1 / 19

Networks Research Group

Networks Research Group. Deployment of an IPv6-Enabled Dynamic VPN Infrastructure. Projects Past ANDROID RADIOACTIVE Present 6NET ICB Future SEINIT. VPN Technologies Netcelo VPN Manager ISI - X-Bone DRDC - DVC UMU - PBNM Entrust VPN Connector. Current Work.

iniko
Download Presentation

Networks Research Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Networks Research Group Deployment of an IPv6-Enabled Dynamic VPN Infrastructure

  2. Projects Past ANDROID RADIOACTIVE Present 6NET ICB Future SEINIT VPN Technologies Netcelo VPN Manager ISI - X-Bone DRDC - DVC UMU - PBNM Entrust VPN Connector Current Work Networks Research Group Seminar

  3. 6NETVPN Infrastructure Deployment “To look at the issues surrounding the provision of IPv6 dynamic VPN technology and deploy an IPv6-Enabled VPN Infrastructure”

  4. International Collaboration Board (ICB) “To carry out an experimental deployment of an IPv6-Enabled VPN Infrastructure upon which one can experiment on the sort of policies that coalition networks require”

  5. Netcelo VPN Management • Deployed During ANDROID • Single VPN Manager • Full Mesh Topology • Tested with Multicast Conferencing • Active Networking (Funnelweb) • Transcoding Active Gateway • Proprietary System Networks Research Group Seminar

  6. ISI X-Bone • UCL extended X-Bone for IPv6 capability during RADIOACTIVE • Overlay Managers & Resource Daemons • Invitation-Based Set-Up • Choice Of Topology • Recursive Overlays • Demonstrated at DANCE - May 2002 • 3 sites - Star Topology • Possibility of sub-optimal topology Networks Research Group Seminar

  7. DRDC DVC • “Provides secure/authenticated out-of-band channels to establish, monitor and dismantle VPNs” • Based On Ideas From X-Bone • Coalition-Based • Full Mesh Topology • Exchange of Security Policies Networks Research Group Seminar

  8. UMU-PBNM • UMU-PKIv6 • CA Provides X.509 Certificate Enrollment And Lifecycle Management for IPv6 • Supports LDAPv6, OCSP and SCEP • UMU-PBNM • Policy Management Tool (PMT) • Policy Decision Point (PDP) • Policy Enforcement Point (PEP) • VPN Enforcement Tool (VPN ETool) COPS Networks Research Group Seminar

  9. Issues • No clear globally accepted VPN definition • Scope of a VPN • Uncertainty in: • What is required • How to develop it • The Current status of each of the projects • VPN Workshop – July 2003 • Aim to discuss and resolve issues of confusion • Aim to encourage collaboration Networks Research Group Seminar

  10. Building An Ideal System • Each system excels in its particular area of focus • X-Bone – Overlay Hierarchy, Topology • DVC – Distributed, Localised Control • UMU-PBNM – Security Infrastructure • Want the best of all worlds Networks Research Group Seminar

  11. Ideal System – Existing Features • Localisation and Security of DVC • Distributed Nature of DVC • Platform Independence of DVC/X-Bone • Hierarchic Nature of X-Bone • Topological Flexibility of X-Bone/UMU • Policy Management of UMU • Security Management of UMU Networks Research Group Seminar

  12. Ideal System – New Features • Dynamic Topology • (Secure?) Routing over VPN • Multicast Capability • QoS Provision Networks Research Group Seminar

  13. VPN Workshop – Summary • X-Bone • Expected to be IPv6-Enabled October • Dynamic Overlay Routing • Node Re-visitation • Provides capability for topological definition • Does not allow addition/deletion of nodes to as existing overlay • Combination with other systems looks promising Networks Research Group Seminar

  14. VPN Workshop – Summary cont. • DVC • Good model for flexible use of policies • Agreed to move to IPv6 – target date November • Currently moving toward XML based policy definition • Discussing combination with UMU Networks Research Group Seminar

  15. VPN Workshop – Summary cont. • UMU • Security Management Infrastructure • Policy Management Infrastructure • VPN definition limited to 6WIND Networks Research Group Seminar

  16. VPN Workshop – Summary cont. • Cisco • Presented various approaches for large scale VPN deployment • Stated IPv6 IPSec solutions not planned before mid-2004 Networks Research Group Seminar

  17. VPN Workshop – Outcome • Updated parties on status of projects • Discussions conducted on problems and issues • Consensus reached over issues of confusion • All parties agreed on collaboration • Plans for hosting a further VPN Workshop during November Networks Research Group Seminar

  18. Future Work • Re-evaluate X-Bone With Enhancements • Initial Deployment Potentially X-Bone • VPN Management System • Dynamic Tunnel Establishment & Management • Dynamic Topology (Bootstrapping) • Policy Definition • Types of policies Networks Research Group Seminar

  19. Networks Research GroupManish Ladm.lad@cs.ucl.ac.uk Department of Computer Science University College London

More Related