1 / 17

Dial-in Virtual Private Networking Using Layer 3 Tunneling

Dial-in Virtual Private Networking Using Layer 3 Tunneling. Gary Malkin Bay Networks Internet Telecom Business Group. Subscriber Network. Subscriber Network. Subscriber Network. Overview DVPN Topology. Service Provider IP Network. Dial-in User. Dial-in Router. user data. IP. PPP.

makara
Download Presentation

Dial-in Virtual Private Networking Using Layer 3 Tunneling

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dial-in Virtual Private NetworkingUsing Layer 3 Tunneling Gary Malkin Bay Networks Internet Telecom Business Group

  2. Subscriber Network Subscriber Network Subscriber Network OverviewDVPN Topology Service Provider IP Network Dial-in User Dial-in Router

  3. user data IP PPP user data IP IP MAC user data IP MAC GRE OverviewEncapsulation & Tunneling

  4. OverviewProvisioning • Provisioning information for BayDVS • Tunnel protocol and endpoint • Gateway address and path to Subscriber Site • Authentication protocol and server address • Dynamic Address Assignment protocol and server address • Tunnel authentication protocol and key • Operational information and statistics

  5. Tunneling Models • Tunneling From Provider to Customer • Tunneling Within Provider’s Network • Tunneling From PC to Customer’s Network • Tunneling From PC to Provider’s Network

  6. Tunneling Model -Provider to Subscriber Router (Tunnel Endpoint) Remote Client Network RAC (Tunnel Endpoint) Service Provider Network Subscriber Network

  7. Tunneling Model -Within Provider’s Network Network Remote Client RAC (Tunnel Endpoint) Router (Tunnel Endpoint) Service Provider Network Network CPE Router Subscriber Network

  8. Tunneling Model -PC to Subscriber Router (Tunnel Endpoint) Remote Client (Tunnel Endpoint) Network RAC Service Provider Network Subscriber Network

  9. Tunneling Model -PC to Provider’s Network Network Remote Client (Tunnel Endpoint) RAC Router (Tunnel Endpoint) Service Provider Network Network CPE Router Subscriber Network

  10. BayDVS • Description • Topology • Operation Algorithm • Security

  11. BayDVSDescription • Mobile IP based tunneling solution • Requires only IP/PPP on Remote Node • No requirements for Customer Premise Equipment • Provides addressing and routing isolation • Allows authentication by Service Provider or Subscriber • Allows address assignment by Service Provider or Subscriber

  12. BayDVSTopology Service Provider IP Network TMS GW RAS Dial-in User AS DHCP CPE Frame Relay Subscriber Network

  13. BayDVSOperation Algorithm Remote Node Remote Access Server Tunnel Management System Authentication Server DHCP Server Local Node Gateway Connect LCP negotiation CHAP initiation Auth/info request Grant w/info MIP auth request Auth request Grant w/info MIP auth response MIP DAA request DHCP discover/request DHCP response/ack MIP DAA response MIP registration request MIP registration response CHAP completion NCP negotiation OPEN COMMUNICATION Disconnect MIP terminate request MIP terminate response Terminate message

  14. BayDVSOperation Algorithm - Authentication Remote Access Server Authentication Server Tunnel Management System Gateway Auth/info request Grant w/info MIP authentication request Auth request Grant w/info • RAS acquires provisioned information for User’s Subscriber • RAS authenticates user with Subscriber’s Authentication Server MIP authentication response

  15. BayDVSOperation Algorithm - Dynamic Addressing Remote Access Server DHCP Server Gateway MIP DAA request DHCP discover DHCP response MIP DAA response MIP DAA request • RAS “discovers” DHCP server in Subscriber site • RAS requests IP address from DHCP server DHCP request DHCP ack MIP DAA response

  16. BayDVSSecurity • CHAP or PAP user authentication • User authentication managed by provider or subscriber • MD-5 authentication of tunnel establishment

  17. IP (20 bytes) IP Payload GRE (8 bytes) PPP Frame L2TP (12 bytes) UDP (8 bytes) IP (20 bytes) IP Payload Comparison of L2TP and BayDVS • Scaling and Performance • BayDVS Payload Packet • L2TP Payload Packet • Interoperability • Subscriber Requirements • End-to-End (between RC and LNS) Encryption and Compression • Address and Routing Isolation

More Related