Presentation is loading. Please wait.

Presentation is loading. Please wait.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

Published byDominic Spencer Modified over 11 years ago

Similar presentations

Presentation on theme: "All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group."— Presentation transcript:

1 All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group

2 All rights reserved © 2000, Alcatel 2 Contents t Global VPN requirements t Deployment View t What does a typical CPE VPN look like ? t Network View t What sort of connectivity does it provide ? t Technology View t What are the underlying technologies ? t Differentiation and Success Factors t Where are the factors today, what will they be in future ? Customer Premises Equipment based Virtual Private Networks

3 All rights reserved © 2000, Alcatel 3 Global VPN requirements t Connectivity t IP connectivity between geographically dislocated sites using private addressing t transparent to underlying shared infrastructure t => tunnelling mechanism t Security t data privacy (e.g. encryption) t authentication and integrity t Scalability t Management t... Customer Premises Equipment based Virtual Private Networks

4 All rights reserved © 2000, Alcatel 4 Proposed Technology : IPsec t IP security offers t tunnelling (forwarding in shared internet is normal IP forwarding) t authentication and integrity t cryptographic encryption t IPsec can be used with IKE t IKE = Security Association negotiation and Key Exchange Protocol Customer Premises Equipment based Virtual Private Networks

5 All rights reserved © 2000, Alcatel 5 Branch Office Dial-up VPN clients BusinessPartner VPN Site-Site VPN gateway Internet Uplink PVC InternationalSales DomesticSales Dial-up VPN clients VPN gateway Headquarters ASP Data center Finance server Corp. server 256K Policy manager Policy manager 256k CPE VPN Deployment View LAN-based VPN client Customer WebSurfers 512K 128K 512K LAN-based VPN client VPN gateway Customer Premises Equipment based Virtual Private Networks

6 All rights reserved © 2000, Alcatel 6 CPE VPN Network View L2 Access Network Service Provider Network L3 Access + Distribution + L3 Edge CPE L2 Access Network L3 Access + Distribution + L3 Edge IP routing / MPLS Traffic Engineering IPSEC Connectivity Customer Premises Equipment based Virtual Private Networks CPE IP header IP datanew IP header IPsec header IP header IP data possibly encrypted

7 All rights reserved © 2000, Alcatel 7 CPE VPN Network Topologies Internet Customer Premises Equipment based Virtual Private Networks Site 1 Site 2 Site 3 Site 4 HUB and SPOKE topology IPsec tunnel

8 All rights reserved © 2000, Alcatel 8 CPE VPN Network Topologies Internet Customer Premises Equipment based Virtual Private Networks Site 1 Site 2 Site 3 Site 4 Full Mesh topology IPsec tunnel

9 All rights reserved © 2000, Alcatel 9 CPE VPN - Dial up VPN Client L2 Access Network Service Provider Network L3 Access + Distribution + L3 Edge CPE L2 Access Network L3 Access + Distribution + L3 Edge IPSEC IP over PPP L2TP IP Option 1 Option 2 Dial Up Client Customer Premises Equipment based Virtual Private Networks

10 All rights reserved © 2000, Alcatel 10 CPE VPN Gateway Technologies t IKE Daemons t Phase I, Phase II negotiations to generate/update IPSEC keys and setting up of Security Associations (IPsec tunnels) t Use of certificates v/s shared secret for authentication t Proposal exchange and agreement, exchange of proxy ids t IPSEC Drivers t Handling of IP packets based on IP header and proxy ids t Encryption using IKE negotiated keys and encryption algorithm t Encapsulation of IP packets using IPSEC headers Customer Premises Equipment based Virtual Private Networks

11 All rights reserved © 2000, Alcatel 11 CPE VPN Gateway Differentiation & Success Factors - Today t Number of concurrent IPSEC tunnels supported t Maps to memory and CPU required to maintain state for tunnels t Critical for dial up scenarios and large number of branch offices t Critical for multi tenant MAN service networks t Throughput over the IPSEC tunnels t Maps to encryption/decryption speeds of the CPU/ASIC t Critical for the HUB site or in case of gigabit campus networks t Critical for gigabit IP access service networks t Restoration of tunnels in case of VPN gateway failure Customer Premises Equipment based Virtual Private Networks

12 All rights reserved © 2000, Alcatel 12 t Enterprise market as a pure IP overlay VPN solution t Number of IPSEC tunnels, throughput over IPSEC tunnels, recovery t Dynamic membership of sites to a VPN for Site-Site VPNs t Integration with PKI infrastructure, AAA for VPN Clients t Carrier/Service Provider market as a vehicle for IPVPN services t Integration of configuration with service provisioning solutions t Integration with IPVPN service functionality such as Firewall, QoS t Integration with data collection for services (assurance + billing) CPE VPN Gateway Differentiation & Success Factors - Future Customer Premises Equipment based Virtual Private Networks

13 All rights reserved © 2000, Alcatel 13 Policy server Policy route r Installation team Security team Network team Billing data SLA info. IS enterprise management HR: n WW users n adds/changes IS Dept: n US security policy mgmt. IS Dept: n Asia security policy mgmt. Service provider management IS Dept: n Europe security policy mgmt. New York Headquarters Web serve r Policy router Corp. serve r Geneva office office Policy route r Tokyooffice Policy route r Internet CPE IPVPN Vehicle for IPVPN Services Customer Premises Equipment based Virtual Private Networks

Download ppt "All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group."

Similar presentations

Privacy Issues in Virtual Private Networks Tim Strayer BBN Technologies.

Privacy Issues in Virtual Private Networks Tim Strayer BBN Technologies.
Cisco Router as a VPN Server. Agenda VPN Categories of VPN – Secure VPNs – Trusted VPN Hardware / Software Requirement Network Diagram Basic Router Configuration.

Cisco Router as a VPN Server. Agenda VPN Categories of VPN – Secure VPNs – Trusted VPN Hardware / Software Requirement Network Diagram Basic Router Configuration.
Technology Directions for IP Infrastructure GH 3/7/00.

Technology Directions for IP Infrastructure GH 3/7/00.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Identifying MPLS Applications

Identifying MPLS Applications
Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014.

Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014.
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.

VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
IT’S HERE Bandwidth Technologies. Agenda Technologies for Bandwidth –Single Location DSL/Cable T1/Bonded T1 DS3/OC-N Ethernet Over Copper (EoC, EoFM)

IT’S HERE Bandwidth Technologies. Agenda Technologies for Bandwidth –Single Location DSL/Cable T1/Bonded T1 DS3/OC-N Ethernet Over Copper (EoC, EoFM)
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.

1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
91.527 - Human Computer Interaction - Fall 2010 Class project By Khang Nguyen Virtual Private Network Design for Remote Access Cambridge - SFO Airport.

Human Computer Interaction - Fall 2010 Class project By Khang Nguyen Virtual Private Network Design for Remote Access Cambridge - SFO Airport.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Similar presentations

Ads by Google