All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

Slides:

Advertisements

Similar presentations

Privacy Issues in Virtual Private Networks Tim Strayer BBN Technologies.

Advertisements

Cisco Router as a VPN Server. Agenda VPN Categories of VPN – Secure VPNs – Trusted VPN Hardware / Software Requirement Network Diagram Basic Router Configuration.

Technology Directions for IP Infrastructure GH 3/7/00.

Encrypting Wireless Data with VPN Techniques

Internet Protocol Security (IP Sec)

Identifying MPLS Applications

Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014.

VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.

IT’S HERE Bandwidth Technologies. Agenda Technologies for Bandwidth –Single Location DSL/Cable T1/Bonded T1 DS3/OC-N Ethernet Over Copper (EoC, EoFM)

Guide to Network Defense and Countermeasures Second Edition

1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)

Human Computer Interaction - Fall 2010 Class project By Khang Nguyen Virtual Private Network Design for Remote Access Cambridge - SFO Airport.

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

SCSC 455 Computer Security Virtual Private Network (VPN)

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

1 Configuring Virtual Private Networks for Remote Clients and Networks.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Virtual Private Networks and IPSec

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

VIRTUAL PRIVATE NETWORKS (VPN). GROUP MEMBERS ERVAND AKOPYAN ORLANDO CANTON JR. JUAN DAVID OROZCO.

Eric Kilroy. Introduction  Virtual Private Network A way to connect to a private network through a public network such as the internet.

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

VPN’s Kristin Belanger. VPN’s Accommodate employees at distant offices Accommodate employees at distant offices Usually set up through internet Usually.

Virtual Private Networking Karlene R. Samuels COSC513.

Internet Security Seminar Class CS591 Presentation Topic: VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Implementing Secure Converged Wide Area Networks (ISCW)

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

Internet Protocol Security (IPSec)

Copyright Kenneth M. Chipps Ph.D. 1 VPN Last Update

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Virtual Private Network

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Virtual Private Network prepared by Rachna Agrawal Lixia Hou.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.

Worldwide Product Marketing Group United States - Spain - UK - France - Germany - Singapore - Taipei Barricade™ VPN Broadband Routers (4 and 8 port)

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.

What Is Needed to Build a VPN? An existing network with servers and workstations Connection to the Internet VPN gateways (i.e., routers, PIX, ASA, VPN.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Agenda 1. QUIZ 2. HOMEWORK LAST CLASS 3. HOMEWORK NEXT CLASS 4. DATA LINK CONTROL 5. FIREWALLS 6. PRACTICE EXAM.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.

IPv6 for ISP Industry Sify Technologies Ltd Somasundaram Padmanabhan Network Engineering IPv6 Awareness Workshop.

BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.

Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.

1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.

1 Backup Options & Sample WAN Designs. 2 Chapter Topics  WAN Backup Design Options  Sample WAN Designs.

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

K. Salah1 Security Protocols in the Internet IPSec.

Module 3: Enabling Access to Internet Resources

Virtual Private Network (VPN)

Chapter 1: WAN Concepts Connecting Networks

Virtual Private Network (VPN)

Seminar Class CS591 Presentation Topic: VPN

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

AT&T Firewall Battlecard

Presentation transcript:

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group

All rights reserved © 2000, Alcatel 2 Contents t Global VPN requirements t Deployment View t What does a typical CPE VPN look like ? t Network View t What sort of connectivity does it provide ? t Technology View t What are the underlying technologies ? t Differentiation and Success Factors t Where are the factors today, what will they be in future ? Customer Premises Equipment based Virtual Private Networks

All rights reserved © 2000, Alcatel 3 Global VPN requirements t Connectivity t IP connectivity between geographically dislocated sites using private addressing t transparent to underlying shared infrastructure t => tunnelling mechanism t Security t data privacy (e.g. encryption) t authentication and integrity t Scalability t Management t... Customer Premises Equipment based Virtual Private Networks

All rights reserved © 2000, Alcatel 4 Proposed Technology : IPsec t IP security offers t tunnelling (forwarding in shared internet is normal IP forwarding) t authentication and integrity t cryptographic encryption t IPsec can be used with IKE t IKE = Security Association negotiation and Key Exchange Protocol Customer Premises Equipment based Virtual Private Networks

All rights reserved © 2000, Alcatel 5 Branch Office Dial-up VPN clients BusinessPartner VPN Site-Site VPN gateway Internet Uplink PVC InternationalSales DomesticSales Dial-up VPN clients VPN gateway Headquarters ASP Data center Finance server Corp. server 256K Policy manager Policy manager 256k CPE VPN Deployment View LAN-based VPN client Customer WebSurfers 512K 128K 512K LAN-based VPN client VPN gateway Customer Premises Equipment based Virtual Private Networks

All rights reserved © 2000, Alcatel 6 CPE VPN Network View L2 Access Network Service Provider Network L3 Access + Distribution + L3 Edge CPE L2 Access Network L3 Access + Distribution + L3 Edge IP routing / MPLS Traffic Engineering IPSEC Connectivity Customer Premises Equipment based Virtual Private Networks CPE IP header IP datanew IP header IPsec header IP header IP data possibly encrypted

All rights reserved © 2000, Alcatel 7 CPE VPN Network Topologies Internet Customer Premises Equipment based Virtual Private Networks Site 1 Site 2 Site 3 Site 4 HUB and SPOKE topology IPsec tunnel

All rights reserved © 2000, Alcatel 8 CPE VPN Network Topologies Internet Customer Premises Equipment based Virtual Private Networks Site 1 Site 2 Site 3 Site 4 Full Mesh topology IPsec tunnel

All rights reserved © 2000, Alcatel 9 CPE VPN - Dial up VPN Client L2 Access Network Service Provider Network L3 Access + Distribution + L3 Edge CPE L2 Access Network L3 Access + Distribution + L3 Edge IPSEC IP over PPP L2TP IP Option 1 Option 2 Dial Up Client Customer Premises Equipment based Virtual Private Networks

All rights reserved © 2000, Alcatel 10 CPE VPN Gateway Technologies t IKE Daemons t Phase I, Phase II negotiations to generate/update IPSEC keys and setting up of Security Associations (IPsec tunnels) t Use of certificates v/s shared secret for authentication t Proposal exchange and agreement, exchange of proxy ids t IPSEC Drivers t Handling of IP packets based on IP header and proxy ids t Encryption using IKE negotiated keys and encryption algorithm t Encapsulation of IP packets using IPSEC headers Customer Premises Equipment based Virtual Private Networks

All rights reserved © 2000, Alcatel 11 CPE VPN Gateway Differentiation & Success Factors - Today t Number of concurrent IPSEC tunnels supported t Maps to memory and CPU required to maintain state for tunnels t Critical for dial up scenarios and large number of branch offices t Critical for multi tenant MAN service networks t Throughput over the IPSEC tunnels t Maps to encryption/decryption speeds of the CPU/ASIC t Critical for the HUB site or in case of gigabit campus networks t Critical for gigabit IP access service networks t Restoration of tunnels in case of VPN gateway failure Customer Premises Equipment based Virtual Private Networks

All rights reserved © 2000, Alcatel 12 t Enterprise market as a pure IP overlay VPN solution t Number of IPSEC tunnels, throughput over IPSEC tunnels, recovery t Dynamic membership of sites to a VPN for Site-Site VPNs t Integration with PKI infrastructure, AAA for VPN Clients t Carrier/Service Provider market as a vehicle for IPVPN services t Integration of configuration with service provisioning solutions t Integration with IPVPN service functionality such as Firewall, QoS t Integration with data collection for services (assurance + billing) CPE VPN Gateway Differentiation & Success Factors - Future Customer Premises Equipment based Virtual Private Networks

All rights reserved © 2000, Alcatel 13 Policy server Policy route r Installation team Security team Network team Billing data SLA info. IS enterprise management HR: n WW users n adds/changes IS Dept: n US security policy mgmt. IS Dept: n Asia security policy mgmt. Service provider management IS Dept: n Europe security policy mgmt. New York Headquarters Web serve r Policy router Corp. serve r Geneva office office Policy route r Tokyooffice Policy route r Internet CPE IPVPN Vehicle for IPVPN Services Customer Premises Equipment based Virtual Private Networks