Presentation is loading. Please wait.

Presentation is loading. Please wait.

IP EDGE DEVICES A solution for the Internet Migration Patrick Cocquet, 6WIND CEO, IPv6 Forum VP www.6wind.com Dubai IPv6 Forum Summit – February 2001.

Published byAlena Edmonson Modified over 9 years ago

Similar presentations

Presentation on theme: "IP EDGE DEVICES A solution for the Internet Migration Patrick Cocquet, 6WIND CEO, IPv6 Forum VP www.6wind.com Dubai IPv6 Forum Summit – February 2001."— Presentation transcript:

1 IP EDGE DEVICES A solution for the Internet Migration Patrick Cocquet, 6WIND CEO, IPv6 Forum VP www.6wind.com Dubai IPv6 Forum Summit – February 2001

2 SUMMARY 6WIND, the IPv6 company ! 6WIND Positioning IP Edge Device in the Network Architecture IP Edge Device, main features Conclusion

3 6WIND The IPv6 start-up company –Spin-outing of the Thomson-CSF IP Network development activities –Starting day : 1 st September 2000 –Team : 20 engineers + subcontractors –Experience : 5 years of IP R&D activities –Member of the IPv6 Forum Board (VP)

4 6WIND POSITIONING To develop IP access devices to provide the user with new IP services : –All features in one box : QoS, security, IPv4/v6 migration, mobility, routing –Significant step in terms of Network Services To develop expertise around the introduction of the IPv6 technology Markets (1st step) : –Enterprises and Branch Offices –Direct sales (ISPs) and Indirect sales (Integrators) Markets (future steps) : –Soho (wireless + zero conf IP networks) –Home Networks

5 IP service configuration MANAGEMENT CENTER ARCHITECTURE Qos management (DiffServ) IP Security IPv4 /v6 migration features Mobility (mobile IP) Multicast Routing 6WIND IP Edge Device 6WIND IP Edge Device 6WIND IP Edge Device Internet or Intranet (IPv4 or IPv6) End

6 QoS MANAGEMENT Issue : Resource guarantee for time sensitive flows ConfigArchQoS

7 QoS MANAGEMENT DiffServ IPv6 or IPv4 backbone or Intranet Classification Policing and shaping Scheduling  EF and AF DiffServ IETF standard ConfigArchQoS

8 QoS MANAGEMENT Scheduling per Class of Service ClassificationShaping and policing Non classified IP flows Classified IP packets In excess packets Minimal bandwidth reserved for each class ConfigArchQoS

9 CLASS OF SERVICE 1) Define a class ConfigArchQoS

10 FLOW DEFINITION 2) Define an IPv4 or IPv6 flow ConfigArchQoS

11 QOS MONITORING 3) Monitor the classes ArchQoS

12 IP SECURITY IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone Questions New device authentication Security Association definition Data transfers ConfigArch

13 Certification Authority DEVICE AUTHENTICATION IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone Key Pair Generation RSA algorithm Certificate request

14 Certification Authority DEVICE AUTHENTICATION IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone Certificate generation Pre-shared keys can also be used Certificate delivery ConfigArchSec

15 SECURITY ASSOCIATION IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone IPSec SA statically configured in each device Addresses Algorithms Session keys

16 SECURITY ASSOCIATION IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone IKE negotiation phases IPSec SA dynamically configured Addresses Algorithms Session keys Lifetime ConfigArchSec

17 DATA EXCHANGE IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone Secure traffic between protected zones via IPSec tunnels Policies : Discard Clear Apply AH and/or ESP ConfigArchSec

18 VPN CONFIGURATION 1) Name the VPN ConfigArchSec

19 VPN CONFIGURATION 2) Define the end point addresses ConfigArchSec

20 VPN CONFIGURATION Pre defined templates ease the configuration process 3) Choose your security level ConfigArchSec

21 VPN CONFIGURATION 4) Choose the certificate or the key ConfigArchSec

22 IPSec TUNNEL CONFIGURATION 1) Define the zones to be protected ConfigArchSec

23 IPSec TUNNEL CONFIGURATION 2) Apply a policy ArchSec

24 IPv4/v6 MIGRATION MECHANISMS IPv4 or IPv6 non secure backbone IPv6 cloud Mechanisms Automatic tunnels Configured v6 in v4 tunnels 6to4 Configured v4 in v6 tunnels IPv6 cloud IPv4 backbone ConfigArch

25 AUTOMATIC TUNNEL IPv4 or IPv6 non secure backbone IPv6 cloud IPv4 backbone IPv6 packet IPv4-compatible IPv6 @ = 0…0IPv4@ No configuration IPv6 packet IPv4 encapsulation src 137.37.17.53 dst 138.38.10.54 From ::137.37.17.53 to ::138.38.10.54 Dest ::138.38.10.54 ConfigArchMig

26 CONFIGURED IPv6 in IPv4 TUNNEL IPv4 or IPv6 non secure backbone IPv6 cloud IPv4 backbone IPv6 packet End Point = IPv4 @ + IPv6 @ Tunnel configuration IPv6 packet IPv4 encapsulation with end point addresses IPv6 @ IPv4 @ ConfigArchMig

27 6to4 IPv4 or IPv6 non secure backbone IPv6 cloud IPv4 backbone IPv6 packet 6to4 prefix per site = 2002:IPv4@::/48 Hides an IPv6 network behind a single IPv4 address IPv6 packet IPv4 encapsulation with IPv4 addresses 6to4@ IPv4 @ ConfigArchMig

28 CONFIGURED IPv4 in IPv6 TUNNEL IPv4 or IPv6 non secure backbone IPv4 cloud IPv6 backbone IPv4 packet End Point = IPv4 @ + IPv6 @ Tunnel configuration IPv4 packet IPv6 encapsulation with end point addresses IPv4 @ IPv6 @ ConfigArchMig

29 IPv4/v6 MIGRATION CONFIGURATION (CTU) Name the tunnel and define the IPv4 and IPv6 end point addresses Ret

30 IPv6 MOBILITY Home agent Correspondent Node Mobile (Home address)

31 IPv6 MOBILITY Home agent Correspondent Node Mobile (Home address)

32 Home agent Correspondent Node Mobile (Care of address) Address binding IPv6 MOBILITY Mobile (Home address)

33 Home agent Correspondent Node Mobile (Care of address) Address binding IP in IP encapsulation IPv6 MOBILITY Proxy Mobile (Home address)

34 Home agent Correspondent Node Mobile (Care of address) Address binding IPv6 MOBILITY Notification IP in IP encapsulation Proxy Mobile (Home address)

35 Home agent Correspondent Node Mobile (Care of address) Address binding Shortcut IPv6 MOBILITY Notification Proxy Mobile (Home address) Arch

36 IP SERVICE CONFIGURATION Several management levels for dynamic service configuration : –Command Line Interface –SNMP Agent –NMS tool based on an SNMP platform integrating 6WIND configuration toolsNMS tool Open to other management frameworks Secure configuration through SSH Arch

37 NMS TOOL

38 6WIND CONFIGURATION TOOLS 1) Click on a device, choose your menu Ret

39 6WIND First set of Products 6200 series

40 PRODUCT FEATURES (HW) 2 products : –6WIND 6211 : Three Fast Ethernet : Private, Public, Optional Able to deliver a 20 Mbps 3DES encrypted traffic 2000 tunnels and 2000 QoS flows –6WIND 6221 : Same as 6211 with an E1/T1 public interface Next : –ATM interface

41 PRODUCT FEATURES (SW) QoS : EF, AF for IPv4 and IPv6 Security : IPSEC, IKE, IP Filter for IPv4 and IPv6, X509 certificates IPv6 / IPv4 : Both stacks 6to4, v6 into v4 tunnels (automatic and configured) RIP v6 Management : SNMP agent with standard and IPv6 MIB CLI Management tool integrated in a SNMP framework

42 CONCLUSION 6WIND Edge Devices enable new service deployment : –Better multi-media performance by implementing Diffserv –Security by using IPSec and IKE –Efficient management –Nomadism of users by using MobileIP(2 nd release) –Multicasting (3 rd release) Allowing v4 to v6 migration of networks and v4/v6 interoperability

43 Questions ? –Info@6wind.com Web sites –www.6wind.com –www.ipv6forum.com –www.6init.org –www.lip6.fr/airs THE END

Download ppt "IP EDGE DEVICES A solution for the Internet Migration Patrick Cocquet, 6WIND CEO, IPv6 Forum VP www.6wind.com Dubai IPv6 Forum Summit – February 2001."

Similar presentations

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
Secure Mobile IP Communication

Secure Mobile IP Communication
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
1 Integration of IPv6 Services. 2 www.cisco.com Integration of IPv6 Services The Ubiquitous Internet Large Address Space Auto-Configuration Enhanced Mobility.

1 Integration of IPv6 Services. 2 Integration of IPv6 Services The Ubiquitous Internet Large Address Space Auto-Configuration Enhanced Mobility.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—5-1 111 © 2003, Cisco Systems, Inc. All rights reserved.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.

1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Implementing Secure Converged Wide Area Networks (ISCW)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Implementing Secure Converged Wide Area Networks (ISCW)
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

Similar presentations

Ads by Google