VyperNet A Framework for Programmable Virtual Private Networks Adam Hudson Supervisor: Bob Kummerfeld.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

MPLS VPN.
Internetworking II: MPLS, Security, and Traffic Engineering
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)
Introducing MPLS Labels and Label Stacks
1 Configuring Virtual Private Networks for Remote Clients and Networks.
CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
TCP/IP Protocol Suite 1 Chapter 26 Upon completion you will be able to: Virtual Private Networks and Network Address Translation Understand the difference.
MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,
A Policy-Based Optical VPN Management Architecture.
COS 420 Day 16. Agenda Assignment 3 Corrected Poor results 1 C and 2 Ds Spring Break?? Assignment 4 Posted Chap Due April 6 Individual Project Presentations.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Remote Networking Architectures
Diploma in Information Technology Principles of Information Systems and Data Management Classroom Local Area Network & Internet.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Copyright Kenneth M. Chipps Ph.D. 1 VPN Last Update
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
MPLS Evan Roggenkamp. Introduction Multiprotocol Label Switching High-performance Found in telecommunications networks Directs data from one network node.
Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1-1 MPLS Concepts Introducing Basic MPLS Concepts.
Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.
What Is Needed to Build a VPN? An existing network with servers and workstations Connection to the Internet VPN gateways (i.e., routers, PIX, ASA, VPN.
Autonomicity in Virtual Private Network provisioning for enterprises GLOBECOM Workshops (GC Wkshps), 2010 IEEE.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
1 Multi-Protocol Label Switching (MPLS). 2 MPLS Overview A forwarding scheme designed to speed up IP packet forwarding (RFC 3031) Idea: use a fixed length.
Copyright ©Universalinet.Com, LLC 2009 Implementing Secure Converged Wide Area Networks ( ISCW) Take-Aways Course 1: Cable (HFC) Technologies.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
1 Advanced Network Architectures Yasaman Motakef
Multi-protocol Label Switching Jiang Wu Computer Science Seminar 5400.
Lab MPLS Basic Configuration Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
Emerging Technologies. Emerging Technology Overview  Emerging technologies are those which are just beginning to be adopted or are at the initial acceptance.
Brief Introduction to Juniper and its TE features Huang Jie [CSD-Team19]
VPN. What is VPN An arrangement that provides connections between: An arrangement that provides connections between: –Offices –remote workers and –the.
Department of Computer Science Southern Illinois University Edwardsville Spring, 2010 Dr. Hiroshi Fujinoki Tunneling & Virtual.
MPLS Concepts Introducing Basic MPLS Concepts. Outline Overview What Are the Foundations of Traditional IP Routing? Basic MPLS Features Benefits of MPLS.
MPLS Label Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
NETWORKING COMPONENTS BY: TRAVIS MARSHALL. HUBS A hub is a device within a network that has multiple Ethernet ports that devices can plug into. The hub.
MPLS VPN Presented by : Md. Shafiqur Rahman Divisional Engineer (A & C) Moghbazar, Dhaka-1217.
MULTI-PROTOCOL LABEL SWITCHING Brandon Wagner. Lecture Outline  Precursor to MPLS  MPLS Definitions  The Forwarding Process  MPLS VPN  MPLS Traffic.
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
Multiple Protocol Support: Multiprotocol Level Switching.
Networking Components William Isakson LTEC 4550 October 7, 2012 Module 3.
1 Chapter 4: Internetworking (Internet Protocol) Dr. Rocky K. C. Chang 16 March 2004.
ITP 457 Network Security Networking Technologies III IP, Subnets & NAT.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Tunneling Continued/ End-to-End Principle CS 4251: Computer Networking II Nick Feamster Spring 2008.
MULTI-PROTOCOL LABEL SWITCHING By: By: YASHWANT.V YASHWANT.V ROLL NO:20 ROLL NO:20.
Connecting SPRING Islands over IP Networks draft-xu-spring-islands-connection-over-ip-00 Xiaohu Xu (Huawei) Siva Sivabalan (Cisco) IETF89,
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
MPLS Introduction How MPLS Works ?? MPLS - The Motivation MPLS Application MPLS Advantages Conclusion.
Multiprotocol Label Switching (MPLS) Routing algorithms provide support for performance goals – Distributed and dynamic React to congestion Load balance.
Multi-protocol Label Switching (MPLS) RFC 3031 MPLS provides new capabilities: QoS support Traffic engineering VPN Multiprotocol support.
Virtual Private Network
Advanced Computer Networks
Virtual Private Networks
SWITCHING Switched Network Circuit-Switched Network Datagram Networks
Security Protocols in the Internet
Virtual Private Networks and Network Address Translation
Virtual Private Networks and Network Address Translation
1 Multi-Protocol Label Switching (MPLS). 2 MPLS Overview A forwarding scheme designed to speed up IP packet forwarding (RFC 3031) Idea: use a fixed length.
Chapter 8 – Data switching and routing
Presentation transcript:

VyperNet A Framework for Programmable Virtual Private Networks Adam Hudson Supervisor: Bob Kummerfeld

A VyperNet network Client Network Client Network Client Network Client Network Client Network

Contributions A design for a framework that allows clients to configure Virtual Private Networks within provider networks An implementation of the framework An example application

VPNs A Virtual Private Network (VPN) provides a way for distributed sites to connect in a manner than emulates a LAN Comprised of tunnels  Layers of protocols that hide underlying network from applications

ISP Firewall ISP An example VPN

ISP Firewall ISP An example VPN

VPN control A client builds their VPN upon a network they acquire from a provider eg. ISP, carrier VPNs are usually a series of tunnels across a network, that are controlled at the edge of the network  All that the client has access to  Inefficient use of network Better option is to control the endpoints of the tunnels within the network

Site

Enter VyperNet Providers need to offer a way for clients to control the internal nodes of the network Difficult to do at present  Providers make changes at client’s request  Insecure otherwise VyperNet introduces a way to let clients gain control Allows the introduction of code into a controlled portion of the switch nodes of the network, on behalf of the client

Technologies used in VyperNet Multiprotocol Label Switching (MPLS) Active Networking Programmable VPNs

MPLS A method of producing tunnels Labels are inserted as an extra header between layer 2 and 3 of each packet Labels are allocated to packets based upon their destination as they enter the network, and are switched at each hop on to the next switch Allows many different VPNs to use the same network

MPLS tunnels

Active Networks Introduce programmability into the network Packets carry code with them in “capsules”, which can execute at active nodes along their path Creates environment for clients to access the network switches Provide them with a programmable VPN

VyperNet A framework to allow the client to configure an MPLS network Sends capsules at the request of the client to switches to manipulate MPLS switching tables Designed for use in creating programmable VPNs An example application can show how it works

Node Trader Switch VyperNet components Switch Provider Application Startup capsule 2.Client tunnel request capsule (and response) 3.Provider tunnel request capsule (and response) 4.Switch configuration capsule (and response) Client Application 2

VyperNet switch configuration

Example – No active nodes

Example – 3 active nodes

Startup capsules Node Trader Switch Application 1 1 1

Example – VPN allocation

Example – Tunnel allocation

Example – Client-side tunnel activation

Tunnel activation Node Trader Switch Provider Application Client Application 2 Provider application acts As a gateway for client requests

Example – Tunnel activated

Example – A VPN

Real world example Telstra want to deploy a framework like this into their nation-wide network of switches Would allow them to allocate portions of their network to clients, such that Telstra is acting as a VPN Service Provider Clients can quickly activate or deactivate tunnels to suit organisational needs

Telstra example Client Network Client Network Client Network Client Network Client Network

In conclusion A design for a framework that allows clients to configure Virtual Private Networks within provider MPLS networks An implementation of the framework An example application

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.