NECP: the Network Element Control Protocol IETF WREC Working Group November 11, 1999.

Slides:

Advertisements

Similar presentations

Securing the Router Chris Cunningham.

Advertisements

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

Chapter 7 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain the need for the transport layer.  Identify.

TPACT: the Transparent Proxy Agent Control proTocol Presented to CS558 May 7, 1999 Alberto Cerpa & Jeremy Elson.

(4.4) Internet Protocols Layered approach to Internet Software 1.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

Introduction to Transport Layer. Transport Layer: Motivation A B R1 R2 r Recall that NL is responsible for forwarding a packet from one HOST to another.

Chapter 13 Mobile IP. Outline  ADDRESSING  AGENTS  THREE PHASES  AGENT DISCOVERY  REGISTRATION  DATA TRANSFER  INEFFICIENCY IN MOBILE IP.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.

1 Web Proxies Dr. Rocky K. C. Chang 6 November 2005.

Circuit & Application Level Gateways CS-431 Dick Steflik.

K. Salah1 Security Protocols in the Internet IPSec.

TCP/IP Basics A review for firewall configuration.

IP-UDP-RTP Computer Networking (In Chap 3, 4, 7) 건국대학교 인터넷미디어공학부 임 창 훈.

Lecture 8 Modeling & Simulation of Communication Networks.

NetComm Wireless VPN Functionality Feature Spotlight.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.

Advanced Computer Networks - IAIK 1 Gsenger, Nindl, Pointner Graz, Secure Anycast Tunneling Protocol.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

Redirection and Load Balancing

1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.

Review: –What is AS? –What is the routing algorithm in BGP? –How does it work? –Where is “policy” reflected in BGP (policy based routing)? –Give examples.

TCP/IP Essentials A Lab-Based Approach Shivendra Panwar, Shiwen Mao Jeong-dong Ryoo, and Yihan Li Chapter 5 UDP and Its Applications.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

Lecture#1 on Internet. Internet Addressing IP address: pattern of 32 or 128 bits often represented in dotted decimal notation IP address: pattern of 32.

CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

1 Network Security Lecture 8 IP Sec Waleed Ejaz

1 Firewalls. 2 What is a firewall? Device that provides secure connectivity between networks (internal/external; varying levels of trust) Used to implement.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

C3 confidentiality classificationIntegrated M2M Terminals Introduction Vodafone MachineLink 3G v1.0 1 Vodafone MachineLink 3G VPN functionality Feature.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.

Karlstad University IP security Ge Zhang

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

Module 10: How Middleboxes Impact Performance

Transport Layer3-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.

TPACT: the Transparent Proxy Agent Control proTocol Presented to CS558 March 26, 1999 Alberto Cerpa & Jeremy Elson.

Network and the internet Part eight Introduction to computer, 2nd semester, 2009/2010 Mr.Nael Aburas Faculty of Information.

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

Internet Protocols. ICMP ICMP – Internet Control Message Protocol Each ICMP message is encapsulated in an IP packet – Treated like any other datagram,

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.

Data Communications and Networks Chapter 6 – IP, UDP and TCP ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.

Networking (Cont’d). Congestion Control l Is achieved by informing nodes along a route that congestion has occurred and asking them to reduce their packet.

K. Salah1 Security Protocols in the Internet IPSec.

Defining Network Infrastructure and Network Security Lesson 8.

An Analysis on NAT Security

Introduction to Networks

NAT – Network Address Translation

IT443 – Network Security Administration Instructor: Bo Sheng

ICMP ICMP – Internet Control Message Protocol

IPSec IPSec is communication security provided at the network layer.

Internet Networking recitation #12

Introduction to Networks

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

* Essential Network Security Book Slides.

Network Security (contd.)

CS4470 Computer Networking Protocols

COMPUTER NETWORKS CS610 Lecture-37 Hammad Khalid Khan.

46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.

Chapter 5 Transport Layer Introduction

BGP Instability Jennifer Rexford

Computer Networks Protocols

Presentation transcript:

NECP: the Network Element Control Protocol IETF WREC Working Group November 11, 1999

where is NECP needed? ISP User Network Servers (Origin Servers, Proxy Caches, etc.) Router L4 Switch (load balancing, or intercepting for transparent proxies) Note that a Server usually knows what it wants, but the Switch is feeding it the packets Internet (Large Backbone ISP)

the role of NECP Servers (load balanced groups, transparent proxies) L4 Switch NECP allows the cache and switch to exchange control traffic

what control traffic? When servers come up, they can tell the switch: “add me to your group for Service X” Servers can send load information; switch does better balancing Switches immediately stop sending work to dead servers using periodic KEEPALIVEs Transparent Proxy Caches can tell switches to allow direct connections for certain clients (e.g., on auth failure)

key features Specific load balancing policies IP addresses of friendly servers/caches Configuration management Minimal Assumes per-flow state available on switch Extensible load metrics Authentication non-features

Backup Slides

udp (or snmp): why not use it? Initially, SNMP seemed perfect to us -- it’s a generic way for net devices to interoperate But, we found ourselves redesigning things that were already in TCP. We use TCP’s: –stream demultiplexing –retransmission policy –segmentation & reassembly of large messages –flow control –congestion control Like BGP, or ICP

NAT and GRE Earlier versions of the protocol include complex NAT queries in case the original IP dest addr was lost. Why not encapsulate? Generic Routing Encapsulation to tunnel application packets from proxy to cache Now - no NAT problems; reduces complexity of design and implementation

authentication Both sides share a secret (say, a password) Sender: –appends the secret to its message –calculates an SHA-1 hash –replaces the secret with the SHA-1 Receiver: –Saves the SHA-1 –Replaces the SHA-1 with the secret –Calculates the SHA-1 (should match) Sequence numbers to prevent replay attacks Note: this is authentication, not encryption

redirection semantics If a server asks a switch to change its forwarding state (e.g., stop forwarding a dest port number), do existing flows break? –Do we add a “stop giving me dest port X, except for the following ethereal ports” command? (Complex; doesn’t work for start) –Ostrich Algorithm: let the connections break? – Do we assume that all switches keep per-flow state, and can redirect new connections without breaking old ones?