Service (QoS)MPLS has got very powerful tools like traffic prioritization, traffic scheduling, traffic shaping, traffic policing etc to ensure proper grade of quality of service to customer.Broadly three grades of services are available at present in MPLS VPN ServiceGold (Guaranteed bandwidth, delivery, Jitter and latency)Silver (Guaranteed delivery)Bronze (Best effort)

  • Three Classes of ServiceThree class of service according to the customers requirement (Gold, Silver & Bronze)If customer requirement is more than 2 Mbps then tariff will be n x tariff for 2 Mbps.

  • Service Tax & DiscountService tax @ 10% will be charged w.e.f 10/9/2004 andEducation cess @ 2 % of the service tax will also be levied in addition to service tax

  • Tariff for Leased Line Data Circuits

  • Tariff for 128 kbps to 960 kbpsThe tariffs for 128 kbps to 960 kbps is equal to the tariff for 64 kbpsx by the coefficients as below

  • ICICI Bank Case StudyTotal nos of Leased Lines of Various capacities across the Country 82Total Annual charges paid Rs 142604651/-75 links were possible to be shifted on VPNCost of 75 VPNs of different capacities Rs- 7,30,00,000/-Cost of rest 7 leased lines Rs-50,00,000/Total cost 7,80,00,000/-

    VPLS is multipoint-to-multipoint (MP2MP) Ethernet service that uses IP and a tunnel mechanism (typically MPLS) to provide connectivity across an IP cloud between multiple enterprise sites as if these sites were attached to the same Ethernet LAN. Benefitssimple Ethernet fromthe service provider network looks like a large broadcast domain the customer is wholly unaware of the details of the LAN emulation.VPLS allows the provider to deliver this LAN interconnect service between sites within a metro or across geographically disparate metros by leveraging the scalability of IP/MPLS. The customers traffic is switched based on MAC address and therefore the VPLS service can transparently transport IPv4 and IPv6 as well as legacy protocols such as IPX and DECnet.

    This is yet another service that runs on a Juniper Networks PE. Now operators can deliver the appropriate VPN service per customerL3 2547 for those customers that want to outsource their IP routingL2 VPNs for customers maintaining frame relay, ATM, and point-to-point ethernet services, who want to control their own routing or those that may be running non-IP protocolsL2.5 Interworking for customers who need to interwork disparate access circuits into the same VPN, such as Frame Relay and EthernetNow VPLS, for customers that want a simple Ethernet hand off from the service provider but who may which to control their own routing and/or run non-IP protocolsQoS has been a critical requirement for the wide-area network for years. Bandwidth, delay, and delay variation requirements are at a premium in the wide-area. The importance of end-to-end QoS is increasing due to the rapid growth of intranets and extranet applications that have placed increased demands on the entire network. QoS plays a number of important roles: Protect mission-critical applicationsQoS can protect mission critical applications, such as mission critical enterprise applications or sales automation systems, from bandwidth hungry applications such as multimedia, web-casting, and real-time video applications.Prioritize groups of usersQoS can also be used to prioritize traffic based on user or user group classification such as sales and engineering groups.Enable multimedia applicationsQoS is required to enable many new multimedia applications such distance learning or desktop video conferencing. QoS policies can also restrict the use of network resources by these bandwidth-hungry applications.


How to configure VPN function on TP-LINK Routers · PDF file2 1. VPN Overview VPN (Virtual Private Network) is a private network established via the public network, generally via the

Juniper Networks SSL VPN - SafeNet · Juniper Networks SSL VPN with BlackShield Overview 3 Contact Information CRYPTOCard’s technical support specialists can provide assistance

IPSec VPN Best Practices...H P 6 | IPSEC VPN BEST PRACTICES Figure 1. VPN Connect Overview Recommendations for Your Edge Device Your edge device could be a router, a firewall, an SD-WAN

Dell SonicWALL™ Global VPN Client 4 - NTS Com VPN Client 4.9 Administration Guide 1 6 Introduction to Global VPN Client • Global VPN Client overview on page 6 • Global VPN Client

Computer Net Lab/Praktikum Datenverarbeitung 2 1 Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

Cisco Group Encrypted Transport VPN Technical Overvie · Cisco Group Encrypted Transport VPN – Technical Overview ... ( SP selling connectivity, ... Unicast Key Distribution over

Check Point Software SSL VPN Solutions Technical Overview

Global VPN Client 4.9 Administrator’s Guide - SonicWallsoftware.sonicwall.com/Manual/232-002356-00_Rev_A_Global_VPN... · | 7 Dell SonicWALL Global VPN Client Overview The Dell

IPsec VPN WAN Design Overview - cisco.com · 5 IPsec VPN WAN Design Overview OL-9021-01 Introduction Figure 2 DMVPN Spoke-to-Spoke VPN Topology This design guide begins with an overview

VPN Remote Access with IOS & Introduction to FlexVPNd2zmdbbm9feqrf.cloudfront.net/2014/eur/pdf/BRKSEC-2881.pdf · FlexVPN Overview Unified overlay VPN –Combines site-to-site, remote

How to configure VPN function on TP-LINK Routers · PDF file1 How to configure VPN function on TP-LINK Routers 1. VPN Overview

VPN Client - Cisco€¦ · VPN Client • VPNClientOverview,page1 • VPNClientPrerequisites,page1 • VPNClientConfigurationTaskFlow,page1 VPN Client Overview

VPN Overview (1)

Cisco VPN Solutions€¦ · VPN Overview © 2001, Cisco Systems, Inc. 2 Agenda • Introduction to VPNs • Cisco Remote Access VPN Solutions • Cisco Site-to-Site VPN

TheGreenBow VPN Client · Title: TheGreenBow VPN Client Author: TheGreenBow Engineering Subject: VPN Router Configuration Guide Keywords: roadwarrior, VPN Client, vpn configuration,

CISCO GET-VPN Overview

Cisco Easy VPN Remote Phase II · Cisco Easy VPN Remote Phase II Feature Overview 2 ... This server can be a dedicated VPN device such as a Cisco VPN 3000 concentrator or a Cisco

VPN . VPN Virtual private network

Configuring VPN Between Checkpoint VPN

VPN 3000 Concentrator Overview - Lagout Security/NLI/VPN... · VPN 3000 Concentrator Overview The VPN 3000 Concentrator is used primarily for VPN clients. It can also be configured

Juniper Networks SSL VPN SSO and OWA - SafeNet · Juniper Networks SSL VPN SSO and OWA with BlackShield Overview 3 Contact Information CRYPTOCard’s technical support specialists

What is a VPN? - NetgearTechNote: VPN Configuration Case Studies VPN Concepts, Tips, and Techniques 1-7 Version 1.0, July 2003 VPN Process Overview Even though IPSec is standards-based,

Cisco IPsec VPN WAN Design Overview

VPN Access over Mobile Web Support Overviewflash.o2.co.uk/productsservices/vpn/pdf/VPNAccessoverMobileWeb1.2… · VPN Access over Mobile Web Support Overview Version 1.2 ... 3.1.1

Configuring VLAN-VPN Guide 2 Configuring VLAN-VPN VLAN-VPN 1.2 Supported Features The VLAN-VPN function includes: basic VLAN-VPN and flexible VLAN-VPN (VLAN mapping). Basic VLAN-VPN

DrayTek VPN Solution. Outline What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application

Chapter 6 - VPN - Part 1 - Overview

Cisco Group Encrypted Transport VPN Technical Overview · MPLS VPN Network VPN A VPN A VPN A VPN A VPN B VPN B VPN B VPN B Multicast Source VPN B Multicast Source VPN A Multicast

SonicWALL Internet Security Appliances SonicWALL SSL VPN …€¦ · This chapter provides an overview of new SonicWALL SSL VPN security appliance user features, NetExtender, File

ASX VPN Service Guide - Dashboard · Web viewASX VPN Access – Service Overview Version 1.3 Date: 26 April 2012 ASX VPN Access - Service Overview Table of Contents: 1.Introduction3

1 L2TP OVERVIEW 18-May-05. 2 Agenda VPN Tunneling PPTP L2F LT2P

SonicWALL SSL VPN 3.5: Virtual Assistsoftware.sonicwall.com/Manual/...rev_A_SSL_VPN_3.5_Virtual_Assist.pdf · Feature Overview SonicWALL SSL VPN 3.5: Virtual Assist 3 SonicWALL SSL

Equant- IP VPN Product Overview 9Aug02 -FK

Service Activation Overview - Oracleopnpublic/documents/webcon… · Ericsson Nokia Nortel Lucent Alcatel Motorola Mobile ... L3 MPLS VPN QoS VLAN PWE VPN Multicast IP Multicast I/F

IP VPN Overview