Upload File

network access for remote users dr john s. graham ulcc

  • Home
  • Documents
  • Network Access for Remote Users Dr John S. Graham ULCC
21
Network Access for Remote Users Dr John S. Graham ULCC [email protected]

Upload: ashlee-holland

Post on 19-Jan-2018

215 views

Category:

Documents


0 download

Report

DESCRIPTION

Site-to-Site Private Infrastructure

TRANSCRIPT

Page 1: Network Access for Remote Users Dr John S. Graham ULCC

Network Access for Remote Users Dr John S. Graham

[email protected]

Page 2: Network Access for Remote Users Dr John S. Graham ULCC

Review of Technologies• Remote Site

– Private Leased Lines• Kilostream or Megastream Circuits• LES

– ISDN– EPS9– ISP

• Remote User– Private Dialup Service– ISP

Page 3: Network Access for Remote Users Dr John S. Graham ULCC

Site-to-Site Private Infrastructure

Page 4: Network Access for Remote Users Dr John S. Graham ULCC

Traditional Dialup Service

High CostsSupport BurdenLimited to 56K Analogue DialupLimited Service

Security Guaranteed

Page 5: Network Access for Remote Users Dr John S. Graham ULCC

Virtual Private Network

Highly Flexible SolutionUses Existing Infrastructure

Complex Security Issues

Page 6: Network Access for Remote Users Dr John S. Graham ULCC

VPN Roadmap

Tunnelling

Sym metric Asymm etric

Encryption

Endpoints Data User

Authentication IP Framew ork

VPN

Page 7: Network Access for Remote Users Dr John S. Graham ULCC

Tunnelling Methods• Layer III

– GRE– IPSec

• Layer II– L2F– PPTP– L2TP

Page 8: Network Access for Remote Users Dr John S. Graham ULCC

Layer 3 Tunnelling (GRE)

TCPIP DataGREIP

GRE

TCPIP Data

passenger protocol

encapsulating protocol

carrier protocol

Page 9: Network Access for Remote Users Dr John S. Graham ULCC

Tunnelling In Action

IP GRE TCPIP Data

Source 62.49.38.138Destination

192.168.17.26194.82.103.186

IP GRE TCPIP Data

192.168.17.26

Page 10: Network Access for Remote Users Dr John S. Graham ULCC

Layer 2 Tunnelling (L2TP)

TCPIP DataL2TPUDPIP PPP

TCPIP DataL2TPUDPIP PPPESP ESP

L2TP

L2TP + IPSec

TCPIP DataPPP

Page 11: Network Access for Remote Users Dr John S. Graham ULCC

Layer 2 Tunnelling Modes

Compulsory L2 Tunnelling

Voluntary L2 Tunnelling

Page 12: Network Access for Remote Users Dr John S. Graham ULCC

Authentication• Peer Identity

– Shared Secret– Digital Certificate

• Data Integrity– Digital Signatures

• User Identity– Kerberos– RADIUS

Page 13: Network Access for Remote Users Dr John S. Graham ULCC

IP Security (IPSec)• Protocols

– Authentication Header– Encapsulating Security Payload– Internet Key Exchange

• Modes– Tunnel– Transport

Page 14: Network Access for Remote Users Dr John S. Graham ULCC

IPSec Protocols

Sequence Number

Authentication Data

SPI

NextHeader

PayloadLength Reserved

Sequence Number

SPI

Authentication Data

Data

NextHeader

PadLengthPad

IV

Authentication Header (51) Encapsulating Security Protocol (50)

Page 15: Network Access for Remote Users Dr John S. Graham ULCC

IPSec ModesTunnel Mode

Transport Mode

IP AH/ESP TCPIP Data

AH/ESP TCPIP Data

Page 16: Network Access for Remote Users Dr John S. Graham ULCC

Equipment at Remote Site

• ‘Wires Only’ ADSL Connection– One Static IP Address

• Splitter• Cisco 827H Router

– Ethernet hub (4 ports) plus ATM port

Page 17: Network Access for Remote Users Dr John S. Graham ULCC

Customer Installation

Page 18: Network Access for Remote Users Dr John S. Graham ULCC

Router Configuration

Routing Table

NAT IPSec

Tunnel

Dialer

A1

A2

B1

B2

B3

Ethernet

Page 19: Network Access for Remote Users Dr John S. Graham ULCC

IPSec Followed by NAT• Immutable fields of outer IP header

included in AH protocol’s ICV data.• Transport mode IPSec renders

TCP/UDP checksums invalid.• Multiple incompatibilities between

SA parameters and NAT.

http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-reqts-04.txt

http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-reqts-04.txt
Page 20: Network Access for Remote Users Dr John S. Graham ULCC

Fragmentation Hell

Page 21: Network Access for Remote Users Dr John S. Graham ULCC

http://www.ja.net/documents/


The AIDA toolkit: Assessing Institutional Digital Assets Ed Pinsent, ULCC

Sébastien François, EPrints Lead Developer EPrints Developer Powwow, ULCC

Computer Engineering Remote Controlled Car Project ACSE 2006 Graham Smyth Jerry Dolata

SuperJANET4 Update Roland Trice, ULCC SuperJANET4 Rollout Manager

Dr John S. Graham ULCC [email protected]

PEOPLE Chris BLIGH Sonia GRAHAM of Bligh Graham Architects

MaharaUK 09 - James and Philip, ULCC - Let's get personal

A brief Review of Modeling of Aerosol-Precipitation ... · Aerosol-Cloud Interactions ‐ Small‐scale modeling In‐situ measurements Surface‐based remote sensing Graham Feingold

Graham Charters | IBM - OSGi€¦ · OSGi Remote Service Summary • Standardizes basic metadata for distribution – Remote interfaces – Default invocation semantics – Place

ULCC Moodle User Group (HE) July 2014

Among US Carriers First Quarter Compared ULCC Showdown

Moodle Wonderland - Moodle success at ULCC

James Ballard, ULCC - Learner Journey

Remote Sensing for Biodiversity Conservation, Land cover and Land use Change and Carbon/Ecosystem Management Catherine Graham Stony Brook University (many

Bongongo Public School Newsletter · *Olivia Graham * George Graham *Archie Graham *Jetty Mason *Isobel Welsh *Finn Onus *Joe Graham * Oscar Welsh Congratulations to the following

Data Stream Algorithms Frequency Moments Graham Cormode [email protected]

Network Access for Remote Users: Practical IPSec Dr John S. Graham ULCC [email protected]

THE BILLY GRAHAM LIBRARY - static.billygraham.org · Virginia “Gigi” Graham Daughter of Billy Graham Anne Graham Lotz ... Musical Artist PRAYER OF THANKSGIVING The Reverend Robert

ULCC Moodle User Group - March 2015

Preservation of Web Resources Part I, Kevin Ashley, ULCC

ULCC Moodle User Group (FE) July 2014

ULCC Moodle User Group // Christmas 2015

Graham Graham Healthcare Creative Infusion

ULCC Moodle User Group (HE) 26.03.2013

Daniel J. Graham, Ph.D. - Colorado State Universitypsy.psych.colostate.edu/psylist/graham.pdf · Graham, CV, 1 of 21 Daniel J. Graham, Ph.D. Curriculum Vitae Contact Dan J. Graham

ULCC Moodle User Group (FE) 18.12.13

National Digital Repository ® Preserving the imperfect: reflections from NDAD and elsewhere Kevin Ashley Head of Digital Archives Group ULCC

ULCC e-ILP Focus Group

Leung Hoang (lghoang@gmail) Graham Laverty ([email protected])

Collaboration and Innovation: ULCC and LEAP by Richard Davis

ULCC RDM Solution - Compliance doesn't have to be complicated

ULCC Moodle User Group (HE) 18.12.13

Introduction to JISC PoWR (Kevin Ashley, ULCC)

Combining Remote Sensing and Biological Data to Predict the Consequences of Climate Change on Hummingbird Diversity Catherine Graham, Susan Wethington,

Enterprise Geospatial Production O · 2017-09-10 · PHOTOGRAMMETRIC ENGINEERING & REMOTE SENSING March 2005 241 Enterprise Geospatial Production by Lewis Graham ur company was formed