IP EDGE DEVICES A solution for the Internet Migration Patrick Cocquet, 6WIND CEO, IPv6 Forum VP www.6wind.com Dubai IPv6 Forum Summit – February 2001.

Slides:



Advertisements
Similar presentations
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
Advertisements

Secure Mobile IP Communication
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
1 Integration of IPv6 Services. 2 Integration of IPv6 Services The Ubiquitous Internet Large Address Space Auto-Configuration Enhanced Mobility.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
MIGRATION FROM SCREENOS TO JUNOS based firewall
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Implementing Secure Converged Wide Area Networks (ISCW)
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Internet Protocol Security (IPSec)
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Industrial Strength Security for an Insecure World
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
1 © 1999, Cisco Systems, Inc. The Cisco VPN 3080 Concentrator 0844_04F9_c
Use Case for Distributed Data Center in SUPA
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
IPv6 Deployment Plan The Global IPv6 Summit 2001.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
1 /160 © NOKIA 2001 MobileIPv6_Workshop2001.PPT / / Tutorial Mobile IPv6 Kan Zhigang Nokia Research Center Beijing, P.R.China
An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.
Cable network and multimedia services Speaker: 陳羿仲 Advisor: 吳和庭 2012/12/05.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
Chapter 8: Implementing Virtual Private Networks
TeraPaths TeraPaths: Establishing End-to-End QoS Paths through L2 and L3 WAN Connections Presented by Presented by Dimitrios Katramatos, BNL Dimitrios.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L5 1 Implementing Secure Converged Wide Area Networks (ISCW) Module 3.1.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
Chapter 9: Implementing the Cisco Adaptive Security Appliance
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.
Doc.: IEEE /345r0 Submission May 2002 Albert Young, Ralink TechnologySlide 1 Enabling Seamless Hand-Off Across Wireless Networks Albert Young.
Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Network Layer Security Network Systems Security Mort Anvari.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.
Securing Access to Data Using IPsec Josh Jones Cosc352.
Security Data Transmission and Authentication Lesson 9.
V4 traversal for IPv6 mobility protocols - Scenarios Mip6trans Design Team MIP6 and NEMO WGs, IETF 63.
11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
Introduction Wireless devices offering IP connectivity
Use Case for Distributed Data Center in SUPA
SECURING NETWORK TRAFFIC WITH IPSEC
Module 8: Securing Network Traffic by Using IPSec and Certificates
Patrick COCQUET, 6WIND CEO, IPv6 Forum VP
Server-to-Client Remote Access and DirectAccess
Module 8: Securing Network Traffic by Using IPSec and Certificates
Chapter 10: Advanced Cisco Adaptive Security Appliance
Presentation transcript:

IP EDGE DEVICES A solution for the Internet Migration Patrick Cocquet, 6WIND CEO, IPv6 Forum VP Dubai IPv6 Forum Summit – February 2001

SUMMARY 6WIND, the IPv6 company ! 6WIND Positioning IP Edge Device in the Network Architecture IP Edge Device, main features Conclusion

6WIND The IPv6 start-up company –Spin-outing of the Thomson-CSF IP Network development activities –Starting day : 1 st September 2000 –Team : 20 engineers + subcontractors –Experience : 5 years of IP R&D activities –Member of the IPv6 Forum Board (VP)

6WIND POSITIONING To develop IP access devices to provide the user with new IP services : –All features in one box : QoS, security, IPv4/v6 migration, mobility, routing –Significant step in terms of Network Services To develop expertise around the introduction of the IPv6 technology Markets (1st step) : –Enterprises and Branch Offices –Direct sales (ISPs) and Indirect sales (Integrators) Markets (future steps) : –Soho (wireless + zero conf IP networks) –Home Networks

IP service configuration MANAGEMENT CENTER ARCHITECTURE Qos management (DiffServ) IP Security IPv4 /v6 migration features Mobility (mobile IP) Multicast Routing 6WIND IP Edge Device 6WIND IP Edge Device 6WIND IP Edge Device Internet or Intranet (IPv4 or IPv6) End

QoS MANAGEMENT Issue : Resource guarantee for time sensitive flows ConfigArchQoS

QoS MANAGEMENT DiffServ IPv6 or IPv4 backbone or Intranet Classification Policing and shaping Scheduling  EF and AF DiffServ IETF standard ConfigArchQoS

QoS MANAGEMENT Scheduling per Class of Service ClassificationShaping and policing Non classified IP flows Classified IP packets In excess packets Minimal bandwidth reserved for each class ConfigArchQoS

CLASS OF SERVICE 1) Define a class ConfigArchQoS

FLOW DEFINITION 2) Define an IPv4 or IPv6 flow ConfigArchQoS

QOS MONITORING 3) Monitor the classes ArchQoS

IP SECURITY IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone Questions New device authentication Security Association definition Data transfers ConfigArch

Certification Authority DEVICE AUTHENTICATION IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone Key Pair Generation RSA algorithm Certificate request

Certification Authority DEVICE AUTHENTICATION IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone Certificate generation Pre-shared keys can also be used Certificate delivery ConfigArchSec

SECURITY ASSOCIATION IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone IPSec SA statically configured in each device Addresses Algorithms Session keys

SECURITY ASSOCIATION IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone IKE negotiation phases IPSec SA dynamically configured Addresses Algorithms Session keys Lifetime ConfigArchSec

DATA EXCHANGE IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone Secure traffic between protected zones via IPSec tunnels Policies : Discard Clear Apply AH and/or ESP ConfigArchSec

VPN CONFIGURATION 1) Name the VPN ConfigArchSec

VPN CONFIGURATION 2) Define the end point addresses ConfigArchSec

VPN CONFIGURATION Pre defined templates ease the configuration process 3) Choose your security level ConfigArchSec

VPN CONFIGURATION 4) Choose the certificate or the key ConfigArchSec

IPSec TUNNEL CONFIGURATION 1) Define the zones to be protected ConfigArchSec

IPSec TUNNEL CONFIGURATION 2) Apply a policy ArchSec

IPv4/v6 MIGRATION MECHANISMS IPv4 or IPv6 non secure backbone IPv6 cloud Mechanisms Automatic tunnels Configured v6 in v4 tunnels 6to4 Configured v4 in v6 tunnels IPv6 cloud IPv4 backbone ConfigArch

AUTOMATIC TUNNEL IPv4 or IPv6 non secure backbone IPv6 cloud IPv4 backbone IPv6 packet IPv4-compatible = No configuration IPv6 packet IPv4 encapsulation src dst From :: to :: Dest :: ConfigArchMig

CONFIGURED IPv6 in IPv4 TUNNEL IPv4 or IPv6 non secure backbone IPv6 cloud IPv4 backbone IPv6 packet End Point = + Tunnel configuration IPv6 packet IPv4 encapsulation with end point addresses ConfigArchMig

6to4 IPv4 or IPv6 non secure backbone IPv6 cloud IPv4 backbone IPv6 packet 6to4 prefix per site = Hides an IPv6 network behind a single IPv4 address IPv6 packet IPv4 encapsulation with IPv4 addresses ConfigArchMig

CONFIGURED IPv4 in IPv6 TUNNEL IPv4 or IPv6 non secure backbone IPv4 cloud IPv6 backbone IPv4 packet End Point = + Tunnel configuration IPv4 packet IPv6 encapsulation with end point addresses ConfigArchMig

IPv4/v6 MIGRATION CONFIGURATION (CTU) Name the tunnel and define the IPv4 and IPv6 end point addresses Ret

IPv6 MOBILITY Home agent Correspondent Node Mobile (Home address)

IPv6 MOBILITY Home agent Correspondent Node Mobile (Home address)

Home agent Correspondent Node Mobile (Care of address) Address binding IPv6 MOBILITY Mobile (Home address)

Home agent Correspondent Node Mobile (Care of address) Address binding IP in IP encapsulation IPv6 MOBILITY Proxy Mobile (Home address)

Home agent Correspondent Node Mobile (Care of address) Address binding IPv6 MOBILITY Notification IP in IP encapsulation Proxy Mobile (Home address)

Home agent Correspondent Node Mobile (Care of address) Address binding Shortcut IPv6 MOBILITY Notification Proxy Mobile (Home address) Arch

IP SERVICE CONFIGURATION Several management levels for dynamic service configuration : –Command Line Interface –SNMP Agent –NMS tool based on an SNMP platform integrating 6WIND configuration toolsNMS tool Open to other management frameworks Secure configuration through SSH Arch

NMS TOOL

6WIND CONFIGURATION TOOLS 1) Click on a device, choose your menu Ret

6WIND First set of Products 6200 series

PRODUCT FEATURES (HW) 2 products : –6WIND 6211 : Three Fast Ethernet : Private, Public, Optional Able to deliver a 20 Mbps 3DES encrypted traffic 2000 tunnels and 2000 QoS flows –6WIND 6221 : Same as 6211 with an E1/T1 public interface Next : –ATM interface

PRODUCT FEATURES (SW) QoS : EF, AF for IPv4 and IPv6 Security : IPSEC, IKE, IP Filter for IPv4 and IPv6, X509 certificates IPv6 / IPv4 : Both stacks 6to4, v6 into v4 tunnels (automatic and configured) RIP v6 Management : SNMP agent with standard and IPv6 MIB CLI Management tool integrated in a SNMP framework

CONCLUSION 6WIND Edge Devices enable new service deployment : –Better multi-media performance by implementing Diffserv –Security by using IPSec and IKE –Efficient management –Nomadism of users by using MobileIP(2 nd release) –Multicasting (3 rd release) Allowing v4 to v6 migration of networks and v4/v6 interoperability

Questions ? Web sites – – – – THE END

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.