1 CHEETAH software OCS/AAA module Routing decision module Signaling module VLSR module Include TL1 proxy for Cisco 15454 MSPP Router disconnect module.

Slides:

Advertisements

Similar presentations

CCNA – Network Fundamentals

Advertisements

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

(4.4) Internet Protocols Layered approach to Internet Software 1.

Module 5: Configuring Access for Remote Clients and Networks.

Network Layer and Transport Layer.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Mod 10 – Routing Protocols

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.

PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

CUNY (NSF Planing Meeting, 11/12/03, Virginia) Circuit-switched High-speed End-to-End Transport arcHitecture (CHEETAH) Cisco MSPP Connection to primary.

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

1 Version 3.1 Module 4 Learning About Other Devices.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.

Configuring Routing and Remote Access(RRAS) and Wireless Networking

Name Resolution Domain Name System.

TCP/IP protocols Communication over Internet is mostly TCP/IP (Transmission Control Protocol over Internet Protocol) TCP/IP "stack" is software which allows.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

DNS (Domain Name System) Protocol On the Internet, the DNS associates various sorts of information with domain names. A domain name is a meaningful and.

Chapter 13 – Network Security

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Network Networking for Home and Small Businesses.

70-411: Administering Windows Server 2012

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.

Configuring DNS and DHCP Chapter 20 powered by DJ 1.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 9 Basic Router Troubleshooting.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

Module 11: Remote Access Fundamentals

VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.

University of the Western Cape Chapter 12: The Transport Layer.

5.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 4 Switching Concepts.

Data Communications and Computer Networks Chapter 2 CS 3830 Lecture 8 Omar Meqdadi Department of Computer Science and Software Engineering University of.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.

Marwan Al-Namari Week 5. Responsible for delivering packets between endpoints over multiple links Physical Link Network Transport Application.

Multimedia and Networks. Protocols (rules) Rules governing the exchange of data over networks Conceptually organized into stacked layers – Application-oriented.

Presented by Rebecca Meinhold But How Does the Internet Work?

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

RADIUS What it is Remote Authentication Dial-In User Service

+ Routing Concepts 1 st semester Objectives  Describe the primary functions and features of a router.  Explain how routers use information.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

4343 X2 – The Transport Layer Tanenbaum Ch.6.

Chapter 4: server services. The Complete Guide to Linux System Administration2 Objectives Configure network interfaces using command- line and graphical.

Application Layer instructors at St. Clair College in Windsor, Ontario for their slides. Special thanks to instructors at St. Clair College in Windsor,

Cisco Study Guide

CHAPTER 3 Architectures for Distributed Systems

Chapter 3: Windows7 Part 4.

Process-to-Process Delivery:

Computer Networks Protocols

OSI Model 7 Layers 7. Application Layer 6. Presentation Layer

Presentation transcript:

1 CHEETAH software OCS/AAA module Routing decision module Signaling module VLSR module Include TL1 proxy for Cisco MSPP Router disconnect module High-speed transport protocol module for end-to-end circuit

2 End-host CHEETAH software

3 2 Local testbed configuration

4 Proposed applications End-to-end file transfers Modified FTP/SFTP + FRTP Video-telephony Web application High-speed optical Dial-Up Internet access service

5 End-to-end File Transfer

6 Agenda Router Disconnect OCS AAA

7 Router Disconnect Research on possible router-disconnect solutions Link Bundling (ingress decision support is needed). Channelized Card Traffic Shaping Tried Link-bundling and Distributed Traffic Shaping router configuration. Work in progress Simulations for a paper on the above. Router disconnect software.

8 Link-bundling - How it works group multiple point-to-point links together into one logical link. A virtual interface is created for each link bundle You can dynamically add and delete links to the virtual interface. The virtual interface is treated as a single interface on which you configure an IP address and other software features used by the link bundle, instead of configuring them on individual GE and POS interfaces. Packets sent to the link bundle are forwarded on one of the links in the bundle. Load balancing is supported on all links in a bundle using per-destination load balancing based on a hash calculated using the source and destination IP addresses in the IP packet. Per- destination load balancing ensures that packets are delivered in order.

9 Channelized OC – How it works Use Distributed Multilink PPP to bundle the channelized channels during the default mode. Remove and add certain amount of component links (channelized channels) in the mode transfer.

10 Distributed Traffic Shaping – How it works Shape the output traffic to the specified bit rate. Excessive packets are stored in a buffer in the traffic shaping queue and transmitted later. Traffic Shaping does not recognize separate STS channels. DTS does not support channelized cards. Hence, it can not be used for router disconnect.

11 Software Interface Architecture Singling Protocol Interface Software Router 1. Interface software accepts signaling message (Cheetah circuit reserve or release message). 2. Interface software translates the signaling message to the according CLI language to control the router to do link-bundling or undundling. 3. Interface software acknowledges Cheetah host that the router-disconnect is done. Cheetah Host 12 3

12 Simulations Use OPNET to simulate router- disconnect. Interested statistic parameters Goodthroughput ratio(%)= Throughput before router disconnect / Throughput after router disconnect Ftp response time ratio(%) = Ftp response time before router disconnect / Ftp response time before router disconnect Other parameters ?

13 Agenda Router Disconnect OCS AAA

14 OCS – Working Status OCS server is configured (server address: ) – using DNS software BIND (Berkeley Internet Name Domain). TXT type resource record in DNS database is used to store OCS information. Webpage is created for OCS lookup (No additional software is needed from the client side).

15 Agenda Router Disconnect OCS AAA

16 AAA – Working Status A proprietary AAA system is established. (Reference : Work in progress: Install the Generic AAA Compare the proprietary AAA and the Generic AAA Interfacing either of the two AAAs for Cheetah system

17 Our proprietary AAA system

18 Components of our AAA Web server ( ) Radius client Radius Server Access Control daemon/scripts DHCP server PostgreSQL database ( /pg/)

19 RADIUS - Remote Authentication Dial In User Service

20 Key features of RADIUS Accounting (RFC 2866) Client/Server Model Radius protocol uses a shared key to send the authentication and accounting messages. A Network Access Server (NAS) operates as a client of the RADIUS server. The client is responsible for passing authentication and accounting information to a designated RADIUS server. The RADIUS server is responsible for receiving the authentication and accounting request and returning a response to the client indicating that it has successfully received the request. The RADIUS server can act as a proxy client to other kinds of AAA servers. All transactions are comprised of variable length Attribute-Length-Value 3-tuples. New attribute values can be added without disturbing existing implementations of the protocol.

21 Generic AAA – RFC 2903, 2904 The Basic Authorization Entities

22 Glossary User -- the entity seeking authorization to use a resource or a service. User Home Organization (UHO) -- An organization with whom the User has a contractual relationship which can authenticate the User and may be able to authorize access to resources or services. Service Provider -- an organization which provides a service.

23 Single Domain Case In general, the User Home Organization and the Service Provider are different entities or different "administrative domains". In the simplest case, the User Home Organization and the Service Provider may be combined as a single entity. We use Single Domain Case to describe three authorization sequences

24 Authorization Sequences Agent sequences, Pull sequences Push sequences

25 Agent Sequences Example: A regular user may ask for 1 Mb/s bandwidth (1). The bandwidth broker (AAA Server) tells the router (Service Equipment) to set this user into the 1Mb/s "queue" (2). The router responds that it has done so (3), and the bandwidth broker tells the User the bandwidth is set up (4).

26 Pull Sequences The pull sequence is what is typically used in the Dialin application, Mobile-IP proposal, and some QoS proposals. The User sends a request to the Service Equipment (1), which forwards it to the Service Provider's AAA Server (2), which evaluates the request and returns an appropriate response to the Service Equipment (3), which sets up the service and tells the User it is ready (4).

27 Push Sequences The push sequence requires that the User get from the Service Provider's AAA Server a ticket or certificate verifying that it is o.k. for the User to have access to the service (1,2). The User includes the ticket in the request (3) to the Service Equipment. The Service Equipment uses the ticket to verify that the request is approved by the Service Provider's AAA Server. The Service Equipment then sends an o.k. to the User (4).

28 What is “ Roaming ” Roaming -- the User Home Organization is not the Service Provider Examples of roaming include an ISP selling dialin ports to other organizations or a Mobile-IP provider allowing access to a user from another domain.

29 Roaming Agent Sequence

30 Roaming Pull Sequence

31 Roaming Push Sequence

32 Distributed Services Any service that is provided by more than one Service Provider a distributed service An example would be a user who requires a QoS service for a session that crosses multiple ISPs.

33 Policy Policy Retrieval Policy Evaluation Policy Enforcement

34 Policy Retrieval Policy definitions are maintained and stored in a policy repository by the organization that requires them. Policy retrieval is typically done by the administration that defines the policy. An example policy may define the times of day that a particular User is allowed to connect to the network.

35 Policy Evaluation Evaluation of policy requires access to information referenced by the policy. Often the information required is not available in the administration where the policy is retrieved. For example, checking that a user is allowed to login at the current time can readily be done by the User Home Organization because the User Home Organization has access to current time. But authorizing a user requiring a 2Mb/s path with less than 4 hops requires information available at a Service Provider and not directly available to the UHO So the UHO must either 1) have a way to query a remote administration for the needed information or 2) forward the policy to the remote administration and have the remote administration do the actual evaluation or 3) attempt somehow to "shadow" the authoritative source of the information (e.g by having the Service Provider send updates to the UHO).

36 Policy Enforcement Policy Enforcement is typically done by the Service Provider on the Service Equipment. Examples: NAS enforces destination IP address limits via “ filters ”. Router may enforces QoS restrictions on incoming packets.