330 likes | 446 Views
VIRTUAL PRIVATE NETWORKS (VPN). WAN Technology Comparison. long-distance dial-up connection. WAN technology - PSTN. Figure 7-9 A WAN using frame relay. WAN technology – X.25 and Frame Relay. A BRI link. A PRI link. WAN technology - ISDN. CSU/DSU. point-to-point T-carrier connection.
E N D
long-distance dial-up connection WAN technology - PSTN
Figure 7-9 A WAN using frame relay WAN technology – X.25 and Frame Relay
A BRI link A PRI link WAN technology - ISDN
CSU/DSU point-to-point T-carrier connection T-carrier connecting to a LAN through a router WAN technology T-Carrier
DSL connection DSL Connectivity
SONET ring WAN technology - SONET
What is VPN? • Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, instead of leased lines to communicate. • Became popular as more employees worked in remote locations.
Remote Access Virtual Private Network (From Gartner Consulting)
VPN: Types • Secure VPNs use cryptographic tunneling protocols. • IPsec, SSL/TLS, OpenVPN, PPTP, L2TP, L2TPv3, VPN-Q and MPVPN • Trusted VPNs rely on the security of a single provider’s network to protect the traffic. • MPLS and L2F
Tunneling A virtual point-to-point connection made through a public network. It transports encapsulated datagrams. Original Datagram Encrypted Inner Datagram Datagram Header Outer Datagram Data Area Data Encapsulation [From Comer] Two types of end points: • Remote Access • Site-to-Site
VPN: Tunneling Figure 1
Cryptographic Tunneling Factor • Authentication – validates that the data was sent from the sender. • Access control – limiting unauthorized users from accessing the network. • Confidentiality – preventing the data to be read or copied as the data is being transported. • Data Integrity – ensuring that the data has not been altered • Cryptography Technic • Encryption -- is a method of “scrambling” data before transmitting it onto the Internet. • Public Key Encryption Technique • Digital signature – for authentication
Virtual Private Networks • VPN can be deployed in three ways : • Host to host • Site-to-Site • Host-to-Site
VPN Topology: Types of VPNs • Remote access VPN • Intranet VPN • Extranet VPN
Intro to MPLS • MPLS = Multi Protocol Label Switching • Suatumetode forwarding (meneruskan data/paketmelaluisuatujaringandenganmenggunakaninformasi label yang dilekatkanpadaI • Memungkinkan router meneruskanpaketdenganhanyamelihat label yang melekatpadapakettersebut, sehinggaptidakperlulagimelihatalamat IP tujuan)
2. ARSITEKTUR MPLS • Perpaduan mekanisme Label Swapping (Layer 2) dan Routing (Layer 3) • Terdiri atas LSR yang saling terhubung, membentuk suatu LSP • LSR pertama disebut ingress • LSR terakhir disebut egress • Bagian tepi dari jaringan LSR disebut LER Back
LSR = Label Switched Router • LSP = Label Switched Path • LER = Label Edge Router • TTL = Time to Live Back
5. OPERASI MPLS • Pembuatan label dan distribusi • Pembuatan label dalam tiap router • Pembuatan jalur label yang terhubung • Pemasukan label • Forwarding paket Back