Networks Research Group Deployment of an IPv6-Enabled Dynamic VPN Infrastructure.

Slides:

Advertisements

Similar presentations

Secure Internet Solutions Geoff Huston Chief Scientist, Internet Telstra.

Advertisements

Technical Services Develop Integrate Operate APNIC technical infrastructure.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

Joe Touch USC/ISI July 10, The X-Bone ICB Meeting July 10, 2003 Joe Touch Director, Postel Center for Experimental Networking Computer Networks.

Identifying MPLS Applications

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science Network Service Interface (NSI) Inder Monga Co-chair, Network Services.

Deployment of MPLS VPN in Large ISP Networks

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

L. Alchaal & al. Page Offering a Multicast Delivery Service in a Programmable Secure IP VPN Environment Lina ALCHAAL Netcelo S.A., Echirolles INRIA.

TCOM 509 – Internet Protocols (TCP/IP) Lecture 06_b Subnetting,Supernetting, CIDR IPv6 Instructor: Dr. Li-Chuan Chen Date: 10/06/2003 Based in part upon.

IP EDGE DEVICES A solution for the Internet Migration Patrick Cocquet, 6WIND CEO, IPv6 Forum VP Dubai IPv6 Forum Summit – February 2001.

Defence R&D Canada R et D pour la défense Canada Dynamic VPN Controller Developed by NRNS Inc. July 2, 2003.

UCL VPN Update. 6NET “To look at the issues surrounding the provision of IPv6 dynamic VPN technology and deploy an IPv6- Enabled VPN Infrastructure”

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.

The New Face of Enterprise Collaboration Trends, Observations, and Lessons Learned.

Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Designing Networks with Route Reflectors.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

The UMU-PBNM Antonio F. Gomez Skarmeta Gregorio Martínez

UCL Overview of VPN Work. 10/11 July 2003VPN Workshop2 Current Work Projects Projects  Past  ANDROID  RADIOACTIVE  Present  6NET  ICB VPN Technologies.

6winit at IPv6 Concertation Meeting 14/10/02 1 Peter T. Kirstein University College London Dynamic VPN Needs for UCL-CS.

1 Presentation_ID © 1999, Cisco Systems, Inc. Programmable Networks OPENSIG-99 Industry Panel John Hopprich.

1IMIC, 8/30/99 Constraint-Based Unicast and Multicast: Practical Issues Bala Rajagopalan NEC C&C Research Labs Princeton, NJ

The Six Centripetal Forces for Successful Global Software Telecommunication Infrastructure Collaborative Technology.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.

Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.

MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,

The Future of the Internet Jennifer Rexford ’91 Computer Science Department Princeton University

Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001.

MiVoice Office v MiVoice Office v6.0 is mainly a service enhancement release, rather than a user feature rich enhancement release.

WSV404 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS,

Software to Data model Lenos Vacanas, Stelios Sotiriadis, Euripides Petrakis Technical University of Crete (TUC), Greece Workshop.

CRIO: Scaling IP Routing with the Core Router-Integrated Overlay Xinyang (Joy) Zhang Paul Francis Jia Wang Kaoru Yoshida.

Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.

Morteza Yousefi University of Science & Technology of Mazandaran Network Virtualization 1 of 22 Network Virtualization.

Selecting the Right Network Access Protection Architecture

The Coalition Peering Domain A New Entity in the Routing Landscape Manish Lad, Saleem Bhatti, Peter Kirstein, Steve Hailes Dept. Computer Science, UCL.

IPv6 activities in Greece Dimitrios Kalogeras, Ph.d.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

The Research and Education Network: Platform for Innovation Heather Boyles, Next Generation Network Symposium Malaysia 2007-March-15.

61st IETF Washington DC November 2004 BGP/MPLS IP Multicast VPNs draft-yasukawa-l3vpn-p2mp-mcast-00.txt Seisho Yasukawa (NTT) Shankar Karuna (Motorola)

1 AutoconfBOF2.PPT / Aug / Singh,Perkins,Clausen IETF Not Confidential Ad hoc network autoconfiguration: definition and problem statement (draft-singh-autoconf-adp-00.txt)

Transforming Community Services Commissioning Information for Community Services Stakeholder Workshop 14 October 2009 Coleen Milligan – Project Manager.

IPv4 Unallocated Address Space Exhaustion Geoff Huston Chief Scientist APNIC November 2007.

Management for IP-based Applications Mike Fisher BTexaCT Research

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.

Adaptive Web Caching CS411 Dynamic Web-Based Systems Flying Pig Fei Teng/Long Zhao/Pallavi Shinde Computer Science Department.

1 International negotiations on post 2012 regime: general framework and the key questions Ruta Bubniene, Programme officer Reporting, Data and Analysis.

1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001.

Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS

Secure In-Network Aggregation for Wireless Sensor Networks

Advanced Networks: The Past and the Future – The Internet2 Perspective APAN 7 July 2004, Cairns, Australia Douglas Van Houweling, President & CEO Internet2.

Look, Ma, No Hardware -Stephanie Schossow. Cisco & VMware  September 16, Industry leaders in virtualization Cisco and VMware® announced that they.

Muhammad Mahmudul Islam Ronald Pose Carlo Kopp School of Computer Science & Software Engineering Monash University Australia.

4: Network Layer4b-1 OSPF (Open Shortest Path First) r “open”: publicly available r Uses Link State algorithm m LS packet dissemination m Topology map.

U.S. International Activities Supporting Global Navigation Satellite System (GNSS) Compatibility and Interoperability October 16, 2008 David A. Turner.

Defence R&D Canada R et D pour la défense Canada Dynamic VPN Controller Update Developed by NRNS Inc. November 12, 2003.

1 © 2004 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Early vs. Cautious IPv6 deployment Issues and trade-offs Tony Hain Cisco.

1 e-Arts and Humanities Scoping an e-Science Agenda Sheila Anderson Arts and Humanities Data Service Arts and Humanities e-Science Support Centre King’s.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Future Project Planning Report Date Submitted: November 4, 2011 Presented at IEEE session #47.

The Claromentis Digital Workplace An Introduction

&. & DNS and IPv6 IPv6 Summit, Canberra 31st October & 1 st November 2005 Chris Wright, Chief Technology Officer &

March 2004 At A Glance The AutoFDS provides a web- based interface to acquire, generate, and distribute products, using the GMSEC Reference Architecture.

Panel: "QoS Provisioning at the Network Edge" John Vicente Intel Corporation / Columbia University USENIX Special Workshop on Intelligence at the Network.

Agenda Current Network Limitations New Network Requirements About Enterasys Security Branch Office Routers Overall Enterprise Requirements Proposed Solution.

Towards an integrated multimedia service hosting overlay Dongyan Xu Xuxian Jiang Proceedings of the 12th annual ACM international conference on Multimedia.

Bob Jones EGEE Technical Director

Etisalat IPv6 Experience

Chapter 10: Advanced Cisco Adaptive Security Appliance

Presentation transcript:

Networks Research Group Deployment of an IPv6-Enabled Dynamic VPN Infrastructure

3 September 2003Networks Research Group Seminar2 Current Work Projects Projects  Past  ANDROID  RADIOACTIVE  Present  6NET  ICB  Future  SEINIT VPN Technologies  Netcelo VPN Manager  ISI - X-Bone  DRDC - DVC  UMU - PBNM  Entrust VPN Connector

6NET VPN Infrastructure Deployment “To look at the issues surrounding the provision of IPv6 dynamic VPN technology and deploy an IPv6- Enabled VPN Infrastructure”

International Collaboration Board (ICB) “To carry out an experimental deployment of an IPv6-Enabled VPN Infrastructure upon which one can experiment on the sort of policies that coalition networks require”

3 September 2003Networks Research Group Seminar5 Netcelo VPN Management Deployed During ANDROID Deployed During ANDROID Single VPN Manager Single VPN Manager Full Mesh Topology Full Mesh Topology Tested with Multicast Conferencing Tested with Multicast Conferencing  Active Networking (Funnelweb)  Transcoding Active Gateway Proprietary System Proprietary System

3 September 2003Networks Research Group Seminar6 ISI X-Bone UCL extended X-Bone for IPv6 capability during RADIOACTIVE UCL extended X-Bone for IPv6 capability during RADIOACTIVE Overlay Managers & Resource Daemons Overlay Managers & Resource Daemons Invitation-Based Set-Up Invitation-Based Set-Up Choice Of Topology Choice Of Topology Recursive Overlays Recursive Overlays Demonstrated at DANCE - May 2002 Demonstrated at DANCE - May 2002  3 sites - Star Topology Possibility of sub-optimal topology Possibility of sub-optimal topology

3 September 2003Networks Research Group Seminar7 DRDC DVC “Provides secure/authenticated out-of-band channels to establish, monitor and dismantle VPNs” “Provides secure/authenticated out-of-band channels to establish, monitor and dismantle VPNs” Based On Ideas From X-Bone Based On Ideas From X-Bone Coalition-Based Coalition-Based Full Mesh Topology Full Mesh Topology Exchange of Security Policies Exchange of Security Policies

3 September 2003Networks Research Group Seminar8 UMU-PKIv6 UMU-PKIv6  CA Provides X.509 Certificate Enrollment And Lifecycle Management for IPv6  Supports LDAPv6, OCSP and SCEP UMU-PBNM UMU-PBNM  Policy Management Tool (PMT)  Policy Decision Point (PDP)  Policy Enforcement Point (PEP)  VPN Enforcement Tool (VPN ETool) UMU-PBNM COPS

3 September 2003Networks Research Group Seminar9 Issues No clear globally accepted VPN definition No clear globally accepted VPN definition Scope of a VPN Scope of a VPN Uncertainty in: Uncertainty in:  What is required  How to develop it  The Current status of each of the projects VPN Workshop – July 2003 VPN Workshop – July 2003  Aim to discuss and resolve issues of confusion  Aim to encourage collaboration

3 September 2003Networks Research Group Seminar10 Building An Ideal System Each system excels in its particular area of focus Each system excels in its particular area of focus  X-Bone – Overlay Hierarchy, Topology  DVC – Distributed, Localised Control  UMU-PBNM – Security Infrastructure Want the best of all worlds Want the best of all worlds

3 September 2003Networks Research Group Seminar11 Ideal System – Existing Features Localisation and Security of DVC Localisation and Security of DVC Distributed Nature of DVC Distributed Nature of DVC Platform Independence of DVC/X-Bone Platform Independence of DVC/X-Bone Hierarchic Nature of X-Bone Hierarchic Nature of X-Bone Topological Flexibility of X-Bone/UMU Topological Flexibility of X-Bone/UMU Policy Management of UMU Policy Management of UMU Security Management of UMU Security Management of UMU

3 September 2003Networks Research Group Seminar12 Ideal System – New Features Dynamic Topology Dynamic Topology (Secure?) Routing over VPN (Secure?) Routing over VPN Multicast Capability Multicast Capability QoS Provision QoS Provision

3 September 2003Networks Research Group Seminar13 VPN Workshop – Summary X-Bone X-Bone  Expected to be IPv6-Enabled October  Dynamic Overlay Routing  Node Re-visitation  Provides capability for topological definition  Does not allow addition/deletion of nodes to as existing overlay  Combination with other systems looks promising

3 September 2003Networks Research Group Seminar14 VPN Workshop – Summary cont. DVC DVC  Good model for flexible use of policies  Agreed to move to IPv6 – target date November  Currently moving toward XML based policy definition  Discussing combination with UMU

3 September 2003Networks Research Group Seminar15 VPN Workshop – Summary cont. UMU UMU  Security Management Infrastructure  Policy Management Infrastructure  VPN definition limited to 6WIND

3 September 2003Networks Research Group Seminar16 VPN Workshop – Summary cont. Cisco Cisco  Presented various approaches for large scale VPN deployment  Stated IPv6 IPSec solutions not planned before mid-2004

3 September 2003Networks Research Group Seminar17 VPN Workshop – Outcome Updated parties on status of projects Updated parties on status of projects Discussions conducted on problems and issues Discussions conducted on problems and issues Consensus reached over issues of confusion Consensus reached over issues of confusion All parties agreed on collaboration All parties agreed on collaboration Plans for hosting a further VPN Workshop during November Plans for hosting a further VPN Workshop during November

3 September 2003Networks Research Group Seminar18 Future Work Re-evaluate X-Bone With Enhancements Re-evaluate X-Bone With Enhancements Initial Deployment Potentially X-Bone Initial Deployment Potentially X-Bone VPN Management System VPN Management System  Dynamic Tunnel Establishment & Management  Dynamic Topology (Bootstrapping) Policy Definition Policy Definition  Types of policies

Networks Research Group Manish Lad Department of Computer Science University College London