VPN. Virtual Private Network. Mario Baldi. Synchrodyne Networks, Inc. VPN - 1 M.

Similar documents
VPN. Virtual Private Network. Mario Baldi Luigi Ciminiera. Politecnico di Torino. VPN - 1 M. Baldi L. Ciminiera: see page 2

ROUTING PROTOCOLS. Mario Baldi Routing - 1. see page 2

VPN. Agenda VPN VPDN. L84 - VPN and VPDN in IP. Virtual Private Networks Introduction VPDN Details (L2F, PPTP, L2TP)

Securizarea Calculatoarelor și a Rețelelor 32. Tehnologia MPLS VPN

MPLS VPN. 5 ian 2010

LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

Virtual Private Networks (VPNs)

MPLS Multi-protocol label switching Mario Baldi Politecnico di Torino (Technical University of Torino)

MPLS Intro. Cosmin Dumitru March 14, University of Amsterdam System and Network Engineering Research Group ...

ICMPv6. Internet Control Message Protocol version 6. Mario Baldi. Politecnico di Torino. (Technical University of Turin)

MPLS Multi-protocol label switching Mario Baldi Politecnico di Torino (Technical University of Torino)

IPv6 Switching: Provider Edge Router over MPLS

CS519: Computer Networks. Lecture 8: Apr 21, 2004 VPNs

Multi Protocol Label Switching (an introduction) Karst Koymans. Thursday, March 12, 2015

Multiprotocol BGP 1 MPLS VPN. Agenda. Multiprotocol BGP 2

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS

MPLS VPN--Inter-AS Option AB

Configuring MPLS and EoMPLS

MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution

IPv6 Switching: Provider Edge Router over MPLS

ITTK - Network Integration and Implementation - WS L03 - WAN Design

MPLS VPN Inter-AS Option AB

Table of Contents Chapter 1 MPLS Basics Configuration

MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution

Implementing MPLS Layer 3 VPNs

Configuring IPsec on Cisco Routers Mario Baldi Politecnico di Torino (Technical University of Torino)

Configuring Virtual Private LAN Services

Network Design with latest VPN Technologies

Spanning Tree Protocol

MPLS in the DCN. Introduction CHAPTER

IP over. Mario Baldi. Politecnico di Torino. (Technical University of Turin) IPinterconnection - 1 Copyright: si veda nota a pag.

Operation Manual MPLS VLL. Table of Contents

Virtual Private Networks

Networking interview questions

LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF

Configuring MPLS L3VPN

Virtual Private Networks.

MPLS over GRE. Finding Feature Information. Prerequisites for MPLS VPN L3VPN over GRE

CS 393 Network Security. Nasir Memon Polytechnic University Module 13 Virtual Private Networks

Configuring MPLS, MPLS VPN, MPLS OAM, and EoMPLS

MPLS etc.. MPLS is not alone TEST. 26 April 2016 AN. Multi-Protocol Label Switching MPLS-TP FEC PBB-TE VPLS ISIS-TE MPƛS GMPLS SR RSVP-TE OSPF-TE PCEP

MPLS VPN Carrier Supporting Carrier

Cisco How Virtual Private Networks Work

L2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application

MPLS опорни мрежи MPLS core networks

HUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN HUAWEI TECHNOLOGIES CO., LTD. Issue 1.1. Date

Internet. 1) Internet basic technology (overview) 3) Quality of Service (QoS) aspects

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

MULTIPROTOCOL LABEL SWITCHING: REIVEW KAISER ALI BHAT

Configuring MPLS L3VPN

CCIE R&S Techtorial MPLS

Module 11b MPLS VPLS Configuration Lab (LDP Manual)

Secure Extension of L3 VPN s over IP-Based Wide Area Networks

BGP MPLS VPNs. Introduction

Multiprotocol Label Switching Virtual Private Network

MPLS VPN over mgre. Finding Feature Information. Last Updated: November 1, 2012

Cisco IOS IPv6. Cisco IOS IPv6 IPv6 IPv6 service provider IPv6. IPv6. data link IPv6 Cisco IOS IPv6. IPv6

Trafffic Engineering 2015/16 1

Table of Contents Chapter 1 MPLS L3VPN Configuration

Configuring MPLS L2VPN

Table of Contents 1 Multicast VPN Configuration 1-1

Configuring MPLS L2VPN

Analysis of VPN Protocols

Configuring MPLS L2VPN

AToM (Any Transport over MPLS)

MPLS MULTI PROTOCOL LABEL SWITCHING OVERVIEW OF MPLS, A TECHNOLOGY THAT COMBINES LAYER 3 ROUTING WITH LAYER 2 SWITCHING FOR OPTIMIZED NETWORK USAGE

MPLS L3VPN. The MPLS L3VPN model consists of three kinds of devices: PE CE Site 2. Figure 1 Network diagram for MPLS L3VPN model

Cisco Group Encrypted Transport VPN

Managing Site-to-Site VPNs: The Basics

MPLS Layer 3 VPNs Configuration Guide, Cisco IOS Release 12.4T

Table of Contents. Cisco MPLS FAQ For Beginners

A device that bridges the wireless link on one side to the wired network on the other.

MPLS, THE BASICS CSE 6067, UIU. Multiprotocol Label Switching

MPLS etc.. 9 May 2017 AN

MPLS Networks: Design and Routing Functions

Configuration Guide - MPLS

ENTERPRISE MPLS. Kireeti Kompella

Cisco PPPoE Baseline Architecture for the Cisco UAC 6400

Static Routing Design Exercises

VRF, MPLS and MP-BGP Fundamentals

MPLS design. Massimiliano Sbaraglia

A-B I N D E X. backbone networks, fault tolerance, 174

Secure VPNs for Enterprise Networks

Remote Access MPLS-VPNs

isco Cisco PPPoE Baseline Architecture for the Cisco UAC

Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security

Junos MPLS and VPNs. Day(s): 5. Course Code: Overview

Multi-Protocol Label Switching (MPLS) Support

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

Cisco. Maintaining Cisco Service Provider VPNs and MPLS Networks (MSPVM)

PassTorrent. Pass your actual test with our latest and valid practice torrent at once

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0

Configuring multicast VPN

Configuring Virtual Private LAN Service (VPLS) and VPLS BGP-Based Autodiscovery

L2 MPLS VPN (VPLS) Technology White Paper

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

MPLS VIRTUAL PRIVATE NETWORKS

Troubleshooting Tools

Transcription:

VPN Virtual Private Network Mario Baldi Synchrodyne Networks, Inc. http://www.synchrodyne.com/baldi VPN - 1 M. Baldi: see page 2

Nota di Copyright This set of transparencies, hereinafter referred to as slides, is protected by copyright laws and provisions of International Treaties. The title and copyright regarding the slides (including, but not limited to, each and every image, photography, animation, video, audio, music and text) are property of the authors specified on page 1. The slides may be reproduced and used freely by research institutes, schools and Universities for non-profit institutional purposes. In such cases, no authorization is requested. Any total or partial use or reproduction (including, but not limited to, reproduction on magnetic media, computer networks, and printed reproduction) is forbidden, unless explicitly authorized by the authors by means of written license. Information included in these slides is deemed as accurate at the date of publication. Such information is supplied for merely educational purposes and may not be used in designing systems, products, networks, etc. In any case, these slides are subject to changes without any previous notice. The authors do not assume any responsibility for the contents of these slides (including, but not limited to, accuracy, completeness, enforceability, updated-ness of information hereinafter provided). In any case, accordance with information hereinafter included must not be declared. In any case, this copyright notice must never be removed and must be reported even in partial uses. VPN - 2 M. Baldi: see page 2

A Definition Shared infrastructure: Private/public network e.g., the one of an Internet Service Provider IP Frame Relay ATM The Internet Policies Virtual Private Network Customer connectivity deployed on on a shared infrastructure such that that policies can can be be enforced as as in in a private network Secure communication Security, Quality of Service (QoS), reliability, etc. VPN - 3 M. Baldi: see page 2

Why VPN? VPNs enable cutting costs with respect to expensive connectivity solutions Private Networks are based on Private leased lines Long distance dial-up solutions VPN - 4 M. Baldi: see page 2

Why VPN? VPN enable selective and flexible access to corporate network Limited services available to external users High security Few services allowed through firewall All intranet functionalities available to corporate users accessing from the Internet VPN connection allowed through firewall Services available as on the corporate network VPN - 5 M. Baldi: see page 2

VPN Flavors Access VPN or remote VPN or virtual dial in Connect terminal to remote network Virtualizes (dial-u p) access connection e.g., ISDN, PSTN, cable, DSL PPTP, L2TP Site-to-site VPN Connect remote networks Virtualizes leased line IPsec, GRE, MPLS VPN - 6 M. Baldi: see page 2

VPN Deployment Scenarios Intranet VPN Interconnection of corporate headquarters, remote offices, branch offices Extranet VPN Interconnection of customers, suppliers, partners, or communities of interest to a corporate intranet Remote user access Telecommuter Traveling employee Customer/partner/provider VPN - 7 M. Baldi: see page 2

Intranet VPN and Extranet VPN Site-to-site VPN Shared infrastructure Nework of a service provider Two or more service provider networks The Internet Access to shared infrastructure adsl Leased line Fiber Ethernet Technologies IPsec GRE MPLS VPN - 8 M. Baldi: see page 2

Extranet VPN Restricted access to network resources from interconnected networks Firewall at the VPN Address clash Network address translation VPN - 9 M. Baldi: see page 2

Remote User Access Shared infrastructure Nework of a service provider The Internet Access to the shared infrastructure ISDN, PSTN Cable modem, DSL Wireless LAN (host spot) Technologies PPTP L2TP IPsec Implemented by user s access device VPN - 10 M. Baldi: see page 2

Internet Access Centralized Remote branches use IP network only to reach headquartes Internet access only from headquarters VPN carries also traffic to and from the Internet Centralized access control Firewall Distributed Any branch accesses Internet through the IP network VPN is deployed only for corporate traffic VPN - 11 M. Baldi: see page 2

Centralized Internet Access INTERNET Headquarters RouterA ISP Backbone Router B Router C Remote branch VPN - 12 M. Baldi: see page 2

Distributed Internet Access INTERNET Headquarters RouterA ISP Backbone Router B Remote branch VPN - 13 M. Baldi: see page 2

VPN Models Overlay Model IPSec-based (managed) service Many separate highly meshed tunnels Each VPN gateway must know every other VPN gateway Peer Model MPLS network Each VPN gateway knows only its peer public router Exchange of routing information Service provider network disseminates routing information Public network routes traffic between gateways of the same VPN VPN - 14 M. Baldi: see page 2 Model Overlay Peer Access L2TP, PPTP Site-to-site IPSec, GRE MPLS

A Tassonomy of VPN Technologies VPN VPN Overlay Model Peer Model Layer 2 VPN VPN Layer 3 VPN VPN Layer 4 VPN VPN Dedicated Router MPLS Shared Router Frame Relay ATM MPLS PPTP L2TP IPsec GRE SSL SSL BGP VR VR CPE Based Provider Provisioned VPN - 15 M. Baldi: see page 2

Tunneling A packet (or frame) is carried through an IP network within an IP packet IP network (e.g., Internet) Tunnel end-point X Tunnel Tunnel end-point Y IP IP Header from from X to to Y An IP packet within an IP packet GRE, IPsec A layer 2 frame, within an IP packet PPTP, L2TP Header Payload VPN - 16 M. Baldi: see page 2

Tunneling A and B are enterprise addresses Not necessarily public Tunneling enables operation Tunneling by itself does not ensure security A Corporate Network VPN gateway X Internet Tunnel VPN gateway Y B Corporate Network IP IP Header from from X to to Y Header from from A to to B Payload VPN - 17 M. Baldi: see page 2

C GRE Generic Routing Encapsulation Encapsulation (tunneling) of any protocol (including IP) into IP Header version 0 MAC header R K S s IP header Recur Flags Checksum (optional) GRE header Version Data ::: IP Protocol 47 0 8 16 24 31 Key (optional) Sequence Number (optional) Routing (optional) Protocol Family PTYPE --------------- ----- Reserved 0000 SNA 0004 OSI network layer 00FE PUP 0200 XNS 0600 IP 0800 Chaos 0804 RFC 826 ARP 0806 Frame Relay ARP 0808 VINES 0BAD VINES Echo 0BAE VINES Loopback 0BAF DECnet (Phase IV) 6003 Transparent Ethernet Bridging 6558 Raw Frame Relay 6559 Apollo Domain 8019 Ethertalk (Appletalk) 809B Novell IPX 8137 RFC 1144 TCP/IP compression 876B IP Autonomous Systems 876C Secure Data 876D Reserved FFFF Protocol Offset (optional) VPN - 18 M. Baldi: see page 2

IPv4 Encapsulation and Routing Information IP Address List: source routing information List of routers to traverse SRE Offset: byte of IP address of current next hop Updated at each source route hop SRE Length: total address list length (in bytes) 0 8 16 24 31 C 0( reserved) 0(ver) Protocol Type Checksum (Optional) Reserved (Optional) Address Family SRE Offset SRE Length IP Address List ::: VPN - 19 M. Baldi: see page 2

Enhanced GRE (version 1) Deployed by PPTP Acknowledgment Number Delivery of packets by remote end-point can be notified 0 8 16 24 31 C R K S s Recur A Flags 1 (ver) Protocol Type Key (HW) Payload Length Key (LW) Call ID Sequence Number (Optional) Acknowledgment Number (Optional) VPN - 20 M. Baldi: see page 2

(Virtual) VPN Topologies Hub and spoke Each branch communicates directly with headquarters Fits to data flow of many corporations Mainframe or data-center centered Routing is sub-optimal Small number of tunnels Hard to manually configure Hub could become bottleneck Mesh Larger number of tunnels Easier to manually configure Optimized routing VPN - 21 M. Baldi: see page 2

Access VPN: Two Deployment Modes VPN - 22 M. Baldi: see page 2

Provider Provisioned Deployment Mode 1. Remote user initiates PPP connection with NAS that accepts the call 2. NAS identifies remote user 3. NAS initiates L2TP or PPTP tunnel to desired corporate gateway (access server) 4. Corporare gateway authenticates remote user according to corporate security policy 5. Corporate gateway confirms acceptance of tunnel 6. NAS logs acceptance and/or traffic (optional) 7. Corporate gateway performs PPP negotiations with remote users (e.g., IPaddress assignment) 8. End-to-end data tunneled between user and corporate gateway VPN - 23 M. Baldi: see page 2

Highlights of Virtual Dial-Up Authentication/Security Performed by VPN Gateway Policies and information of the corporate network Authorization Performed by the VPN Gateway Policies and information of the corporate network Address allocation Corporate addresses are dynamically allocated Same access as when directly connected VPN - 24 M. Baldi: see page 2

Access VPN: Two Protocols L2TP (Layer 2 Tunneling Protocol) Not widely implemented in terminals Idependent of layer 2 protocol Security through IPsec Strong But complicated PPTP (Point-to-Point Tunneling Protocol) Originally proposed by Microsoft, Apple, Integrato nel dial-up networking Multiprotocol Weak encryption and authentication Proprietary key management VPN - 25 M. Baldi: see page 2

Layer 2 Tunneling Protocol Original Reference Scenario Corporate Network PPP LAC L2TP Tunnel Control Connection LNS INTERNET L2TP Session Provider provisioned deployment mode VPN - 26 M. Baldi: see page 2

Layer 2 Tunneling Protocol Tunneling between public network access point and corporate network Also wholesale dial-up services Between access provider and Internet Service Provider L2TP Access Concentrator (LAC) Network access device supporting L2TP NAS (Network Access Server) L2TP Network Server (LNS) Corporate (VPN) Gateway CPE based deployment mode by including LAC functionalities within user terminal VPN - 27 M. Baldi: see page 2

L2TP Header Control Message Data Message PPP Frame L2TP Data Message L2TP Data Channel unreliable L2TP Control Message L2TP Control Channel reliable Packet Transport (UDP porta 1701, FR, ATM, etc.) T 0 Description Data message. MAC header IP header UDP header L2TP header Data ::: 1 Control message. 0 8 16 24 31 T L 0 S 0 O P 0 Version Length Tunnel ID Ns Offset Size Session ID Nr Offset Pad ::: Data ::: VPN - 28 M. Baldi: see page 2

Point-to-Point Tunneling Protocol Original Reference Scenario Corporate Network PPTP Tunnel Control Connection PNS INTERNET PPTP Session CPE based deployment mode VPN - 29 M. Baldi: see page 2

Point-to-Point Tunneling Protocol (PPTP) Adopted by IETF (RFC 2637) Microsoft Encryption: MPPE Microsoft Authentication: MS CHAP PPTP Network Server (PNS) Corporate (VPN) gateway PPTP Access Concentrator (PAC) For provider provisioned deployment mode VPN - 30 M. Baldi: see page 2

PPTP Connections PPTP Data Tunneling Data transport PPP tunneling GRE (of PPP over IP) Control Connection Tunnel data session setup, management, and tear-down TCP encapsulaton PNS port 1723 VPN - 31 M. Baldi: see page 2

PPTP Header Length Magic cookie Data ::: Message type Value Control Message 1 Start-Control-Connection-Request. 2 Start-Control-Connection-Reply. 3 Stop-Control-Connection-Request. 4 Stop-Control-Connection-Reply. 5 Echo-Request. 6 Echo-Reply. 7 Outgoing-Call-Request. 8 Outgoing-Call-Reply. 9 Incoming-Call-Request. 10 Incoming-Call-Reply. 11 Incoming-Call-Connected. 12 Call-Clear-Request. 13 Call-Disconnect-Notify. 14 WAN-Error-Notify. VPN - 32 15 Set-Link-Info. M. Baldi: see page 2

IPsec VPNs IPsec tunnel between VPN gateways Encryption Authentication Encapsulation A Corporate Network VPN (IPsec) gateway X Internet Tunnel VPN (IPsec) gateway Y B Corporate Network VPN - 33 M. Baldi: see page 2

VPN Gateway and Firewall Inside No inspection of VPN traffic VPN gateway protected by firewall Parallel Potential uncontrolled access Outside VPN gateway protected by access router Consistent policy Integrated Maximum flexibility Encrypted traffic VPN Gateway Decrypted traffic Internet Public Intranet Private Intranet Firewall VPN - 34 M. Baldi: see page 2

VPN Gateway and NAT Authentication Header (AH) IP addresses are part of AH checksum calculation packets discarded Transport mode IP address of IPSec tunnel peer is not what expected packets discarded No PAT (Protocol Address Translation) Tunnel mode IP address within secure packet can be changed before entering the gateway E.g., same addresses in two different VPN sites Most often NAT is not needed on external packet VPN - 35 M. Baldi: see page 2

VPN Gateway and IDS IDS is usually outside the firewall No control on VPN traffic Multiple IDS probes Outside firewall Inside VPN gateway Internet Access router Public Intranet Firewall VPN Gateway Private Intranet IDS probe IDS probe VPN - 36 M. Baldi: see page 2

IP-based peer VPNs Dedicated router Service provider operates a network of routers dedicated to the customer Viable only for major clients Shared/virtual router Service provider creats dedicated router instances within his physical routers High-end routers enable hundreds of virtual routers Instance-specific routing table and routing protocol ASIC and operating system support Packet exchange through IPsec or GRE tunnels VPN - 37 M. Baldi: see page 2

MPLS-based Layer 2 VPNs: PWE3 Pseudo Wire Emulation End-to-End Several services on the same network: IP, but also leased lines, frame relay, ATM, Ethernet Customer edge (CE) device features native service interface Traffic is carried through an LSP between Ces Two labels External for routing within the network Identifies access point to the network Internal - multiplexing of several users/services at the same access point VPN - 38 M. Baldi: see page 2

MPLS-based Layer 2 VPNs: PWE3 There may be aggregation devices inside the network E.g., an ATM switch inside the service provider network switching traffic between users LSP ended on the device Mainly manual LSP setup Proposals exist for deployment of LDP and BGP VPN - 39 M. Baldi: see page 2

MPLS-based Layer 3 VPNs Provider provisioned solutions VPN policies implemented by Service Provider No experience needed on the Customer side Scalability Large scale deployments Two alternative solutions RFC2547bis (BGP) Initially supported by Cisco Systems Currently most widely deployed approach Virtual router Initially supported by Nortel and Lucent VPN - 40 M. Baldi: see page 2

MPLS/BGP VPN Components VRF (VPN Routing and Forwarding) table Associated to one or more ports Forwarding information to be used for traffic received through the port Corporate Network Corporate Network Provider (P) Router Provider Network Provider Edge (PE) Router VFR Corporate Network Customer Edge (CE) Router Corporate Network VPN - 41 M. Baldi: see page 2

Control Plane Routing exchange at edges based on MP- BGP (Multi-protocol BGP) Route filtering PE routers determine which routes to install in VRF Support for overlapping address spaces VPN-IPv4 Address family Route Distinguisher + IPv4 address Route Distinguisher IP IP Address VPN - 42 M. Baldi: see page 2

MPLS VPN Components CE router creates adjacency with PE router It advertises its destinations It receives advertisements of other VPN destinations Static routing, or IGP (Interior Gateway Protocol) (e.g., OSPF, RIP) E-BGP (Exterior-Border Gateway Protocol) PE router does not keep routes for all VPNs VPN - 43 M. Baldi: see page 2

Provider Edge (PE) Router MPLS/BGP VPN Components PE routers Exchange routing information I-BGP (Interior-Border Gateway Protocol) Are ingress and egress LSR (Label Switch Router) for the backbone P routers have routes to PE routers only Corporate Network Provider (P) Router Corporate Network Customer Edge (CE) Router Corporate Network Provider Network Corporate Network VPN - 44 M. Baldi: see page 2

Control Plane Establishment of LSPs across the backbone I-BGP carrying label information LDP (Label Distribution Protocol) and/or RSVP (Resource reservation Protocol) LSP mesh among PE routers with same VPN Corporate Network LSP (Label Switched Path) VFR Corporate Network Customer Edge (CE) Router Corporate Network Provider Network Provider Edge (PE) Router VPN - 45 M. Baldi: see page 2 Corporate Network

Packet Routing Packet from 10.2.3.4 to 10.1.3.8 Default gateway PE2 router 10.1.3.8 PE1 CE1 VFR 10.2/16 10.1/16 Provider Network LSP (L2) CE2 PE2 10.2.3.4 VPN - 46 M. Baldi: see page 2

Packet Routing PE2 looks-up VRF MPLS label advertised by PE1 for 10.1.3/24: L1 BGP next hop (PE1) Outgoing interface for LSP to PE1 Initial label for LSP from PE2 to PE1: L2 10.1.3.8 VFR CE1 PE1 10.2/16 10.1/16 Provider Network LSP (L2) CE2 PE2 10.2.3.4 VPN - 47 M. Baldi: see page 2

Packet Routing PE2 pushes L1 and L2 on label stack P routers forward packet to PE1 using L2 Last hop before PE1 pops L2 PE1 receives packet with L1 PE1 pops L1: plain IP packet PE1 uses L1 to route packet to proper output interface CE1 IP Payload PE1 L1 IP Payload LSP (L2) L2/L1 IP Payload PE2 VPN - 48 M. Baldi: see page 2

Benefits No constraints on addressing plan Address uniqueness only within VPN CE routers do not exchange information Customer does not manage backbone Providers do not have one virtual backbone per customer VPN can span multiple providers Security equivalent to Frame relay or ATM Traffic isolation No cryptography (confidentiality) QoS supported through experimental bits in MPLS header VPN - 49 M. Baldi: see page 2

MPLS/Virtual Router VPNs PEs execute a (virtual) router instance for each VPN Each VR instance has separate data structures VRs of same VPN communicate through LSPs Corporate Network Provider (P) Router Virtual router Corporate Network Corporate Network Provider Network Provider Edge (PE) Router VPN - 50 M. Baldi: see page 2 Customer Edge (CE) Router Corporate Network

Multi-Protocol Support Access VPN Transparent L2TP and PPTP Overlay (IPsec based) Generic Routing Encapsulation (GRE) Transport any layer 3 protocol within IP Peer (MPLS based) Built in MPLS (Multi-Protocol Label Switching) VPN - 51 M. Baldi: see page 2

References E. Rosen and Y. Rekhter, BGP/MPLS VPNs, RFC 2547, March 1999. E. Rosen et al., BGP/MPLS VPNs, <draftrosen-rfc2547bis-02.txt>, July 2000. C. Semeria, RFC 2547bis: BGP/MPLS VPN Fundamentals, Juniper Networks, White paper 200012-001, March 2001. IETF MPLS Working Group, http://www.ietf.org/html.charters/mplscharter.html VPN - 52 M. Baldi: see page 2

References Hanks, S., Editor, "Generic Routing Encapsulation over IPv4", RFC 1702, October 1994. Brian Browne, Best Practices For VPN Implementation, Business Communication Review, March 2001. http://www.ietf.org/html.charters/l2vpncharter.html http://www.ietf.org/html.charters/l3vpncharter.html VPN - 53 M. Baldi: see page 2

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback