Softwires Hub & Spoke using L2TPv3

Slides:

Advertisements

Similar presentations

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

Advertisements

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.

© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

Bay DVPN Dial-in Virtual Private Networking Using Layer 3 Tunneling Gary Malkin Bay Networks Internet Telecom Business Group.

Layer 2 Tunneling Protocol (L2TP)

1 Mobile IP Myungchul Kim Tel:

W. Mark Townsley Pseudowires and L2TPv3 W. Mark Townsley

IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.

Softwires Hub & Spoke using L2TPv3

Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.

Point-to-Point Access: PPP. In a network, two devices can be connected by a dedicated link or a shared link. In the first case, the link can be used by.

1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.

24/10/ Point6 Pôle de compétences IPv6 en Bretagne Avec le soutien de : Softwires interim meeting L2TP tunnels Laurent Toutain

 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.

DS-Lite for Point-to- Point Access Network IETF 78 Maastricht 2010 July 30.

12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.

Chapter 13 – Network Security

Softwires Hub & Spoke with L2TP

L2tpd - L2TP for Unix Land of confusion.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Point to Point Protocol

Softwires L2TPv2 Hubs & Spokes for Phase I Maria Alice Dos Santos, Cisco Jean Francois Tremblay, Hexago Bill Storer, Cisco Jordi Palet, Consulintel Carl.

Softwire Security Requirement draft-ietf-softwire-security-requirements-03.txt Softwires WG IETF#69, Chicago 25 th July 2007 Shu Yamamoto Carl Williams.

7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.

Point-to-Point Access: PPP PPP Between Routers  Used for Point-to-Point Connections only  Used as data link control (encapsulates network layer.

VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.

Internet Ethernet Token Ring Video High Speed Router Host A: Client browser: REQUEST:http//mango.ee.nogradesu.edu/c461.

1 UDP Encapsulation of 6RD IETF 78 Maastricht 2010 July 30.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

Exposing Source IP Address Type Requirements with DHCPv6 D. Moses, A. Yegin draft-moses-dmm-dhcp-ondemand-mobility-00.

Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)

L2TP Chapter 7. Motivation Sometimes we want to tunnel one protocol over another protocol –Maybe the network does not understand how to forward that protocol.

MPLS over L2TPv3 Encapsulation IETF VersionIHLTOSTotal length IdentificationFlagsFragment offset TTL Protocol ==

IP Protocol CSE TCP/IP Concepts Connectionless Operation Internetworking involves connectionless operation at the level of the Internet Protocol.

Exposing Source IP Address Type Requirements with DHCPv6 D. Moses, A. Yegin draft-moses-dmm-dhcp-ondemand-mobility-02.

Softwire Security Update Shu Yamamoto Carl Williams Florent Parent Hidetoshi Yokota 67 IETF, San Diego.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

Point-Point Protocol (PPP) by William F. Widulski.

Instructor Materials Chapter 8: DHCP

IPSec Detailed Description and VPN

Instructor Materials Chapter 2: Point-to-Point Connections

IP Version 6 (IPv6).

IPv6 Overview Address space Address types IPv6 and Tunneling.

<draft-ohba-pana-framework-00.txt>

Booting up on the Home Link

Lesson 6 Point to Point Protocol

PANA Issues and Resolutions

Carlos Pignataro Bruno Stevant Jean-Francois Tremblay Bill Storer

ZyXEL Communications Corporation

Softwire Security Update

Softwires L2TPv2 Hubs & Spokes for Phase I

Chapter 2: Point-to-Point Connections

Pat R. Calhoun Sun Microsystems, Inc.

Stream Control Transmission Protocol (SCTP)

Point-to-Point Access:

Point-to-Point Access:

Chapter 15. Internet Protocol

Point-to-Point Access:

Virtual Private Network zswu

Lecture 4a Mobile IP 1.

Computer Networks Protocols

Presentation transcript:

Softwires Hub & Spoke using L2TPv3 Bill Storer

L2TPv3 (RFC 3931) Improvements Supports multiple encapsulations UDP IP (Protocol 115) Supports multiple payload types PPP IP Supports enhanced security Message digest on every control message Lightweight cookie on data messages L2TPv3 supports VCCV Enhanced diagnostic and fault detection

Which improvements should we use? UDP vs IP encapsulation UDP MUST be supported NAT IP (Protocol 115) MUST be supported Stated in RFC PPP vs IP payload PPP MUST be supported Easiest to integrate with existing L2TPv2 support IP SHOULD be supported Enhanced security Use of enhanced security is optional MUST support message digest if requested MUST support cookie if requested VCCV MAY be supported as needed

Use of the IP Pseudowire Authentication may be provided using tunnel authentication Host Name AVP is the user name A shared secret is associated with the SI’s host name on the SC Host Name and shared secret may be provided to the SI just as the PPP user name and password are provided Only one user per tunnel, which is standard for H&S PANA is also an option for Authentication draft-ietf-pana-pana-12

Use of the IP Pseudowire (cont) IP address assignment DHCP for IPv4 Stateless auto config and/or DHCPv6 for IPv6 No new AVPs necessary

Use of the PPP Pseudowire PPP authentication may be used (same as L2TPv2) Tunnel authentication as in the IP Pseudowire IPv4 address assignment IPCP MUST be used for initial address assignment DHCP MUST be used for prefix delegation IPv6 address assignment IPv6CP MUST be used to determine the Interface ID portion of the address DHCPv6 or stateless autoconfig may be used for the prefix portion of the address DHCPv6 MUST be used for prefix delegation

L2TPv3 Message Details

SCCRQ Message MUST AVPs MAY AVPs Host Name Router ID May be used to authenticate end user May be “Softwires” if no authentication Router ID MUST NOT be sent for Softwires Marked as MUST, but only for LAC-LAC applications. Pseudowire Capabilities List IP, PPP, or both Others As specified in the draft MAY AVPs Control Connection Tie Breaker Should never be a tie Others as needed

SCCRP Message MUST AVPs MAY AVPs Host Name Router ID May be used to authenticate end user May be “Softwires” if no authentication Router ID MUST NOT be sent for Softwires Marked as MUST, but only for LAC-LAC applications. Pseudowire Capabilities List IP, PPP, or both Others As specified in the draft MAY AVPs As needed

SCCCN and StopCCN Messages MUST AVPs As specified in the draft MAY AVPs As needed

HELLO Message We need the HELLO message MUST AVPs MAY AVPs Don’t have any other keep alive message for IP Pseudowire Prefer to use the HELLO instead of the LCP echo for PPP Pseudowire MUST AVPs As specified in the draft MAY AVPs

ICRQ Message MUST AVPs Pseudowire Type Remote End ID Circuit Status IP or PPP Remote End ID MUST NOT be sent for Softwires Marked as MUST, but only for LAC-LAC applications. Circuit Status New and Active bits set Others As specified in the draft

ICRQ Message (cont) MAY AVPs Session Tie Breaker Data Sequencing Should be no ties Data Sequencing Shouldn’t be necessary Others As specified in the draft

ICRP Message MUST AVPs MAY AVPs Circuit Status Others Data Sequencing New and Active bits set Others As specified in the draft MAY AVPs Data Sequencing Shouldn’t be necessary

ICCN Message MUST AVPs MAY AVPs As specified in the draft Data Sequencing Shouldn’t be necessary Others

CDN Message MUST AVPs As specified in the draft MAY AVPs As needed

SLI and WEN Messages SLI is not relevant to softwires Change in circuit status disconnects call No special information needs to be sent after the call is established WEN is not relevant to softwires Softwires uses voluntary tunneling

Explicit Ack Message Necessary if using authentication MAY AVPs As specified in the draft

PPP Payload Specifics draft-ietf-l2tpext-l2tp-ppp-xx.txt Discusses transport of PPP over L2TPv3 Forwarding PPP frames Very similar to L2TPv2 Address and Control fields are NOT transmitted over the tunnel Only one of the PPP specific AVPs discussed there has relevance to softwires Offset Size Use is optional

IP Payload Specifics draft-ietf-l2tpext-pwe3-ip-xx.txt Discusses transport of IP over L2TPv3 Not very relevant to Softwires Needed to define the IP payload type