Virtual Private Networks


Published on

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Virtual Private Networks

  1. 1. Virtual Private Networks <ul><li>BAD 64046 </li></ul><ul><li>Vladislav Hrosinkov </li></ul><ul><li>4/30/2003 </li></ul>
  2. 2. Traditional Corporate WAN <ul><li>Traditional corporate WANs are built using private lines or private Frame Relay/ATM </li></ul><ul><li>The remote access needs are accommodated by remote access servers and modems. The users dial in through the public switched telephone network. </li></ul>
  3. 3. Traditional corporate WAN <ul><li>Main advantages </li></ul><ul><li>Predictable bandwidth </li></ul><ul><li>Security and privacy </li></ul><ul><li>Main disadvantages: </li></ul><ul><li>High telecommunication costs </li></ul><ul><li>Not easily scalable </li></ul>
  4. 4. Virtual Private Network <ul><li>Definition - A VPN is a private network constructed within the public Internet </li></ul><ul><li>Goals </li></ul><ul><li>Connect private networks using shared public infrastructure </li></ul><ul><li>Simplify distributed network creation </li></ul><ul><li>Desirable properties </li></ul><ul><li>Security – An obvious issue because a public network (Internet) becomes physical part of the private network </li></ul><ul><li>Quality of service guarantees </li></ul>
  5. 5. VPN Architectures <ul><li>Site-to-site intranet VPNs - Connect different networks. </li></ul><ul><li>A VPN gateway is located at the boundary between a private corporate network and the public Internet </li></ul>
  6. 6. VPN Architectures <ul><li>Remote access VPNs – Enable remote connectivity using any Internet access technology. The remote user launches the VPN client to create a VPN tunnel to the gateway </li></ul>
  7. 7. VPN Architectures <ul><li>Extranet VPNs – Provide customers and suppliers with access to the corporate LAN. VPN tunnels are created through the Internet between the corporate gateway and a gateway or a client located in a partner’s network </li></ul>
  8. 8. Tunneling <ul><li>Tunnel – A logical link between the tunnel client and the tunnel server. The path through which the packets travel </li></ul><ul><li>Tunneling is the process of encapsulating (placing an entire packet within another packet (which provides the routing information) and sending it over the Internet. </li></ul><ul><li>Tunnels serve three major purposes in VPNs: </li></ul><ul><li>To enable different protocols to be transported over IP </li></ul><ul><li>To route privately addressed packet through the Internet </li></ul><ul><li>To provide data integrity and confidentiality </li></ul>
  9. 9. Tunneling <ul><li>Example: If node C takes the original packet and places it completely within a new packet addressed for node G, the nodes D, E and F would not know the original destination I. </li></ul>
  10. 10. Tunneling protocols <ul><li>PPTP (Point-to-point Tunneling Protocol) </li></ul><ul><li>Developed by Microsoft and other companies </li></ul><ul><li>Layer 2 protocol </li></ul><ul><li>For encapsulation uses the GRE (Generic Routing Encapsulation) protocol </li></ul><ul><li>Voluntary tunneling (the VPN client manages connection setup) </li></ul><ul><li>Disadvantage: Does not provide strong encryption </li></ul>
  11. 11. Tunneling Protocols <ul><li>L2F (Layer 2 Forwarding Protocol) </li></ul><ul><li>Developed by Cisco and other vendors </li></ul><ul><li>Layer 2 protocol </li></ul><ul><li>Compulsory tunneling: no VPN client, the Internet service provider manages the VPN connection. </li></ul><ul><li>Can use any packet-oriented protocol for encapsulation </li></ul><ul><li>Tunnels can support more than one connection </li></ul><ul><li>Disadvantage: does not define encryption for the encapsulated packet. </li></ul>
  12. 12. Tunneling Protocols <ul><li>L2TP (Layer 2 Tunneling Protocol) </li></ul><ul><li>Combines features of the previous two to overcome their shortcomings and become a standard </li></ul><ul><li>Supports both voluntary and compulsory tunneling </li></ul><ul><li>Has its own encapsulation protocol </li></ul><ul><li>Again lack of good security features. </li></ul><ul><li>The current L2TP draft standard recommends that IPSec be used for encryption and key management in IP environments. </li></ul>
  13. 13. Tunneling Protocols <ul><li>IPSec </li></ul><ul><li>Probably the most important protocol used in VPNs </li></ul><ul><li>Layer 3 protocol. </li></ul><ul><li>Provides the sender with the opportunity to authenticate or encrypt (or both) each IP packet. </li></ul><ul><li>Two methods of using IPSec (modes) </li></ul><ul><li>Transport mode – only the transport-layer segment of a IP packet is authenticated or encrypted </li></ul><ul><li>Tunnel mode – the entire packet is authenticated or encrypted. </li></ul>
  14. 14. Tunneling Protocols <ul><li>IPSec (cont.) </li></ul><ul><li>Supports AH (Authentication Header) protocol for per-packet authentication. </li></ul><ul><li>Supports ESP (Encapsulating Security Payload) protocol for authentication, encryption, anti-replay. </li></ul><ul><li>Either one or both can be used </li></ul><ul><li>Uses a number of standardized cryptographic technologies </li></ul><ul><li>Supports both manual key exchange and IKE (Internet Key Exchange) protocol for automated key management. </li></ul><ul><li>IPSec is considered for the best VPN solution for IP environment </li></ul>
  15. 15. VPNs - Performance <ul><li>IPSec solves the problem of VPN security, but performance remains an issue. </li></ul><ul><li>VPN performance depends on: </li></ul><ul><li>The speed of transition through the Internet – the public Internet cannot provide guaranteed levels of response time and reliability. Some SP offer quality of service agreements. </li></ul><ul><li>The efficiency of the VPN processing at each end of the connection. Encapsulation and encryption require adding data fields to each packet – long packets, likelihood of fragmentations. Encryption is very computationally intensive. Must be performed on products that are optimized for these functions. </li></ul>
  16. 16. VPN Gateways <ul><li>A key element of a VPN </li></ul><ul><li>Sit between public and private network, preventing intrusions </li></ul><ul><li>Can perform also tunneling and encryption </li></ul><ul><li>Generally, fits in one of the following categories: routers, firewalls, integrated hardware, software. </li></ul><ul><li>Routers – usually are preferred for high throughput VPNs </li></ul><ul><li>Firewalls – can provide tunneling and encryption only on small VPNs with low traffic </li></ul><ul><li>Integrated hardware – some of them provide very high throughput and number of tunnels. </li></ul><ul><li>Software Gateways – usually low-cost solutions for small VPNs </li></ul>
  17. 17. VPNs - Advantages <ul><li>Eliminate the need for expensive private or leased lines </li></ul><ul><li>Reduce the long-distance telephone charges </li></ul><ul><li>Reduced equipment costs (modem banks, CSU/DSUs) </li></ul><ul><li>Reduced technical support </li></ul><ul><li>Scalability – easy adding of new locations to the VPN </li></ul><ul><li>Security </li></ul>
  18. 18. VPNs - Disadvantages <ul><li>Require an in-depth understanding of public network security issues and taking proper precautions in VPN deployment </li></ul><ul><li>The availability and performance of a corporate VPN (over the Internet) depends on uncontrollable external factors. </li></ul><ul><li>Shortage of standardization. The products from different vendors may not work well together. </li></ul><ul><li>VPNs need to accommodate complicated protocols other than IP </li></ul>
  19. 19. VPNs – Global Market <ul><li>1997-2001 </li></ul>Source: Infonetics Research, June 2000 In 2000 – VPN Hardware $1.2 B VPN Services $5.1 B
  20. 20. VPN Market – Major Players <ul><li>Check Point – 62% </li></ul><ul><li>Nortel – 15% </li></ul><ul><li>Net Screen – 6% </li></ul><ul><li>Avaya – 4% </li></ul>Source: Data Monitor June 2001      
  21. 21. VPNs – Some Implications <ul><li>Facilitate place-displacement work </li></ul><ul><li>Facilitate the creation of virtual corporations </li></ul>
  22. 22. VPNs – Future? <ul><li>Forecasts predict fast growth in the next 5 years </li></ul><ul><li>The future of VPNs depends mainly on the savings they provide </li></ul><ul><li>What if the telecommunication costs continue to drop? </li></ul>
  23. 23. Sources <ul><li>Yuan, R., Strayer, T. “Virtual private networks”, 2001. </li></ul><ul><li>Mairs, J. “VPNs – a beginner’s guide”, 2002 </li></ul><ul><li>VPN Tutorial </li></ul><ul><li>http://www. iec .org/online/tutorials/ vpn / </li></ul><ul><li>Virtual Private Networks – research of Infonetics Inc. </li></ul><ul><li> </li></ul>
  24. 24. <ul><li>Questions? </li></ul>