Layer 2 Tunneling Protocol (L2TP) is a network layer VPN protocol that uses IP packets to encapsulate Layer 2 frames. L2TP extends the Point-to-Point Protocol (PPP) by allowing the Layer 2 and PPP endpoints to reside on different devices interconnected by a packet-switched network. L2TP establishes tunnels between an L2TP Access Concentrator (LAC) and an L2TP Network Server (LNS) to transport individual PPP frames across the network. Control connections and sessions are set up between the LAC and LNS to establish L2TP tunnels for transporting PPP data.
Free CCNP switching workbook by networkershome pdfNetworkershome
ccnp workbook and lab manual by NETWORKERS HOME. NETWORKERS HOME understand the importance of CCNP switching workbook when it comes Cisco certification which is why we offered free CCNP switching workbook.
Linux offers an extensive selection of programmable and configurable networking components from traditional bridges, encryption, to container optimized layer 2/3 devices, link aggregation, tunneling, several classification and filtering languages all the way up to full SDN components. This talk will provide an overview of many Linux networking components covering the Linux bridge, IPVLAN, MACVLAN, MACVTAP, Bonding/Team, OVS, classification & queueing, tunnel types, hidden routing tricks, IPSec, VTI, VRF and many others.
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
This presentation features a walk through the Linux kernel networking stack for users and developers. It will cover insights into both, existing essential networking features and recent developments and will show how to use them properly. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as networking namespaces, segmentation offloading, TCP small queues, and low latency polling and will discuss how to configure them.
Free CCNP switching workbook by networkershome pdfNetworkershome
ccnp workbook and lab manual by NETWORKERS HOME. NETWORKERS HOME understand the importance of CCNP switching workbook when it comes Cisco certification which is why we offered free CCNP switching workbook.
Linux offers an extensive selection of programmable and configurable networking components from traditional bridges, encryption, to container optimized layer 2/3 devices, link aggregation, tunneling, several classification and filtering languages all the way up to full SDN components. This talk will provide an overview of many Linux networking components covering the Linux bridge, IPVLAN, MACVLAN, MACVTAP, Bonding/Team, OVS, classification & queueing, tunnel types, hidden routing tricks, IPSec, VTI, VRF and many others.
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
This presentation features a walk through the Linux kernel networking stack for users and developers. It will cover insights into both, existing essential networking features and recent developments and will show how to use them properly. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as networking namespaces, segmentation offloading, TCP small queues, and low latency polling and will discuss how to configure them.
TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet).
Open vSwitch - Stateful Connection Tracking & Stateful NATThomas Graf
Update on status of connection tracking and stateful NAT addition to the Linux kernel datapath. Followed by a discussion on the topic to collect ideas and come up with next steps.
Fundamental of Quality of Service(QoS) Reza Farahani
This slide contains fundamental concept about Quality of Service (QoS) technolog, according to the latest version of Cisco books (CCIE R&S and CCIE SP) and i taught it at IRAN TIC company.In the next slide, i upload advanced topic about this attractive technology.
Geospatial Indexing at Scale: The 15 Million QPS Redis Architecture Powering ...Daniel Hochman
Talk given at RedisConf 17 on June 1, 2017 by Daniel Hochman. A video will be published by the conference organizers.
Abstract:
Built-in GEO commands in Redis provide a solid foundation for location-based applications. The scale of Lyft requires a completely different approach to the problem. Learn how to push beyond your constraints to build a highly available, high throughput, horizontally scalable Redis architecture. The techniques presented in this case study are broadly applicable to scaling any type of application powered by Redis. The talk will cover data modeling, open-source solutions, reliability engineering, and Lyft platform.
TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet).
Open vSwitch - Stateful Connection Tracking & Stateful NATThomas Graf
Update on status of connection tracking and stateful NAT addition to the Linux kernel datapath. Followed by a discussion on the topic to collect ideas and come up with next steps.
Fundamental of Quality of Service(QoS) Reza Farahani
This slide contains fundamental concept about Quality of Service (QoS) technolog, according to the latest version of Cisco books (CCIE R&S and CCIE SP) and i taught it at IRAN TIC company.In the next slide, i upload advanced topic about this attractive technology.
Geospatial Indexing at Scale: The 15 Million QPS Redis Architecture Powering ...Daniel Hochman
Talk given at RedisConf 17 on June 1, 2017 by Daniel Hochman. A video will be published by the conference organizers.
Abstract:
Built-in GEO commands in Redis provide a solid foundation for location-based applications. The scale of Lyft requires a completely different approach to the problem. Learn how to push beyond your constraints to build a highly available, high throughput, horizontally scalable Redis architecture. The techniques presented in this case study are broadly applicable to scaling any type of application powered by Redis. The talk will cover data modeling, open-source solutions, reliability engineering, and Lyft platform.
This presentations gives basic overview about networking and in depth insights about Openstack Neutron component.
Covers understanding on VLAN,VXLAN,Openstack vSwitch
Tutorial about MPLS Implementation with Cisco Router, this first of two chapter discuss about What is MPLS, Network Design, P, PE, and CE Router Description, Case Study of IP MPLS Implementation, IP and OSPF Routing Configuration
This is a technical presentation describing two protocols namely MQTT and CoAP for IoT communications. This explains the protocols in conjunction with OSI layers.
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
OpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus NetworksOpenStack
Audience Level
Beginner
Synopsis
Layer 2 versus Layer 3, MLAG, Spanning-Tree, switch mechanism drivers, overlays and routing-on-the-host — What scales and what does not? The underlying plumbing of an OpenStack network is something you’d rather not have to think about. This presentation examines the network architectures of web-scale and large enterprise OpenStack users and how those same efficiencies can be used in deployments of all sizes.
Speaker Bio:
Scott is a Member of Technical Staff at Cumulus Networks where he designs, supports and deploys web-scale technologies and architectures in enterprise networks globally. Prior to becoming a founding member of the Cumulus office in Australia, Scott started his career as a network administrator before joining Cisco Systems to support their data centre products.
OpenStack Australia Day Melbourne 2017
https://events.aptira.com/openstack-australia-day-melbourne-2017/
Interop Tokyo 2014 SDI (Software Defined Infrustructure) ShowCase Seminoar Presentation. The presentation covers Neutron API models (L2/L3 and Advanced Network services), Neutron Icehouse Update and Juno topics.
1. Layer 2 Tunneling Protocol
(L2TP)
• An example of network layer VPN: use IP packets to
encapsulate Layer 2 frames
• Previous RFC (v2)
- RFC2661 Layer Two Tunneling Protocol L2TP W.
Townsley, A. Valencia, A. Rubens, G. Pall, G. Zorn,
B. Palter. August 1999 (PROPOSED STANDARD)
- A standard method for tunneling Point-to-Point Protocol (PPP)
[RFC1661] sessions
- Note: L2TP has since been adopted for tunneling a number of
other L2 protocols (e.g., Ethernet, Frame Relay, etc). L2TPv3
[RFC3931]
T. A. Yang Network Security 1
2. Point-to-Point Protocol (PPP [RFC1661])
- PPP defines an encapsulation mechanism for transporting
multiprotocol packets across layer 2 (L2) point-to-point links.
- PPP relies on the Link Control Protocol (LCP) for establishing,
configuring, and testing the data-link connection.
- It has a family of Network Control Protocols (NCPs) for
establishing and configuring different network-layer protocols.
- Typically, a user obtains a L2 connection to a Network Access
Server (NAS) using one of a number of techniques (e.g., dialup
POTS, ISDN, ADSL, etc.) and then runs PPP over that connection.
- Example: A customer uses a dialup modem or a DSL line to
connect to the ISP or the company’s modem pool.
Dial client (PPP peer) PPP NAS (e.g., ISP)
- In such a configuration, the L2 termination point and PPP session
endpoint reside on the same physical device (i.e., the NAS).
T. A. Yang Network Security 2
3. Layer 2 Tunneling Protocol
• Types of L2TP Tunnels
1. Compulsory L2TP Tunneling
The client is completely unaware of the presence of an L2TP connection.
The L2TP Access Concentrator (LAC) is aware of L2TP.
Figure 12-3: (client) PPP + Data (LAC) L2TP + Data (LNS)
T. A. Yang Network Security 3
4. Layer 2 Tunneling Protocol
• Types of L2TP Tunnels (cont.)
2. Voluntary L2TP Tunneling
The client is aware of the presence of an L2TP connection.
The LAC is unaware of L2TP.
Figure 12-4: (client) PPP + L2TP + Data (LAC) L2TP + Data
(LNS)
T. A. Yang Network Security 4
5. Layer 2 Tunneling Protocol (cont.)
• L2TP
- L2TP extends the PPP model by allowing the L2 and PPP
endpoints to reside on different devices interconnected by a
packet-switched network (PSN).
- With L2TP, a user has an L2 connection to an L2TP access
concentrator (LAC, e.g., modem bank, ADSL DSLAM, etc.), and
the concentrator then tunnels individual PPP frames to the L2TP
Network Server (LNS).
Dial client (PPP peer) PPP LAC L2TP tunnel LNS
- This allows the actual processing of PPP packets to be separated
from the termination of the L2 circuit.
T. A. Yang Network Security 5
6. Layer 2 Tunneling Protocol (cont.)
• A typical L2TP scenario (from RFC2661)
T. A. Yang Network Security 6
7. Layer 2 Tunneling Protocol (cont.)
RFC3931 Layer Two Tunneling Protocol - Version 3
(L2TPv3) J. Lau, Ed., M. Townsley, Ed., I. Goyret,
Ed. March 2005 (PROPOSED STANDARD)
L2TPv3 defines the base control protocol and encapsulation
for tunneling multiple Layer 2 connections between two
IP nodes.
L2TPv3 consists of
(1) the control protocol for dynamic creation, maintenance,
and teardown of L2TP sessions, and
(2) the L2TP data encapsulation to multiplex and
demultiplex L2 data streams between two L2TP nodes
across an IP network.
T. A. Yang Network Security 7
8. Layer 2 Tunneling Protocol (cont.)
• L2TP (according to TheFreeDictionary, http://computing-
dictionary.thefreedictionary.com/L2TP )
• A protocol from the IETF that allows a PPP session to travel over
multiple links and networks. (Note: a limitation of L2TPv2)
• L2TP is used to allow remote users access to the corporate
network.
• PPP is used to encapsulate IP packets from the user's PC to the
ISP, and L2TP extends that session across the Internet.
• L2TP was derived from Microsoft's Point-to-Point Tunneling
Protocol (PPTP) and Cisco's Layer 2 Forwarding (L2F) technology.
T. A. Yang Network Security 8
9. Layer 2 Tunneling Protocol (cont.)
• From Access Concentrator to Network Server
• The "L2TP Access Concentrator" (LAC) encapsulates PPP frames with
L2TP headers and sends them over the Internet as UDP packets (or over
an ATM, frame relay or X.25 network).
• At the other end, the "L2TP Network Server" (LNS) terminates the PPP
session and hands the IP packets to the LAN. L2TP software can also be
run in the user's PC.
• Carriers also use L2TP to offer remote points of presence (POPs) to
smaller ISPs. Users in remote locations dial into the carrier's local modem
pool, and the carrier's LAC forwards L2TP traffic to the ISP's LNS.
user original IP packet (p) PPP+p LAC L2TP+PPP+p LNS
• L2TP and IPsec
• L2TP does not include encryption (as does PPTP), but is often used with
IPsec in order to provide virtual private network (VPN) connections from
remote users to the corporate LAN.
T. A. Yang Network Security 9
10. L2TP Operations
• Assumptions: Compulsory tunneling
• The Procedure:
1. The Client initiates a PPP connection to the LAC.
2. The LAC does LCP negotiation with the client, and challenges the client for
authentication credentials.
3. The client supplies the credentials (such as user name, domain name, password).
4. The LAC uses the domain name to ascertain which LNS it needs to contact (in the
case of multiple domains).
5. The LAC begins establishing an L2TP tunnel with the LNS.
• Two Stages of L2TP Tunnel Setup:
1. Set up a control session between the LAC and the LNS.
2. Set up the actual L2TP tunnel for passing the data (aka. ‘creating the session’)
– Notes:
• Between a pair of LAC and LNS, there may exist multiple tunnels.
• Across a single L2TP tunnel, there may exist multiple sessions.
T. A. Yang Network Security 10
12. L2TP Operations
• Control Connection Establishment
- Securing the peer’s identity, identifying the peer’s L2TP
version, framing, etc.
1.LAC SCCRQ (start-control-connection-request) LNS
2.LAC SCCRP (start-control-connection-reply LNS
3.LAC SCCN (start-control-connection-connected LNS
--------------------------------------------------------------------------------------
LAC ZLB ACK LNS
The ZLB ACK is sent if there are no further messages waiting in queue for that
peer.
T. A. Yang Network Security 12
13. L2TP Operations
• Session Establishment
- A session may be created after successful control connection is
established.
- Each session corresponds to a single PPP stream between the
LAC and the LNS.
- Session establishment is directional:
- Incoming call: The LAC asks the LNS to accept a session;
- Outgoing call: The LNS asks the LAC to accept a session
- Incoming Call Establishment:
1. LAC ICRQ (Incoming-Call-Request) LNS
2. LAC ICRP (Incoming-Call-Reply LNS
3. LAC ICCN (Incoming-Call-Connected LNS
--------------------------------------------------------------------------------------
LAC ZLB ACK LNS
The ZLB ACK is sent if there are no further messages waiting in queue for that
peer.
T. A. Yang Network Security 13
17. L2TP Authentication
(from RFC2661)
• Authentication, Authorization and Accounting may be provided by the Home
LAN's Management Domain, which is behind the LNS.
• In that case, the LAC performs proxy authentication, by passing
authentication information back and forth between the user and the LNS.
T. A. Yang Network Security 17
18. L2TP Operations
• Case Studies:
- Setting up compulsory L2TP Tunneling
T. A. Yang Network Security 18
19. L2TP Operations
• Case Studies (cont.)
- Protecting L2TP Traffic using IPsec in a compulsory tunneling
setup
NOTE: L2TP encapsulation occurs before IPSec processing.
T. A. Yang Network Security 19
20. L2TPv3 Topology (from RFC3931)
• L2TP operates between two L2TP Control
Connection Endpoints (LCCEs), tunneling traffic
across a packet network.
• There are three predominant tunneling models
in which L2TP operates:
LAC-LNS (or vice versa),
LAC-LAC, and
LNS-LNS.
T. A. Yang Network Security 20
LAC ( L2TP Access Concentrator ) & LNS ( L2TP Network Server ): The LAC is the initiator of the tunnel while the LNS is the server, which waits for new tunnels. (http://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol)
LAC ( L2TP Access Concentrator ) & LNS ( L2TP Network Server ): The LAC is the initiator of the tunnel while the LNS is the server, which waits for new tunnels. (http://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol)
* LCP negotiation: Short for Link Control Protocol, a protocol that is part of the PPP. In PPP communications, both the sending and receiving devices send out LCP packets to determine specific information that will be required for the data transmission. The LCP checks the identity of the linked device and either accepts or rejects the peer device, determines the acceptable packet size for transmission, searches for errors in configuration and can terminate the link if the parameters are not satisfied. Data cannot be transmitted over the network until the LCP packet determines that the link is acceptable.
Zero-Length Body Acknowledgement ( ZLB ACK )
Challenge-Handshake Authentication Protocol ( CHAP )
Ns (optional) sequence number for this data or control message Nr (optional) sequence number for expected message to be received.
Although deprecated, Password authentication protocol ( PAP ) is still sometimes used. (source: http://download-uk.oracle.com/docs/cd/A97630_01/appdev.920/a96590/adgsec03.htm) Advantages of Proxy Authentication In multi-tier environments, proxy authentication allows you to control the security of middle-tier applications by preserving client identities and privileges through all tiers, and auditing actions taken on behalf of clients. For example, this feature allows the identity of a user using a web application (also known as a "proxy") to be passed through the application to the database server.