A Dynamic VPN Architecture for Private Cloud Computing 2011 Fourth IEEE International Conference on...
-
Upload
caroline-norton -
Category
Documents
-
view
213 -
download
0
Transcript of A Dynamic VPN Architecture for Private Cloud Computing 2011 Fourth IEEE International Conference on...
![Page 1: A Dynamic VPN Architecture for Private Cloud Computing 2011 Fourth IEEE International Conference on Utility and Cloud Computing Wen-Hwa Liao, Shuo-Chun.](https://reader035.fdocuments.in/reader035/viewer/2022070411/56649f3c5503460f94c5acb1/html5/thumbnails/1.jpg)
1
A Dynamic VPN Architecture for Private Cloud Computing2011 Fourth IEEE International Conference on Utility and Cloud Computing
Wen-Hwa Liao, Shuo-Chun Su
Tatung University
![Page 2: A Dynamic VPN Architecture for Private Cloud Computing 2011 Fourth IEEE International Conference on Utility and Cloud Computing Wen-Hwa Liao, Shuo-Chun.](https://reader035.fdocuments.in/reader035/viewer/2022070411/56649f3c5503460f94c5acb1/html5/thumbnails/2.jpg)
2
Virtual Private Network(VPN) A virtual private network extends a private
network across a public network, such as the Internet.
Technical Tunneling Encryption & Decryption Key management Authentication
![Page 3: A Dynamic VPN Architecture for Private Cloud Computing 2011 Fourth IEEE International Conference on Utility and Cloud Computing Wen-Hwa Liao, Shuo-Chun.](https://reader035.fdocuments.in/reader035/viewer/2022070411/56649f3c5503460f94c5acb1/html5/thumbnails/3.jpg)
3
Every node is connected directly to others.
Advantage Shortest route No bottleneck
Disadvantage Each gateway(GW) must have an Internet key
exchange(IKE) policy for each of the other GWs Can not traffic control
VPN Framework (Full-Mesh)
Internet
Gateway
VPN tunnel
![Page 4: A Dynamic VPN Architecture for Private Cloud Computing 2011 Fourth IEEE International Conference on Utility and Cloud Computing Wen-Hwa Liao, Shuo-Chun.](https://reader035.fdocuments.in/reader035/viewer/2022070411/56649f3c5503460f94c5acb1/html5/thumbnails/4.jpg)
4
VPN Framework (Hub-and-Spoke) Every GWs connects to Hub-GW.
Advantage Each GW needs only one IKE policy to communicate
with all other GWs. Traffic control
Disadvantage Delay bottleneck
Internet
GatewayVPN tunnel
Hub-GW
![Page 5: A Dynamic VPN Architecture for Private Cloud Computing 2011 Fourth IEEE International Conference on Utility and Cloud Computing Wen-Hwa Liao, Shuo-Chun.](https://reader035.fdocuments.in/reader035/viewer/2022070411/56649f3c5503460f94c5acb1/html5/thumbnails/5.jpg)
5
VPN Framework (Bipartite) Based on hub-and-spoke and full-mesh The corporation and the cloud service provider
can be deemed as spokes under the network management of hub-GW.
![Page 6: A Dynamic VPN Architecture for Private Cloud Computing 2011 Fourth IEEE International Conference on Utility and Cloud Computing Wen-Hwa Liao, Shuo-Chun.](https://reader035.fdocuments.in/reader035/viewer/2022070411/56649f3c5503460f94c5acb1/html5/thumbnails/6.jpg)
6
System ArchitectureCE: Customer EdgePE: Provider Edge
![Page 7: A Dynamic VPN Architecture for Private Cloud Computing 2011 Fourth IEEE International Conference on Utility and Cloud Computing Wen-Hwa Liao, Shuo-Chun.](https://reader035.fdocuments.in/reader035/viewer/2022070411/56649f3c5503460f94c5acb1/html5/thumbnails/7.jpg)
7
Packet Format Connection between CE and PE
![Page 8: A Dynamic VPN Architecture for Private Cloud Computing 2011 Fourth IEEE International Conference on Utility and Cloud Computing Wen-Hwa Liao, Shuo-Chun.](https://reader035.fdocuments.in/reader035/viewer/2022070411/56649f3c5503460f94c5acb1/html5/thumbnails/8.jpg)
8
Exchange modes CE_VLAN_request
Establishing VLAN CE_VLAN_response
VLAN ID CE_MAC_request
Querying about permission for connection CE_MAC_response
Checking in the database whether the connection is permitted
CE_MAC_terminate Delete the VLAN ID for connecting
![Page 9: A Dynamic VPN Architecture for Private Cloud Computing 2011 Fourth IEEE International Conference on Utility and Cloud Computing Wen-Hwa Liao, Shuo-Chun.](https://reader035.fdocuments.in/reader035/viewer/2022070411/56649f3c5503460f94c5acb1/html5/thumbnails/9.jpg)
9
Process of adding a new connection
![Page 10: A Dynamic VPN Architecture for Private Cloud Computing 2011 Fourth IEEE International Conference on Utility and Cloud Computing Wen-Hwa Liao, Shuo-Chun.](https://reader035.fdocuments.in/reader035/viewer/2022070411/56649f3c5503460f94c5acb1/html5/thumbnails/10.jpg)
10
Process of erasing a connection
![Page 11: A Dynamic VPN Architecture for Private Cloud Computing 2011 Fourth IEEE International Conference on Utility and Cloud Computing Wen-Hwa Liao, Shuo-Chun.](https://reader035.fdocuments.in/reader035/viewer/2022070411/56649f3c5503460f94c5acb1/html5/thumbnails/11.jpg)
11
Analysis Result
![Page 12: A Dynamic VPN Architecture for Private Cloud Computing 2011 Fourth IEEE International Conference on Utility and Cloud Computing Wen-Hwa Liao, Shuo-Chun.](https://reader035.fdocuments.in/reader035/viewer/2022070411/56649f3c5503460f94c5acb1/html5/thumbnails/12.jpg)
12
Conclusion The user needs only to connect hub-GW by
using VPN like PPTP, IPsec or SSL without having to implement a complex network framework.
The management of hub-GW uses bipartite. Needing to maintain extra table.