Hozzfrsi hlzatok gyakorlat Moldovn Istvn Forrs: - - PowerPoint PPT Presentation

hozz f r si h l zatok gyakorlat moldov n istv n forr s
SMART_READER_LITE
LIVE PREVIEW

Hozzfrsi hlzatok gyakorlat Moldovn Istvn Forrs: - - PowerPoint PPT Presentation

Nov 04, 2022 136 likes •297 views

Hozzfrsi hlzatok gyakorlat Moldovn Istvn Forrs: Peter.Vetter@alcatel.be Francois.Fredricx@alcatel.be MUSE Winter School Network architecture Definitions (2): Nodes RGW BRAS Terminals Ethernet aggregation network

slide-1
SLIDE 1

Hozzáférési hálózatok – gyakorlat

Peter.Vetter@alcatel.be Francois.Fredricx@alcatel.be MUSE Winter School

Forrás: Moldován István

slide-2
SLIDE 2

Tutorial Access Architecture — 2

Network architecture Definitions (2): Nodes

RGW Access EN

Ethernet aggregation network

AN BRAS RGW Service EN Terminals

Regional Network Service Network First Mile Customer Premise Networks Aggregation Networks Access Network

slide-3
SLIDE 3

Tutorial Access Architecture — 3

Network architecture Definitions (3): Business roles

Regional Network Service Network Acce ss Node Acce ss Edge Nod e First Mile Customer Premise Networks Aggregation Networks

NAP RNP Connectivity Provider Packager ASP NSP ISP User Network Access Provider Regional Network Provider Service Providers

slide-4
SLIDE 4

Tutorial Access Architecture — 4

Issues when using Ethernet in Access

 Ethernet LAN (trusted

environment)

 Ethernet in Access (public

network)

 Bridge learning - Broadcast of

some initialisation messages (ARP, DHCP, PPPoE)

  • DOS attacks
  • Confidential info to other users
  • r competing providers

 Secure and scalable

connectivity models

  • Model 1 (L2 forwarding)
  • Model 2 (L3 forwarding)

 No authentication  AAA  Configurable MAC@

  • Conflicts, spoofing

 Anti-spoofing mechanism  No QoS  QoS framework

slide-5
SLIDE 5

Tutorial Access Architecture — 5

Definitions Auto configuration and AAA

Autoconfiguration: process of establishing a connection AAA

Authentication

– process of determining whether someone or something is, in fact, who or what

it is declared to be.

– based on identifiers and security attributes. – part of an actual access to a network/service in the context of a SLA or

contract, and often is linked with a fee (Accounting)

Authorization

– process of giving individuals access to system objects based on their identity.

Accounting

– recording, classifying, summarizing, and interpreting of events of a financial

character in a significant manner

slide-6
SLIDE 6

Tutorial Access Architecture — 6

Autoconfiguration: PPP model

 Characteristics :

  • PPP = Point-to-Point Protocol
  • PPP session performs (between CP modem - PPP peer)

– Link establishment (LCP packets) – Authentication (optional, PAP or CHAP) – Network-layer protocol (NCP packets :

eg IPCP: CP gets its IP@)

  • PPP encapsulation stays during session

 Origin of PPP for Internet Access via voice band modems (fig.)

  • Continued to be used in DSL

PSTN Internet RAS Modem Modem bank

slide-7
SLIDE 7

Tutorial Access Architecture — 7

Autoconfiguration : PPP model

 PPP in access network

  • PPP can start at :

– CPE Modem

(router)

– Host (PC)

  • PPP can end at :

– (IP) DSLAM – BRAS (NAP) – BRAS (NSP) via L2TP tunnel

Switch

NAP NSP L2TP

slide-8
SLIDE 8

Tutorial Access Architecture — 8

PPPoE

 PPPoE needed when PPP transported over Ethernet: allows

– transport over shared medium – PPP session multiplexing

 Autoconfig Procedure :

  • Detection of server(s):

PPPoE Active Discovery Initiation (PADI)

  • Server(s) reply :

PPPoE Active Discovery Offer (PADO)

  • Choice of server :

PPPoE Active Discovery Request (PADR)

  • Server confirmation :

PPPoE Active Discovery Session-confirmation (PADS)

PPP IP PPPoE 802.3 MAC PPP IP PPPoE 802.3 MAC RFC 2684 AAL5 ATM PPPoE PPPoEoA

slide-9
SLIDE 9

Tutorial Access Architecture — 9

PPPoE initialisation

PPPoE Client

<PADI>

Ethernet:

  • DA: Broadcast
  • SA: User MAC@

PPPoE:

  • ISP-Name

Modem Terminator Access Node Ethernet Switch PPPoE Server in Edge Node

<PADI>

Ethernet:

  • DA: Broadcast
  • SA: User MAC@

PPPoE:

<PADI>

Ethernet:

  • S-VLAN ID
  • (C-VLAN ID)
  • DA: Unicast/Multicast
  • SA: User MAC@

PPPoE:

<PADI>

Ethernet:

  • S-VLAN ID
  • (C-VLAN ID)
  • DA: Unicast/Multicast
  • SA: User MAC@

PPPoE:

<PADO>

Ethernet:

  • S-VLAN ID
  • (C-VLAN ID)
  • DA: User MAC@
  • SA: Server MAC@

PPPoE:

<PADO>

Ethernet:

  • S-VLAN ID
  • (C-VLAN ID)
  • DA: User MAC@
  • SA: Server MAC@

PPPoE:

<PADO>

Ethernet:

  • DA: User MAC@
  • SA: Server MAC@

PPPoE:

<PADO>

Ethernet:

  • DA: User MAC@
  • SA: Server MAC@

PPPoE:

<PADR>

Ethernet:

  • DA: Server MAC@
  • SA: User MAC@

<PADR>

Ethernet:

  • DA: Server MAC@
  • SA: User MAC@

<PADR>

Ethernet:

  • S-VLAN ID
  • (C-VLAN ID)
  • DA: Server MAC@
  • SA: User MAC@

<PADR>

Ethernet:

  • S-VLAN ID
  • (C-VLAN ID)
  • DA: Server MAC@
  • SA: User MAC@

<PADS> <PADS> <PADS> <PADS>

  • ISP-Name
  • ISP-Name
  • ISP-Name
  • ISP-Name
  • ISP-Name
  • ISP-Name
  • ISP-Name
slide-10
SLIDE 10

Tutorial Access Architecture — 10

Non-PPP autoconfiguration

 PPP is tunnel for each connection  Disadvantages of PPP:

  • Separate tunnel per QoS class
  • No support multicast streams
  • Dataplane process
  • Not supported by all types of terminals

 Non-PPP: => DHCP

  • LCP ?
  • Authentication ?
  • NCP ?

DHCP IP 802.3 MAC Config Data IP 802.3 MAC

slide-11
SLIDE 11

Tutorial Access Architecture — 11

Authentication in Non-PPP model

 Portal based authentication  EAP  IEEE 802.1X  PANA

(Protocol for carrying Authentication for Network Access)

 DCHP option 90

slide-12
SLIDE 12

Tutorial Access Architecture — 12

IEEE 802.1X

802.1X compliant port

  • f a NAP

LAN

Uncontrolled Port

Port Authentication Entity (PAE)

Controlled Port

Other Port Services 802.1x Suplicant RADIUS, DIAMETER Authentication Server Port Authorize

slide-13
SLIDE 13

Tutorial Access Architecture — 13

Autoconfiguration : DHCP model

 Characteristics :

  • DHCP = Dynamic Host Configuration Protocol
  • DHCP works in client/server mode
  • DHCP is carried over IP, only during config phase
  • DHCP session (host - server) :

– delivers host-specific config parameters – allocates NW addresses to host – automatic : permanent IP@ – dynamic : leased IP@ (limited time) – manual

 Autoconfig procedure :

  • Discovery of DHCP server

(DHCPDISCOVER)

  • Replies of server(s)

(DHCPOFFER)

  • Host selects server

(DHCPREQUEST)

  • Server acks and sets config (DHCPACK)

DHCP IP 802.3 MAC Config Data IP 802.3 MAC

slide-14
SLIDE 14

Tutorial Access Architecture — 14

Autoconfiguration message sequence

Autoconfiguration messages

slide-15
SLIDE 15

Tutorial Access Architecture — 15

One-step Authentication

One step autoconfiguration

Exercise (Ethereal read-out):

  • 1. What is the protocol used for autoconfiguration ?
  • 2. Identify the main message groups as explained in the course ?
  • 3. What is the IP-address assigned after autoconfiguration ?
  • 4. What is the IP address of the DNS server ?
  • 5. What is the hexadecimal code for a Broadcast MAC@ ?
slide-16
SLIDE 16

Tutorial Access Architecture — 16

 Köszönöm a figyelmet!

  • Kérdések?