Download Virtual Private Network

Virtual Private Networks
Why VPN
• Fast, secure and reliable communication
between remote locations
– Use leased lines to maintain a WAN.
– Disadvantages
• High Cost
• No flexibility
What is VPN
• Virtual Private Network is a private network that
uses a public network (usually the Internet) to
connect remote sites or users together. Instead of
using a dedicated connection such as leased line, a
VPN uses “virtual” connections routed though the
internet.
VPN Types
• Remote-access
– single remote network device to intranet
• Site-to-site
connect multiple fixed sites over a public network
– Intranet -based
– Extranet-based
VPN Technologies
• Tunneling
• Authentication
– Identity verification of network system.
• Access Control
– When an access request is presented, resource makes a
decision to allow the access request to proceed or not.
– Performed at tunnel endpoints.
Tunneling
• Tunneling is the transmission of data intended for use only
within a private, usually corporate network through a
public network in such a way that the routing nodes in the
public network are unaware that the transmission is part of
a private network.
C
G
E
H
B
A
D
Tunnel
F
I
New IP
Header
Original IP
Header
Payload
Original IP
Header
Payload
VPN Tunneling Protocols
• Layer 2 tunneling protocols
– A link layer frame is placed into the payload of a
protocol data unit(PDU) from some other layer,
including another layer 2 frame.
– Tunnel PPP frames through an IP network.
– Point-to-Point Tunneling Protocol (PPTP),Layer 2
Forwarding protocol (L2F), Layer 2 Tunneling Protocol
(L2TP).
VPN Tunneling Protocols
• Layer 3 tunneling protocols
– A layer 3 frame is placed into the payload of a protocol
data unit(PDU) from some other layer,or another layer
3 packet.
– VPNs within an IP network
– IPsec
• Label switching protocol
– Label is placed between layer 2 and layer 3 header.
– MPLS
Layer 2 tunneling protocol
• Tunnel PPP frames through the internet to the home
network.
• Tunneling protocol
– Access concentrator(Client part)
– Network Server(server part)
PPTP
• PPP access by remote computers to a private network
through the Internet
1. Remote user dials in to the local ISP network access server
using PPP.
PPTP
2. The PAC establishes a control channel (TCP) across the
PPP connection and through the internet to the PNS
attached to the home network.
PPTP
3. Parameters for the PPTP channel are negotiated over the
control channel, and the PPTP tunnel is established.
PPTP
4. A second PPP connection is made from the remote user,
through the PPTP tunnel between the PAC and the PNS,
and into the private networks NAS.
PPTP
5. IP datagrams or any other protocol’s datagrams are sent
inside the PPP frames
L2F
Tunnel is constructed from the service provider.
1. Remote user dials in to the local ISP network access
server using PPP/SLIP.
L2F
2.
L2F builds a tunnel from the NAS to the private network.
Uses packet-oriented protocol that provides end-to-end connectivity,
such as UDP, frame relay, etc. as the encapsulating protocol.
L2F
3. L2F establishes PPP connection between NAS and home
gateway.
L2F
4. IP packets are sent over the PPP.
L2TP
Comparison
• Performance
• ISP dependence.
• End-to-end security
IPsec
New IP
Header
Security
Header
Original IP
Header
Payload
Original IP
Header
Payload
• Protocol suite
• AH and ESP protocol
• Tunnel mode of operation
• Headers added to original packet.
MPLS
Link Layer
Header
MPLS
Shim
IP Header
Payload
IP Header
Payload