80 likes | 169 Views
Understanding “Virtual” Networks. J.J. Ekstrom Fall 2011. Payload. Pad. Dest MAC. Source Mac. Ether type > 1500. Ether CRC. Understanding VLANs, Tunnels and VPNs. Ethernet II packet. 802.3 packet. Link to: IANA EtherType List. Dest MAC. Source Mac. Len < 1500. Payload. Pad.
E N D
Understanding “Virtual” Networks J.J. Ekstrom Fall 2011
Payload Pad Dest MAC Source Mac Ether type > 1500 Ether CRC Understanding VLANs, Tunnels and VPNs Ethernet II packet 802.3 packet Link to: IANA EtherType List Dest MAC Source Mac Len < 1500 Payload Pad Ether CRC VLANs separate Traffic, but access to wire gives access to data. 802.1p/Q packet Dest MAC Source Mac 0x8100 VLAN Tag 4bits priority 12 bits VLAN # Old Ether type Payload Pad Ether CRC VLAN Tag
Payload Payload Pad Pad Dest MAC Dest MAC Dest MAC Dest MAC Source Mac Source Mac Source Mac Source Mac IP Ether type > 1500 Ether type > 1500 IP Ether CRC Ether CRC VPN not Necessarily Secure LTTP packet (Layer 2 Tunneling Protocol) IP Header/ UDP Payload Ether CRC LTTP packet (Layer 2 Tunneling Protocol) IP Header/ UDP Payload Ether CRC However payload can be encrypted which reveals pipe but not the contents
Payload Pad Dest MAC Source Mac Ether type > 1500 Ether CRC MPLS: VLANS on the WAN Ethernet II packet MPLS Label Takes off Label and decrypts if necessary Puts on Label Edge Router Label Switch Router Edge Router Edge Router Label Switch Router Label Switch Router Label Switch Router Label Switch Router Label Switch Router Label Switch Router Can encrypt for security Label Switch Router Just uses Label Edge Router
MPLS Mappings • VLAN tag to MPLS Label • IP subnet to MPLS Label • IP Destination subnet to MPLS Label • Can be different depending on content. • Encrypt some packets not others.
Tunneling (SSL) • Treating a stream like a wire. • SSL (Secure Sockets Layer) • OpenSSL has tunneling built in. • In on local port tunneled to destination IP and port. • Travels through a virtual wire on port 80 • Looks like http traffic
Virtual Private Networks • Typically Encrypted • Encapsulate a packet in another protocol’s payload.
Generalizations • VPN, VLANs, MPLS, L2TP are all variations on a theme of “tunnel” • Tunnels can be used for various things: • Routing simplification • Encryption • Traffic management • …