Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bay DVPN 0698 1 Dial-in Virtual Private Networking Using Layer 3 Tunneling Gary Malkin Bay Networks Internet Telecom Business Group.

Similar presentations


Presentation on theme: "Bay DVPN 0698 1 Dial-in Virtual Private Networking Using Layer 3 Tunneling Gary Malkin Bay Networks Internet Telecom Business Group."— Presentation transcript:

1 Bay DVPN Dial-in Virtual Private Networking Using Layer 3 Tunneling Gary Malkin Bay Networks Internet Telecom Business Group

2 Bay DVPN Overview DVPN Topology Subscriber Network Service Provider IP Network Dial-in User Subscriber Network Dial-in Router

3 Bay DVPN Overview Encapsulation & Tunneling PPPIP user data IP IP IPMACMAC GRE

4 Bay DVPN Overview Provisioning Provisioning information for BayDVS Provisioning information for BayDVS –Tunnel protocol and endpoint –Gateway address and path to Subscriber Site –Authentication protocol and server address –Dynamic Address Assignment protocol and server address –Tunnel authentication protocol and key Operational information and statistics Operational information and statistics

5 Bay DVPN Tunneling From Provider to Customer Tunneling From Provider to Customer Tunneling Within Provider’s Network Tunneling Within Provider’s Network Tunneling From PC to Customer’s Network Tunneling From PC to Customer’s Network Tunneling From PC to Provider’s Network Tunneling From PC to Provider’s Network Tunneling Models

6 Bay DVPN Tunneling Model - Provider to Subscriber Service Provider Network RemoteClient Network RAC (Tunnel Endpoint) Router SubscriberNetwork

7 Bay DVPN Tunneling Model - Within Provider’s Network Service Provider Network RemoteClient Network RAC (Tunnel Endpoint) Network Subscriber Network Router (Tunnel Endpoint) CPE Router

8 Bay DVPN Tunneling Model - PC to Subscriber Service Provider Network RemoteClient (Tunnel Endpoint) Network RAC Router SubscriberNetwork

9 Bay DVPN Tunneling Model - PC to Provider’s Network Service Provider Network RemoteClient (Tunnel Endpoint) Network RAC Network Subscriber Network Router (Tunnel Endpoint) CPE Router

10 Bay DVPN BayDVS Description Description Topology Topology Operation Algorithm Operation Algorithm Security Security

11 Bay DVPN BayDVS Description Mobile IP based tunneling solution Mobile IP based tunneling solution Requires only IP/PPP on Remote Node Requires only IP/PPP on Remote Node No requirements for Customer Premise Equipment No requirements for Customer Premise Equipment Provides addressing and routing isolation Provides addressing and routing isolation Allows authentication by Service Provider or Subscriber Allows authentication by Service Provider or Subscriber Allows address assignment by Service Provider or Subscriber Allows address assignment by Service Provider or Subscriber

12 Bay DVPN BayDVS Topology Subscriber Network Service Provider IP Network Dial-in User RAS TMS GW CPE ASDHCP FrameRelay

13 Bay DVPN BayDVS Operation Algorithm Remote Node Remote Access Server Tunnel Management System Gateway Authentication Server DHCP Server Connect LCP negotiation CHAP initiation MIP auth request Auth/info request Auth request MIP registration request Disconnect MIP terminate request Terminate message NCP negotiation OPEN COMMUNICATION Grant w/info MIP auth response MIP registration response CHAP completion MIP terminate response Local Node MIP DAA request DHCP discover/request DHCP response/ack MIP DAA response

14 Bay DVPN BayDVS Operation Algorithm - Authentication Remote Access Server Tunnel Management System Gateway AuthenticationServer RAS acquires provisioned information for User’s Subscriber RAS authenticates user with Subscriber’s Authentication Server Auth/info request Grant w/info MIP authentication response MIP authentication request Auth request

15 Bay DVPN BayDVS Operation Algorithm - Dynamic Addressing RAS “discovers” DHCP server in Subscriber site RAS requests IP address from DHCP server Remote Access Server Gateway DHCPServer MIP DAA request DHCP response DHCP ack MIP DAA response MIP DAA request DHCP discover DHCP request MIP DAA response

16 Bay DVPN BayDVS Security CHAP or PAP user authentication CHAP or PAP user authentication User authentication managed by provider or subscriber User authentication managed by provider or subscriber MD-5 authentication of tunnel establishment MD-5 authentication of tunnel establishment

17 Bay DVPN Comparison of L2TP and BayDVS Scaling and Performance Scaling and Performance – BayDVS Payload Packet –L2TP Payload Packet Interoperability Interoperability Subscriber Requirements Subscriber Requirements End-to-End (between RC and LNS) Encryption and Compression End-to-End (between RC and LNS) Encryption and Compression Address and Routing Isolation Address and Routing Isolation IP Payload IP (20 bytes) GRE (8 bytes) UDP (8 bytes) L2TP (12 bytes) IP (20 bytes) PPP Frame IP Payload


Download ppt "Bay DVPN 0698 1 Dial-in Virtual Private Networking Using Layer 3 Tunneling Gary Malkin Bay Networks Internet Telecom Business Group."

Similar presentations


Ads by Google