Professional Documents
Culture Documents
Hybrid Architecture
Source: Chapter 19 E.Comer
• Permits some traffic to go over private connections
• Allows contact with global Internet
Lecture 9
Private Network Interconnection (NAT,VPN)
2 Lecture 9
3 Lecture 9 4 Lecture 9
1
4/11/2011
– Encryption
– IP-in-IP tunneling
5 Lecture 9 6 Lecture 9
Illustration Of Encapsulation
Example Of VPN Addressing And Routing
Used With VPN
The Point!!
A Virtual
Vi t l Private
P i t Network
N t k sends
d data
d t across the
th Internet,
I t t
but encrypts intersite transmissions to guarantee privacy.
7 Lecture 9 8 Lecture 9
2
4/11/2011
Example Of VPN Addressing And Routing Example VPN With Private Addresses
• Consider a datagram sent from a computer on network
128.10.2.0 to a computer on network 128.210.0.0.
• The sending host for-wards the datagram to R2, which forwards it
to R1.
R1
• According to the routing table in R1 the datagram must be sent
across the tunnel to R3. Therefore, R1 encrypts the datagram,
encapsulates it in the data area of an outer datagram with
destination R3· R1 then for-wards the outer datagram through the
local ISP and across the Internet.
• The datagram arrives at R3, which recognizes it as tunneled from
R1. R3 decrypts the data area to pro-duce the original datagram,
looks up the destination in its routing table, and forwards the Advantage:
datagram to R4 for delivery. Only one globally valid IP address needed per site
9 Lecture 9 10 Lecture 9
Example VPN With Private Addresses General Access With Private Addresses
• site 1 uses subnet 10.1.0.0/16, while site 2 uses subnet
10.2.0.0/16. Only two globally valid IP addresses are needed. Question: how can a site provide multiple computers at
• One is assigned to the connection from router R, to the Internet, the site access to Internet services without assigning
and the other is assigned to the connection from R2 to the each computer a globally-valid IP address?
I t
Internet.
t Routing
R ti g tables
t bl att th
the sites
it specifyif routes
t for
f private
i t
addresses; • Two answers
• only the VPN tunneling software needs to know about or use the – Application gateway (one needed for each service)
globally valid IP ad-dresses. – Network Address Translation (NAT)
• VPNs use the same addressing structure as a private network.
Hosts in a completely isolated VPN can use arbitrary addresses,
but a hybrid architecture with valid IP ad-dresses must be
employed to provide hosts with access to the global Internet.
11 Lecture 9 12 Lecture 9
3
4/11/2011
13 Lecture 9 14 Lecture 9
15 Lecture 9 16 Lecture 9
4
4/11/2011
17 Lecture 9 18 Lecture 9
19 Lecture 9 20 Lecture 9
5
4/11/2011
Summary
• VirtualPrivate Networks (VPNs) combine the
advantages of low cost Internet connections with
the safety of private networks
• VPNs use encryption and tunneling
21 Lecture 9