Virtual Private Network - the Netgroup at Politecnico di Torino
Virtual Private Network - the Netgroup at Politecnico di Torino Virtual Private Network - the Netgroup at Politecnico di Torino
(Virtual) VPN Topologies • Hub and spoke • Each branch communicates directly with headquarters • Fits to data flow of many corporations • Mainframe or data-center centered • Routing is sub-optimal • Small number of tunnels • Hard to manually configure • Hub could become bottleneck • Mesh • Larger number of tunnels • Easier to manually configure • Optimized routing VPN - 32 © M. Baldi & L. Ciminiera: see page 2
VPN Components VPN - 33 © M. Baldi & L. Ciminiera: see page 2
- Page 1 and 2: VPN Virtual Private Network Mario B
- Page 3 and 4: A Definition Virtual Private Networ
- Page 5 and 6: Why VPN? VPNs enable cutting costs
- Page 7 and 8: Why VPN? VPN enable selective and f
- Page 9 and 10: Example VPN - 9 © M. Baldi & L. Ci
- Page 11 and 12: VPN Deployment Scenarios • Intran
- Page 13 and 14: Intranet characteristics • Secure
- Page 15 and 16: Extranet VPN • Restricted access
- Page 17 and 18: Remote User Access • Shared infra
- Page 19 and 20: Example of intranet VPN VPN - 19 ©
- Page 21 and 22: Internet Access • Centralized (co
- Page 23 and 24: Distributed Internet Access INTERNE
- Page 25 and 26: VPN Models • Peer Model • MPLS
- Page 27 and 28: Provider provisioned and customer p
- Page 29 and 30: Layer 2 VPNs • Virtual Private LA
- Page 31: A Tassonomy of VPN Technologies VPN
- Page 35 and 36: Tunneling • A and B are enterpris
- Page 37 and 38: GRE • Generic Routing Encapsulati
- Page 39 and 40: IPv4 Encapsulation and Routing Info
- Page 41 and 42: New fields • Key (high 16 bit)
- Page 43 and 44: Access VPN: Two Deployment Modes VP
- Page 45 and 46: Highlights of Virtual Dial-Up • A
- Page 47 and 48: Layer 2 Tunneling Protocol Original
- Page 49 and 50: L2TP Header • Control Message •
- Page 51 and 52: Other header fields • Ns • Nr
- Page 53 and 54: Tunnels and sessions • Multiple s
- Page 55 and 56: Establishing sessions • A session
- Page 57 and 58: Security issues • Tunnel endpoint
- Page 59 and 60: Point-to-Point Tunneling Protocol (
- Page 61 and 62: PPTP Header Length Magic cookie Dat
- Page 63 and 64: Authentication Header Protocol (AH)
- Page 65 and 66: IPsec VPNs IPsec tunnel between VPN
- Page 67 and 68: IPSec modes of operation • Tunnel
- Page 69 and 70: Internet Key Exchange (IKE) protoco
- Page 71 and 72: VPN Gateway Positioning VPN - 71 ©
- Page 73 and 74: IPsec, VPN Gateways and NATs • Au
- Page 75 and 76: Peer VPN and MPLS-based Solutions V
- Page 77 and 78: MPLS-based Layer 2 VPNs: PWE3 • P
- Page 79 and 80: MPLS-based Layer 3 VPNs • Provide
- Page 81 and 82: MPLS VPN Components • CE router c
(<strong>Virtual</strong>) VPN Topologies<br />
• Hub and spoke<br />
• Each branch communic<strong>at</strong>es <strong>di</strong>rectly with<br />
headquarters<br />
• Fits to d<strong>at</strong>a flow of many corpor<strong>at</strong>ions<br />
• Mainframe or d<strong>at</strong>a-center centered<br />
• Routing is sub-optimal<br />
• Small number of tunnels<br />
• Hard to manually configure<br />
• Hub could become bottleneck<br />
• Mesh<br />
• Larger number of tunnels<br />
• Easier to manually configure<br />
• Optimized routing<br />
VPN - 32 © M. Bal<strong>di</strong> & L. Ciminiera: see page 2