Presentation is loading. Please wait.

Presentation is loading. Please wait.

VyperNet A Framework for Programmable Virtual Private Networks Adam Hudson Supervisor: Bob Kummerfeld.

Published byBrooke Ryan Modified over 8 years ago

Similar presentations

Presentation on theme: "VyperNet A Framework for Programmable Virtual Private Networks Adam Hudson Supervisor: Bob Kummerfeld."— Presentation transcript:

1 VyperNet A Framework for Programmable Virtual Private Networks Adam Hudson Supervisor: Bob Kummerfeld

2 A VyperNet network Client Network Client Network Client Network Client Network Client Network

3 Contributions A design for a framework that allows clients to configure Virtual Private Networks within provider networks An implementation of the framework An example application

4 VPNs A Virtual Private Network (VPN) provides a way for distributed sites to connect in a manner than emulates a LAN Comprised of tunnels  Layers of protocols that hide underlying network from applications

5 ISP Firewall ISP An example VPN

6 ISP Firewall ISP An example VPN

7

8 VPN control A client builds their VPN upon a network they acquire from a provider eg. ISP, carrier VPNs are usually a series of tunnels across a network, that are controlled at the edge of the network  All that the client has access to  Inefficient use of network Better option is to control the endpoints of the tunnels within the network

9 Site

10 Enter VyperNet Providers need to offer a way for clients to control the internal nodes of the network Difficult to do at present  Providers make changes at client’s request  Insecure otherwise VyperNet introduces a way to let clients gain control Allows the introduction of code into a controlled portion of the switch nodes of the network, on behalf of the client

11 Technologies used in VyperNet Multiprotocol Label Switching (MPLS) Active Networking Programmable VPNs

12 MPLS A method of producing tunnels Labels are inserted as an extra header between layer 2 and 3 of each packet Labels are allocated to packets based upon their destination as they enter the network, and are switched at each hop on to the next switch Allows many different VPNs to use the same network

13 MPLS tunnels

14 Active Networks Introduce programmability into the network Packets carry code with them in “capsules”, which can execute at active nodes along their path Creates environment for clients to access the network switches Provide them with a programmable VPN

15 VyperNet A framework to allow the client to configure an MPLS network Sends capsules at the request of the client to switches to manipulate MPLS switching tables Designed for use in creating programmable VPNs An example application can show how it works

16 Node Trader Switch VyperNet components Switch Provider Application 1 1 1 4 4 4 3 1.Startup capsule 2.Client tunnel request capsule (and response) 3.Provider tunnel request capsule (and response) 4.Switch configuration capsule (and response) Client Application 2

17 VyperNet switch configuration

18 Example – No active nodes

19 Example – 3 active nodes

20 Startup capsules Node Trader Switch Application 1 1 1

21 Example – VPN allocation

22 Example – Tunnel allocation

23 Example – Client-side tunnel activation

24 Tunnel activation Node Trader Switch Provider Application 4 4 4 3 Client Application 2 Provider application acts As a gateway for client requests

25 Example – Tunnel activated

26 Example – A VPN

27 Real world example Telstra want to deploy a framework like this into their nation-wide network of switches Would allow them to allocate portions of their network to clients, such that Telstra is acting as a VPN Service Provider Clients can quickly activate or deactivate tunnels to suit organisational needs

28 Telstra example Client Network Client Network Client Network Client Network Client Network

29 In conclusion A design for a framework that allows clients to configure Virtual Private Networks within provider MPLS networks An implementation of the framework An example application

30 Questions?

Download ppt "VyperNet A Framework for Programmable Virtual Private Networks Adam Hudson Supervisor: Bob Kummerfeld."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
MPLS VPN.

MPLS VPN.
Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Introducing MPLS Labels and Label Stacks

Introducing MPLS Labels and Label Stacks
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
CS 672 1 Summer 2003 Lecture 14. CS 672 2 Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.

CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
TCP/IP Protocol Suite 1 Chapter 26 Upon completion you will be able to: Virtual Private Networks and Network Address Translation Understand the difference.

TCP/IP Protocol Suite 1 Chapter 26 Upon completion you will be able to: Virtual Private Networks and Network Address Translation Understand the difference.
MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,

MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,
A Policy-Based Optical VPN Management Architecture.

A Policy-Based Optical VPN Management Architecture.
COS 420 Day 16. Agenda Assignment 3 Corrected Poor results 1 C and 2 Ds Spring Break?? Assignment 4 Posted Chap 16-20 Due April 6 Individual Project Presentations.

COS 420 Day 16. Agenda Assignment 3 Corrected Poor results 1 C and 2 Ds Spring Break?? Assignment 4 Posted Chap Due April 6 Individual Project Presentations.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Remote Networking Architectures

Remote Networking Architectures
Diploma in Information Technology Principles of Information Systems and Data Management Classroom Local Area Network & Internet.

Diploma in Information Technology Principles of Information Systems and Data Management Classroom Local Area Network & Internet.

Similar presentations

Ads by Google