VIRTUAL PRIVATE NETWORKS (VPN)
33
description
VIRTUAL PRIVATE NETWORKS (VPN). WAN Technology Comparison. long-distance dial-up connection. WAN technology - PSTN. Figure 7-9 A WAN using frame relay. WAN technology – X.25 and Frame Relay. A BRI link. A PRI link. WAN technology - ISDN. CSU/DSU. point-to-point T-carrier connection. - PowerPoint PPT Presentation
Transcript of VIRTUAL PRIVATE NETWORKS (VPN)
3
long-distance dial-up connection
4
Figure 7-9 A WAN using frame relay
5
A BRI link
A PRI link
6T-carrier connecting to a LAN through a router
point-to-point T-carrier connection
CSU/DSU
7
DSL connection
8
SONET ring
Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, instead of leased lines to communicate.
Became popular as more employees worked in remote locations.
(From Gartner Consulting)
Secure VPNs use cryptographic tunneling protocols.◦ IPsec, SSL/TLS, OpenVPN, PPTP, L2TP, L2TPv3,
VPN-Q and MPVPN Trusted VPNs rely on the security of a single
provider’s network to protect the traffic.◦ MPLS and L2F
A virtual point-to-point connectionmade through a public network. It transportsencapsulated datagrams.
Encrypted Inner Datagram
Datagram Header Outer Datagram Data Area
Original Datagram
Data Encapsulation [From Comer]
Two types of end points: Remote Access Site-to-Site
Figure 1
Authentication – validates that the data was sent from the sender.
Access control – limiting unauthorized users from accessing the network.
Confidentiality – preventing the data to be read or copied as the data is being transported.
Data Integrity – ensuring that the data has not been altered
Cryptography Technic Encryption -- is a method of “scrambling” data before
transmitting it onto the Internet.
Public Key Encryption Technique
Digital signature – for authentication
VPN can be deployed in three ways : Host to host Site-to-Site Host-to-Site
Remote access VPN Intranet VPN Extranet VPN
MPLS = Multi Protocol Label Switching Suatu metode forwarding (meneruskan data/paket
melalui suatu jaringan dengan menggunakan informasi label yang dilekatkan pada I
Memungkinkan router meneruskan paket dengan hanya melihat label yang melekat pada paket tersebut, sehinggap tidak perlu lagi melihat alamat IP tujuan)
Back
Perpaduan mekanisme Label Swapping (Layer 2) dan Routing (Layer 3)
Terdiri atas LSR yang saling terhubung, membentuk suatu LSP
LSR pertama disebut ingress LSR terakhir disebut egress Bagian tepi dari jaringan LSR disebut LER
Back
LSR = Label Switched Router LSP = Label Switched Path LER = Label Edge Router TTL = Time to Live
Back
Pembuatan label dan distribusi Pembuatan label dalam tiap router Pembuatan jalur label yang terhubung Pemasukan label Forwarding paket
Back
