Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dynamic Virtual Networks (DVNE) Margaret Wasserman & Paddy Nallur November 11, 2010 IETF 79 -- Beijing, China.

Published byCecilia Stewart Modified over 9 years ago

Similar presentations

Presentation on theme: "Dynamic Virtual Networks (DVNE) Margaret Wasserman & Paddy Nallur November 11, 2010 IETF 79 -- Beijing, China."— Presentation transcript:

1 Dynamic Virtual Networks (DVNE) Margaret Wasserman & Paddy Nallur November 11, 2010 IETF 79 -- Beijing, China

2 Two Drafts DVNE Framework –https://datatracker.ietf.org/doc/draft-mrw-dvne-fw/https://datatracker.ietf.org/doc/draft-mrw-dvne-fw/ –Explains how Dynamic Virtual Networks are constructed DVNE Protocol –https://datatracker.ietf.org/doc/draft-mrw-dvne-prot/https://datatracker.ietf.org/doc/draft-mrw-dvne-prot/ –Describes a provisioning protocol to dynamically provision a Dynamic Virtual Networks

3 Static Virtual Networks B2 A1 Internet NAT B1 A2 A4 A3 B3 CGN B4 NATNAT

4 Issues to Address Node-to-Node Virtual Networks –Connectivity can be hard to establish due to NATs, IPv4-to- IPv6 coexistence technologies, firewalls, etc. –Large Virtual Networks are unmanageable due to need to configure virtual network parameters on every node. Remote endpoint addresses, credentials, etc. –Each node maintains state for every other node in the network, even if they never communicate Site-to-Site Virtual Networks –No consistent end-to-end security –Security depends on physical topology No support for flexible, centralized administration and provisioning

5 Functional Elements B2 DVNE Mediator VN Node Edge Network

6 Basic Operation of Mediator Client desires DVNE connection to another host in the VN, asks mediator Mediator authenticates client Mediator provisions both end of the connection –Local IP addrss, address list for peer, STUN server address, credentials for secure tunnel, etc. VPN connection is established by endpoints –Using IPsec tunnel or DTLS –May use ICE, STUN or other mechanisms as needed to establish connectivity

7 Dynamic, On-Demand Connection B2 DVNE Mediator Node B Node A VN Node Edge Network - Node A requests connection to Node B - Mediator provisions Node A & Node B - Secure connection from Node A to Node B

8 Dynamic Virtual Network A1 Internet NAT B1 A2 A4 A3 B3 CGN B4 NA T B2

9 Current IETF Solutions Used Various VPN/secure tunnel solutions –Such as IPsec or DTLS TLS for authentication ICE/STUN for NAT traversal The DVNE protocol does not replace these technologies, it provisions nodes with the information to use them

10 Missing Piece IETF has no generic service provisioning protocol to use for Client-to-Mediator communication Existing management protocols have different model –“Configure yourself”, rather than “provision me” –No ability to trigger provisioning of service across multiple nodes Existing data models (MIBs, Yang modules) could be used to hold data

11 Status of DVNE Work Current work focuses on a DVNE protocol for network authentication and DVNE service provisioning and virtual network set-up Work underway on national Standard in China for DVNE Framework –Combined work of Huawei Symantec, ZTE, and China Mobile Prototype code up and running

12 Specific vs. General in IETF Specific need for a Dynamic Virtual Network provisioning protocol IETF may have more general need for a generic Service Provisioning protocol that could be applied to this space and others. Which should we pursue in the IETF?

13 Questions Should we work on this topic in the IETF? Should we pursue a specific or general solution? –Specific: DVNE protocol to provision VNs –Generic: Generic service provisioning protocol, PLUS data model for provisioning VNs. Should we do the work here in the Ops Area WG? In separate Ops/NM WG? Elsewhere?

Download ppt "Dynamic Virtual Networks (DVNE) Margaret Wasserman & Paddy Nallur November 11, 2010 IETF 79 -- Beijing, China."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.

AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Module 1: Microsoft Windows 2000 Networking Services Infrastructure Overview.

Module 1: Microsoft Windows 2000 Networking Services Infrastructure Overview.
Mobile IP Security Dominic Maguire Research Essay Presentation Communications Infrastructure Module MSc Communications Software, WIT 1 1 1 0 11 0.

Mobile IP Security Dominic Maguire Research Essay Presentation Communications Infrastructure Module MSc Communications Software, WIT
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
ABFAB Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman

ABFAB Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Virtual Private Network

Virtual Private Network
Automatic Router Configuration Protocol (ARCP) v1.1, 18 Nov. 2002 Jeb Linton, EarthLink

Automatic Router Configuration Protocol (ARCP) v1.1, 18 Nov Jeb Linton, EarthLink

Similar presentations

Ads by Google