virtual private networks vpn 12 vpn ipv6 nat mobileip
play

Virtual Private Networks (VPN) 12: VPN, IPV6, NAT, MobileIP Last - PDF document

Nov 09, 2023 •98 likes •201 views

Virtual Private Networks (VPN) 12: VPN, IPV6, NAT, MobileIP Last Modified: 4/9/2003 1:14:36 PM Adapted from Gordon Chaffees slides http://bmrc.berkeley.edu/people/chaffee/advnet98/ 4: Network Layer 4: Network Layer 4a-1 4a-2 Virtual

  1. Virtual Private Networks (VPN) 12: VPN, IPV6, NAT, MobileIP Last Modified: 4/9/2003 1:14:36 PM Adapted from Gordon Chaffee’s slides http://bmrc.berkeley.edu/people/chaffee/advnet98/ 4: Network Layer 4: Network Layer 4a-1 4a-2 Virtual Private Networks How accomplished? ❒ Definition ❒ IP encapsulation and tunneling ❍ A VPN is a private network constructed within ❒ Same as we saw for Multicast the public Internet ❒ Router at one end of tunnel places private ❒ Goals IP packets into the data field of new IP ❍ Connect private networks using shared public packets (could be encrypted first for infrastructure security) which are unicast to the other ❒ Examples end of the tunnel ❍ Connect two sites of a business ❍ Allow people working at home to have full access to company network 4: Network Layer 4: Network Layer 4a-3 4a-4 Motivations Examples ❒ Economic ❒ Logical Network Creation ❍ Using shared infrastructure lowers cost of networking ❒ Virtual Dial-Up ❍ Less of a need for leased line connections ❒ Communications privacy ❍ Communications can be encrypted if required ❍ Ensure that third parties cannot use virtual network ❒ Virtualized equipment locations ❍ Hosts on same network do not need to be co-located ❍ Make one logical network out of separate physical networks ❒ Support for private network features ❍ Multicast, protocols like IPX or Appletalk, etc 4: Network Layer 4: Network Layer 4a-5 4a-6

  2. Logical Network Creation Virtual Dial-up Example Example Network 1 Public Switched Telephone Internet Service Provider Network (PSTN) Gateway Gateway Gateway Tunnel Gateway Tunnel Internet Internet Network 2 Home Network Worker ❒ Remote networks 1 and 2 create a logical Machine network ❒ Worker dials ISP to get basic IP service ❒ Secure communication at lowest level ❒ Worker creates tunnel to Home Network 4: Network Layer 4: Network Layer 4a-7 4a-8 IPv6 History of IPv6 ❒ IETF began thinking about the problem of running out of IP addresses in 1991 ❒ Requires changing IP packet format - HUGE deal! ❒ While we’re at it, lets change X too ❒ “NGTrans” (IPv6 Transition) Working Group of IETF - June 1996 4: Network Layer 4: Network Layer 4a-10 4a-9 IPv6 Wish List IPv4 Datagram ❒ From “The Case for IPv6” 0 4 8 16 19 31 ❒ Scalable Addressing and Routing Version HLen TOS Length ❒ Support for Real Time Services Ident Flags Offset ❒ Support of Autoconfiguration (get your TTL Protocol Checksum own IP address and domain name to SourceAddr minimize administration DestinationAddr ❒ Security Support Pad Options (variable) (variable) ❒ Enhanced support for routing to mobile Data hosts 4: Network Layer 4a-11 4: Network Layer 4a-12

  3. IPv6 Datagram IPv6 Base Header Format 0 4 12 16 24 31 ❒ VERS = IPv6 Version TrafficClass FlowLabel ❒ TRAFFICE CLASS: specifies the routing priority PayloadLen NextHeader HopLimit or QoS requests SourceAddress ❒ FLOW LABEL: to be used by applications requesting performance guarantees ❒ PAYLOAD LENGTH: like IPv4’s datagram length, but doesn’t include the header length like IPv4 DestinationAddress ❒ NEXT HEADER: indicates the type of the next object in the datagram either type of extension header or type of data ❒ HOP LIMIT: like IPv4’s TimeToLive field but Next header/data named correctly ❒ NO CHECKSUM (processing efficiency) 4: Network Layer 4a-13 4: Network Layer 4a-14 Address Space Addresses ❒ 32 bits versus 128 bits - implications? ❒ Still divide address into prefix that designates network and suffix that ❍ 4 billiion vesus 3.4 X10 38 designates host ❍ 1500 addresses per square foot of the earth surface ❒ But no set classes, boundary between suffix and prefix can fall anywhere (CIDR only) ❒ Prefix length associated with each address 4: Network Layer 4a-15 4: Network Layer 4a-16 Addresses Types Address Notation ❒ Unicast: delivered to a single computer ❒ Dotted sixteen? ❍ 105.67.45.56.23.6.133.211.45.8.0.7.56.45.3.189. ❒ Multicast: delivered to each of a set of 56 computers (can be anywhere) ❒ Colon hexadecimal notation (8 groups) ❍ Conferencing, subscribing to a broadcast ❍ 69DC:8768:9A56:FFFF:0:5634:343 ❒ Anycast: delivered to one of a set of ❒ Or even better with zero compression computers that share a common prefix (replace run of all 0s with double ::) ❍ Deliver to one of a set of machines providing a common servicer ❒ Makes host names look even more attractive huh? 4: Network Layer 4a-17 4: Network Layer 4a-18

  4. Special addresses Datagram Format ❒ Ipv4 addresses all reserved for ❒ Base Header + 0 to N Extension Headers + compatibility Data Area ❍ 96 zeros + IPv4 address = valid IPv6 address ❒ Local Use Addresses ❍ Special prefix which means “this needn’t be globally unique” ❍ Allow just to be used locally ❍ Aids in autoconfiguration 4: Network Layer 4a-19 4: Network Layer 4a-20 Extensible Headers Flow Label ❒ Why? ❒ Virtual circuit like behaviour over a datagram network ❒ A sender can request the underlying network to establish a ❒ Saves Space and Processing Time path with certain requirements ❍ Only have to allocate space for and spend time • Traffic class specifies the general requirements (ex. processing headers implementing features you Delay < 100 msec.) need ❒ If the path can be established, the network returns an identifier that the sender places along with the traffic class ❒ Extensibility in the flow label ❍ When add new feature just add an extension ❒ Routers use this identifier to route the datagram along the prearranged path header type - no change to existing headers ❍ For experimental features, only sender and receiver need to understand new header 4: Network Layer 4a-21 4: Network Layer 4a-22 ICMPv6 Summary like IPv6 ❒ New version of ICMP ❍ Connectionless (each datagram contains destination address and is routed seperately) ❒ Additional message types, like “Packet Too ❍ Best Effort (possibility for virtual circuit Big” behaviour) ❒ Multicast group management functions ❍ Maximum hops field so can avoid datagrams circulating indefinitely 4: Network Layer 4a-23 4: Network Layer 4a-24

  5. Summary New Features Transition From IPv4 To IPv6 ❒ Bigger Address Space (128 bits/address) ❒ Not all routers can be upgraded ❍ CIDR only simultaneous ❍ Any cast addresses ❍ no “flag days” ❒ New Header Format to help speed processing and forwarding ❍ How will the network operate with mixed IPv4 and IPv6 routers? ❍ Checksum : removed entirely to reduce processing time at each hop ❒ Two proposed approaches: ❍ No fragmentation ❍ Dual Stack : some routers with dual stack (v6, ❒ Simple Base Header + Extension Headers v4) can “translate” between formats ❍ Options: allowed, but outside of header, indicated by “Next Header” field ❍ Tunneling: IPv6 carried as payload n IPv4 ❒ Ability to influence the path a datagram will take datagram among IPv4 routers through the network (Quality of service) 4: Network Layer 4a-25 4: Network Layer 4a-26 Tunneling Dual Stack Approach IPv6 inside IPv4 where needed 4: Network Layer 4a-27 4: Network Layer 4a-28 6Bone Recent History ❒ The 6Bone: an IPv6 testbed ❒ First blocks of IPv6 addresses delegated to regional registries - July 1999 ❒ Started as a virtual network using IPv6 over IPv4 tunneling/encapsulation ❒ 10 websites in the .com domain that can be reached via an IPv6 enhanced client via an ❒ Slowly migrated to native links fo IPv6 IPv6 TCP connection transport (http://www.ipv6.org/v6-www.html) - it was ❒ RFC 2471 5 a year ago (not a good sign?) 4: Network Layer 4a-29 4: Network Layer 4a-30

  6. Network Address Translation IPv5? (NAT) ❒ New version of IP temporarily named “IP - The Next Generation” or IPng ❒ Many competing proposals; name Ipng became ambiguous ❒ Once specific protocol designed needed a name to distinguish it from other proposals ❒ IPv5 has been assigned to an experimental protocol ST 4: Network Layer 4a-31 4: Network Layer 4a-32 Background Problem Discussion ❒ Hosts on private IP networks need to ❒ IP defines private intranet address ranges access public Internet ❍ 10.0.0.0 - 10.255.255.255 (Class A) ❒ All traffic travels through a gateway ❍ 172.16.0.0 - 172.31.255.255 (Class B) to/from public Internet ❍ 192.168.0.0 - 192.168.255.255 (Class C) ❒ Traffic needs to use IP address of ❒ Addresses reused by many organizations gateway ❒ Addresses cannot be used for ❒ Conserves IPv4 address space communication on Internet ❍ Private IP addresses mapped into fewer public IP addresses ❍ Will this beat Ipv6? 4: Network Layer 4a-33 4: Network Layer 4a-34 Network Address Translation Scenario Solution ❒ Special function on gateway 128.32.32.68 ❍ IP source and destination addresses are BMRC translated Server Public Internet 24.1.70.210 ❍ Internal hosts need no changes All Private Network hosts must use the gateway IP Public network IP address, ❒ No changes required to applications Gateway address globally unique 10.0.0.1 ❒ TCP based protocols work well ❒ Non-TCP based protocols more difficult 10.0.0.2 10.0.0.3 10.0.0.4 ❒ Provides some security ❍ Hosts behind gateway difficult to reach Host A Same private network IP ❍ Possibly vulnerable to IP level attacks addresses may be used by Private Network many organizations 4: Network Layer 4a-35 4: Network Layer 4a-36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Virtual Private Networks with tjnc 1 Motjvatjon VPN, Virtual Private Network Extend

Virtual Private Networks with tjnc 1 Motjvatjon VPN, Virtual Private Network Extend

create your own exercise Hugues Fafard, Markus Mller Virtual Private Networks with tjnc 1 Motjvatjon VPN, Virtual Private Network Extend private network over public ones Useful for companies Remote access Network bridging

256 views • 9 slides
Virtual Private Networks Distributed Systems Paul Krzyzanowski Private networks Problem You

Virtual Private Networks Distributed Systems Paul Krzyzanowski Private networks Problem You

4/25/08 Virtual Private Networks Distributed Systems Paul Krzyzanowski Private networks Problem You have several geographically separated local area networks that you would like to have connected securely Solution Set up a private

425 views • 7 slides
Virtual Private Networks -Prekshu Ajmera Virtual Private Network Internet runs on public

Virtual Private Networks -Prekshu Ajmera Virtual Private Network Internet runs on public

Virtual Private Networks -Prekshu Ajmera Virtual Private Network Internet runs on public lines that are insecure Need to communicate securely Private lines : costly option VPN Secure private communications over public

671 views • 27 slides
Tunnels and VPN * s s November 6, 2020 *virtual private networks *virtual private networks

Tunnels and VPN * s s November 6, 2020 *virtual private networks *virtual private networks

Tunnels and VPN * Tunnels and VPN * s s November 6, 2020 *virtual private networks *virtual private networks Administrative Administrative submittal instructions submittal instructions answer the lab assignments questions in

547 views • 36 slides
Distributed Systems Virtual Private Networks Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Virtual Private Networks Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Virtual Private Networks Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Private networks Problem You

386 views • 14 slides
Virtual Private Networks Types of VPNs Tunneling Security Cmput 410 Presentations

Virtual Private Networks Types of VPNs Tunneling Security Cmput 410 Presentations

Virtual Private Networking Outline Introduction Virtual Private Networks Types of VPNs Tunneling Security Cmput 410 Presentations Encryption November 25 - 2004 Future of VPNs VPN - Definition a way to provide

595 views • 11 slides
4/22/2009 Private networks Problem You have several geographically separated Distributed

4/22/2009 Private networks Problem You have several geographically separated Distributed

4/22/2009 Private networks Problem You have several geographically separated Distributed Systems local area networks that you would like to have connected securely Virtual Private Networks Solution Set up a private network line

221 views • 3 slides
The Web Week 10 LBSC 671 Creating Information Infrastructures Virtual Private Networks a

The Web Week 10 LBSC 671 Creating Information Infrastructures Virtual Private Networks a

The Web Week 10 LBSC 671 Creating Information Infrastructures Virtual Private Networks a secure private network over the public Internet Public Internet Intranet virtual leased line Intranet Tonight Think about what the Web

758 views • 63 slides
IPv6 IPv6 IIJ IPv6 Home Networks and IPv6 Appliances Progress and Potential Moderator Kazu

IPv6 IPv6 IIJ IPv6 Home Networks and IPv6 Appliances Progress and Potential Moderator Kazu

IPv6 IPv6 IIJ IPv6 Home Networks and IPv6 Appliances Progress and Potential Moderator Kazu Yamamoto, IIJ

338 views • 9 slides
Private Networks Physically disconnected from the outside Internet. Three properties: Users

Private Networks Physically disconnected from the outside Internet. Three properties: Users

1 Virtual Private Networks Chester Rebeiro IIT Madras 2 Private Networks Physically disconnected from the outside Internet. Three properties: Users Authenticated. Users are authorized and their identities verified. Content Protected.

684 views • 37 slides
Mobile Networks Considerations for IPv6 Deployment

Mobile Networks Considerations for IPv6 Deployment

Mobile Networks Considerations for IPv6 Deployment http://tools.ietf.org/html/draft-koodli-ipv6-in-mobile-networks-01 v6ops Working Group Rajeev Koodli Internet-Draft

427 views • 15 slides
VPN Virtual Private Network Computer Center, CS, NCTU What is VPN Extension of a private

VPN Virtual Private Network Computer Center, CS, NCTU What is VPN Extension of a private

VPN Virtual Private Network Computer Center, CS, NCTU What is VPN Extension of a private network that encompasses links across shared or public networks like the Internet. Enable to send data between two computers across a shared or

942 views • 19 slides
Service Requirements for Provider Provisioned Virtual Private Networks (PPVPN)

Service Requirements for Provider Provisioned Virtual Private Networks (PPVPN)

Service Requirements for Provider Provisioned Virtual Private Networks (PPVPN) draft-ietf-ppvpn-requirements-00.txt Presented by Dave McDysan March 23, 2001 Service Requirements for PPVPNs 1 Authors M. Carugi (Co-Editor) France Telecom D.

260 views • 14 slides
Chapter 8 Communication Networks and Services 1. IPv6 2. Internet Routing Protocols: OSPF,

Chapter 8 Communication Networks and Services 1. IPv6 2. Internet Routing Protocols: OSPF,

Chapter 8 Communication Networks and Services 1. IPv6 2. Internet Routing Protocols: OSPF, RIP, BGP 3. Other protocols: DHCP, NAT, and Mobile IP Chapter 8 Communication Networks and Services IPv6 Fall 2012 Prof. Chung-Horng Lung 2 IPv6

552 views • 52 slides
IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and

IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and

IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and ISP networks) Joel Jaeggli Nokia This talk is focused on the issues faced by network operators in deploying IPV6 Most of these observations are

548 views • 50 slides
RouterLab LabCourse SoSe 2016 Worksheet 3: Access Networks with DHCP and IPv6 Stateless Address

RouterLab LabCourse SoSe 2016 Worksheet 3: Access Networks with DHCP and IPv6 Stateless Address

RouterLab LabCourse SoSe 2016 Worksheet 3: Access Networks with DHCP and IPv6 Stateless Address Auto Configuration Prof. Anja Feldmann, Philipp S. Tiesel, Thorben Krger, Apoorv Shukla IPv6 Scoped Address Architecture IPv6 addresses have

679 views • 19 slides
Using IPv6 Daniel Hagerty hag@linnaean.org 6to4 connectivity on this laptop Included since

Using IPv6 Daniel Hagerty hag@linnaean.org 6to4 connectivity on this laptop Included since

Using IPv6 Daniel Hagerty hag@linnaean.org 6to4 connectivity on this laptop Included since OS-X 10.3 or so. Works anywhere you have a public IP that can send/receive IP protocol 41. Could give v6 transit to everyone on this wireless

547 views • 26 slides
Mobile Communications Fundamental Networking Manuel P. Ricardo Faculdade de Engenharia da

Mobile Communications Fundamental Networking Manuel P. Ricardo Faculdade de Engenharia da

Networking 1 Mobile Communications Fundamental Networking Manuel P. Ricardo Faculdade de Engenharia da Universidade do Porto Networking 2 What networking concepts shall I have present from previous courses? What are the differences

705 views • 43 slides
Network layer (IP) Network layer Transport segment from sending to receiving host Network

Network layer (IP) Network layer Transport segment from sending to receiving host Network

Network layer (IP) Network layer Transport segment from sending to receiving host Network layer protocols in every host, router Many historical examples, but only one really matters Network layer functions 1. Connection setup 5.

1.56k views • 113 slides
Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition

Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition

Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition from IPv4 to IPv6 Typical Tunnel Broker Tunnel Broker Utilizing IPv4 Anycast From IPv4 to IPv6 IPv6 = Internet Protocol Version 6

722 views • 14 slides
Towards an Evolvable Internet Architecture Thomas Lohm uller lthomas@student.ethz.ch December

Towards an Evolvable Internet Architecture Thomas Lohm uller lthomas@student.ethz.ch December

Evolvability vN-Bone Legacy Apps and Overlays Summary Towards an Evolvable Internet Architecture Thomas Lohm uller lthomas@student.ethz.ch December 19, 2007 Thomas Lohm uller Towards an Evolvable Internet Architecture Evolvability

797 views • 53 slides
Network Layer Part A (IPv6) Network Layer 4-1 Chapter 4: outline 4.1 Overview of Network

Network Layer Part A (IPv6) Network Layer 4-1 Chapter 4: outline 4.1 Overview of Network

Network Layer Part A (IPv6) Network Layer 4-1 Chapter 4: outline 4.1 Overview of Network 4.4 Generalized Forward and layer SDN data plane match control plane action 4.2 What s inside a router OpenFlow examples of

941 views • 55 slides
1 IPv6 Packet Format IPv6 Packet Format 40 Byte minimum 0 8 16 31 Mandatory fields

1 IPv6 Packet Format IPv6 Packet Format 40 Byte minimum 0 8 16 31 Mandatory fields

IPv6 IPv6, MPLS History Next generation IP (AKA IPng) Intended to extend address space and routing limitations of IPv4 Requires header change Attempted to include everything new in one change IETF moderated Based

506 views • 5 slides
IPv6 (Internet Protocol version 6) APNIC meeting, 3 September 2002 Internet Initiative Japan,

IPv6 (Internet Protocol version 6) APNIC meeting, 3 September 2002 Internet Initiative Japan,

IPv6 (Internet Protocol version 6) APNIC meeting, 3 September 2002 Internet Initiative Japan, Inc. / KAME Project Keiichi SHIMA &lt;keiichi@iij.ad.jp&gt; Contents Why do we use IPv6? IPv6 Addresses Link-layer address resolution

1.55k views • 116 slides

More recommend