Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bay DVPN 0698 1 Dial-in Virtual Private Networking Using Layer 3 Tunneling Gary Malkin Bay Networks Internet Telecom Business Group.

Published byCora Cannon Modified over 9 years ago

Similar presentations

Presentation on theme: "Bay DVPN 0698 1 Dial-in Virtual Private Networking Using Layer 3 Tunneling Gary Malkin Bay Networks Internet Telecom Business Group."— Presentation transcript:

1 Bay DVPN 0698 1 Dial-in Virtual Private Networking Using Layer 3 Tunneling Gary Malkin Bay Networks Internet Telecom Business Group

2 Bay DVPN 0698 2 Overview DVPN Topology Subscriber Network Service Provider IP Network Dial-in User Subscriber Network Dial-in Router

3 Bay DVPN 0698 3 Overview Encapsulation & Tunneling PPPIP user data IP IP IPMACMAC GRE

4 Bay DVPN 0698 4 Overview Provisioning Provisioning information for BayDVS Provisioning information for BayDVS –Tunnel protocol and endpoint –Gateway address and path to Subscriber Site –Authentication protocol and server address –Dynamic Address Assignment protocol and server address –Tunnel authentication protocol and key Operational information and statistics Operational information and statistics

5 Bay DVPN 0698 5 Tunneling From Provider to Customer Tunneling From Provider to Customer Tunneling Within Provider’s Network Tunneling Within Provider’s Network Tunneling From PC to Customer’s Network Tunneling From PC to Customer’s Network Tunneling From PC to Provider’s Network Tunneling From PC to Provider’s Network Tunneling Models

6 Bay DVPN 0698 6 Tunneling Model - Provider to Subscriber Service Provider Network RemoteClient Network RAC (Tunnel Endpoint) Router SubscriberNetwork

7 Bay DVPN 0698 7 Tunneling Model - Within Provider’s Network Service Provider Network RemoteClient Network RAC (Tunnel Endpoint) Network Subscriber Network Router (Tunnel Endpoint) CPE Router

8 Bay DVPN 0698 8 Tunneling Model - PC to Subscriber Service Provider Network RemoteClient (Tunnel Endpoint) Network RAC Router SubscriberNetwork

9 Bay DVPN 0698 9 Tunneling Model - PC to Provider’s Network Service Provider Network RemoteClient (Tunnel Endpoint) Network RAC Network Subscriber Network Router (Tunnel Endpoint) CPE Router

10 Bay DVPN 0698 10 BayDVS Description Description Topology Topology Operation Algorithm Operation Algorithm Security Security

11 Bay DVPN 0698 11 BayDVS Description Mobile IP based tunneling solution Mobile IP based tunneling solution Requires only IP/PPP on Remote Node Requires only IP/PPP on Remote Node No requirements for Customer Premise Equipment No requirements for Customer Premise Equipment Provides addressing and routing isolation Provides addressing and routing isolation Allows authentication by Service Provider or Subscriber Allows authentication by Service Provider or Subscriber Allows address assignment by Service Provider or Subscriber Allows address assignment by Service Provider or Subscriber

12 Bay DVPN 0698 12 BayDVS Topology Subscriber Network Service Provider IP Network Dial-in User RAS TMS GW CPE ASDHCP FrameRelay

13 Bay DVPN 0698 13 BayDVS Operation Algorithm Remote Node Remote Access Server Tunnel Management System Gateway Authentication Server DHCP Server Connect LCP negotiation CHAP initiation MIP auth request Auth/info request Auth request MIP registration request Disconnect MIP terminate request Terminate message NCP negotiation OPEN COMMUNICATION Grant w/info MIP auth response MIP registration response CHAP completion MIP terminate response Local Node MIP DAA request DHCP discover/request DHCP response/ack MIP DAA response

14 Bay DVPN 0698 14 BayDVS Operation Algorithm - Authentication Remote Access Server Tunnel Management System Gateway AuthenticationServer RAS acquires provisioned information for User’s Subscriber RAS authenticates user with Subscriber’s Authentication Server Auth/info request Grant w/info MIP authentication response MIP authentication request Auth request

15 Bay DVPN 0698 15 BayDVS Operation Algorithm - Dynamic Addressing RAS “discovers” DHCP server in Subscriber site RAS requests IP address from DHCP server Remote Access Server Gateway DHCPServer MIP DAA request DHCP response DHCP ack MIP DAA response MIP DAA request DHCP discover DHCP request MIP DAA response

16 Bay DVPN 0698 16 BayDVS Security CHAP or PAP user authentication CHAP or PAP user authentication User authentication managed by provider or subscriber User authentication managed by provider or subscriber MD-5 authentication of tunnel establishment MD-5 authentication of tunnel establishment

17 Bay DVPN 0698 17 Comparison of L2TP and BayDVS Scaling and Performance Scaling and Performance – BayDVS Payload Packet –L2TP Payload Packet Interoperability Interoperability Subscriber Requirements Subscriber Requirements End-to-End (between RC and LNS) Encryption and Compression End-to-End (between RC and LNS) Encryption and Compression Address and Routing Isolation Address and Routing Isolation IP Payload IP (20 bytes) GRE (8 bytes) UDP (8 bytes) L2TP (12 bytes) IP (20 bytes) PPP Frame IP Payload

Download ppt "Bay DVPN 0698 1 Dial-in Virtual Private Networking Using Layer 3 Tunneling Gary Malkin Bay Networks Internet Telecom Business Group."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.

S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Gursharan Singh Tatla SLIP and PPP 27-Mar-2011 1

Gursharan Singh Tatla SLIP and PPP 27-Mar
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.

IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.
Internet Security CSCE 813 Network Access Layer Security Protocols.

Internet Security CSCE 813 Network Access Layer Security Protocols.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
1 Data Communications Point-to-Point Protocol (PPP)

1 Data Communications Point-to-Point Protocol (PPP)
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Point to Point Protocol Operation. Point to Point Protocol Protocol Layers of PPP –Physical Layer –Data Link Layer – HDLC derivative –Other protocols.

Point to Point Protocol Operation. Point to Point Protocol Protocol Layers of PPP –Physical Layer –Data Link Layer – HDLC derivative –Other protocols.
PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.

PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.
VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.

VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.
Remote Networking Architectures

Remote Networking Architectures
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Similar presentations

Ads by Google