Introducción a las Redes Virtuales

Page 1

305 1112_06F9_c2 1112_06F9_c1

1

© 1999, Cisco Systems, Inc.

Introduction to Virtual Private Networks Session 305

305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

2

1


Agenda

• Scope of this Session • Intro and History of VPNs • VPN Technology Building Blocks • Basic VPN Architectures • Next Generation VPN Solutions 305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

3

Scope of this Session

• Provide a basic understanding of the component technologies relevant to VPNs • Show how these technologies fit together to provide today’s VPN solutions • Speculate on some of the VPN advances that may come along in the near future • For further info attend Dave Phillip’s Level 2 Deploying VPN Solutions (Session 313) 305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

4

2


What Is a VPN Service ?

A “VPN service” is a service which offers secure, reliable connectivity over a shared public network infrastructure such as the Internet. Because the infrastructure is “shared”, connectivity can be provided at lower cost than existing dedicated private networks

305 1112_06F9_c2

5

© 1999, Cisco Systems, Inc.

A VPN Analogy!

305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

6

3


Traditional VPNs Regional Office Remote Office

128 K

Enterprise

T1

64 K

AAA

DMZ Frame Relay Service Provider

56 K Remote Office

305 1112_06F9_c2

GRE Tunnel IP Network

Web Servers DNS Server STMP Mail Relay

7

© 1999, Cisco Systems, Inc.

What’s Driving VPN Offerings Reduced Networking Costs

305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

Increased Network Flexibility

8

4


VPN Building Blocks

Management

Tunneling

305 1112_06F9_c2

Provisioning

Security

QoS

9

© 1999, Cisco Systems, Inc.

Tunneling Types Tunneling Tunneling

Layer 2/Layer 3

Compulsory or Voluntary

305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

10

5


Layer 2 vs. Layer 3 Tunneling Tunneling

Tunneling Comparison IP Centric

Layer 3

Less Integrated Solutions Solutions Still in Definition Stage Center on PPP

Layer 2

Multiprotocol Integrated With Existing Access Technologies

305 1112_06F9_c2

11

© 1999, Cisco Systems, Inc.

Generic Route Encapsulation (GRE)

IP Network GRE Tunnel

IP

GRE

Network Packet

Transport Protocol

Carrier Protocol

Passenger Protocol

305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

12

6


Compulsory Tunnel Model LAC

PPP VPDN DATA

LNS

VPDN

DATA

• Client software wraps data in tunneling protocol then in transport protocol • Transparent to LAC 305 1112_06F9_c2

13

© 1999, Cisco Systems, Inc.

Voluntary Tunnel Model

LAC

PPP

DATA

LNS

VPDN

DATA

• Generic PPP encapsulated data from any standard client

305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

14

7


PPP Tunneling Tunneling Tunneling

L2TP

305 1112_06F9_c2

PPTP

PPPoE

15

© 1999, Cisco Systems, Inc.

L2TP Tunneling Tunneling

LAC

LNS

• L2TP is an IETF draft moving towards standards status • Mostly used in voluntary mode • Some third party clients available 305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

16

8


Microsoft Point-to-Point Tunneling Protocol Tunneling Tunneling

LAC

LNS

• An informational RFC • Primarily used in compulsory mode • Widely available clients Win95, Win98, NT, Third parties 305 1112_06F9_c2

17

© 1999, Cisco Systems, Inc.

PPP over Ethernet Hosts Run PPPoE Client SW

Runs RFC 1483 Bridge Mode

Tunneling Tunneling LAC

ATM PVC DSLAM

Host 1 DSL CPE

Key Benefits VI VI

Host 2

DSL

Corporate

PPP Tunneling Routing, etc.

VI VI

•• Leverages Leverages existing existing Ethernet Ethernet based based infrastructure infrastructure ISP

PPP over Ethernet

•• Preservation Preservation of of Dial Dial Model— Model— PPP PPP session-based session-based communication communication

•• Allows Allows multiple multiple PPP PPP sessions sessions to to be be initiated initiated within within home home LAN LAN •• Enables Enables destination destination selection selection

• Informational RFC

•• DSL DSL Modem Modem Independent Independent (must (must run run RFC RFC 1483 1483 Bridging) Bridging)

• Primarily used in xDSL environments 305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

18

9


VPN Security Security Security

• IPSec • MPPE

305 1112_06F9_c2

19

© 1999, Cisco Systems, Inc.

IPSec Transport Mode Security Security

IP Network IPSec Transport Mode

Router LEFT

Router RIGHT

IP HDR

IP HDR

Data

IPSec HDR

Data May Be Encrypted

305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

20

10


IPSec Tunnel Mode Security Security

SP 1 IPSec Tunnel Mode

SP 2

Router LEFT

Router RIGHT

IP HDR

New IP HDR IPSec HDR

Data

IP HDR

Data

May Be Encrypted 305 1112_06F9_c2

21

© 1999, Cisco Systems, Inc.

IPSec VPN Client Operation Remote User w/IPSec Client

Public Network

Home Gateway Router

Home Network

Security Security

Secure Secure Tunnel Tunnel Established Established

Certificate Authority/ AAA

Dial Access to Corporate Network Exchange X.509 or One-Time Password

Authentication Approved

IKE Negotiation

Encrypted Data flows

305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

22

11


Microsoft Point-to-Point Encryption Security Security

PPTP Tunnel

LNS

• RC4 encryption of PPP packets • Used almost exclusively with PPTP • Informational RFC 2118 305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

23

VPNs and Quality of Service

• Optimize use of the WAN link • Guarantee bandwidth for mission critical applications • Take advantage of differentiated services offered by the ISP 305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

24

12


VPNs and Quality of Service

PBX

Tunnel

AAA CA

Conforming Traffic • Classification

• Policing

CAR CAR

CAR CAR

• Congestion • Avoidance WRED WRED

• Tunnel Layer Layer 2TP 2TP IPSec, IPSec, GRE GRE Voice Premium IP Best Effort

305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

25

Management and Provisioning

• Generic configuration • AAA • Policy management • Certificate authorities 305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

26

13


Architectures

So, How Does It All Go Together ? 305 1112_06F9_c2

27

© 1999, Cisco Systems, Inc.

VPN Architectures

Cisco IOS®

305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

28

14


VPN Architectures and Applications Type

Application

Access

VPN

Remote Connectivity

Intranet VPN

Internal Corporate Connectivity

Extranet VPN 305 1112_06F9_c2

Alternative To

Benefits

Dedicated Dial

Ubiquitous Access Lower Cost

Business-to Business

External Connectivity

ISDN

Leased Lines

Extend Connectivity Lower Cost

Fax, Mail, EDI

Facilitates E-Commerce

29

© 1999, Cisco Systems, Inc.

Access VPNs

Compulsory or Voluntary Tunneling Solutions

Potential Operations and Infrastructure Cost Savings

Enterprise AAA CA

DMZ

Ubiquitous Access • Modem, ISDN • Xdsl, Cable

305 1112_06F9_c2

Service Provider A Web Servers DNS Server STMP Mail Relay

Small Office © 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

Mobile User or Corporate Telecommuter 30

15


The Intranet VPN

Extends the Corporate IP Network across a Shared WAN

Enterprise AAA CA

DMZ

Remote Office Service Provider A

Regional Office 305 1112_06F9_c2

Potential Operations and Infrastructure Cost Savings

Web Servers DNS Server STMP Mail Relay

31

© 1999, Cisco Systems, Inc.

The Extranet VPN

Supplier

Enterprise

Business Partner Service Provider B

DMZ

AAA CA

Service Provider A

Extends Connectivity To Business Partners, Suppliers and Customers

305 1112_06F9_c2

Web Servers DNS Server STMP Mail Relay

Security Policy Very Important

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

32

16


The Complete VPN

Supplier

Enterprise

Business Partner Service Provider B Remote Office

AAA CA

DMZ

Service Provider A

Web Servers DNS Server STMP Mail Relay Regional Office 305 1112_06F9_c2

Small Office

Mobile User Or Corporate Telecommuter 33

© 1999, Cisco Systems, Inc.

Deployment Alternatives Service Provider Focused

Collaborative

Enterprise Focused

Service Provider

Service Provider

Service Provider

Supplies Majority of VPN Solution Equipment Service Training Help Desk

Supplies Hardware Qos to Bandwidth Offering

Supplies Basic Network Access

Enterprise

Enterprise

Enterprise

Manages Security Services

Application and Configuration Management Help Desk Support

Supplies VPN Equipment Manages Network

305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

34

17


Next Generation VPNs

• Multiservice VPNs • MPLS VPNs “Next generation networks must allow the corporation to thrive on change…” The Burton Group

305 1112_06F9_c2

35

© 1999, Cisco Systems, Inc.

Multiservice VPNs Tokyo

London

Internet

Live Audio/Video Feed

Australia Stored Video 305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

Brazil 36

18


Multiservice VPNs PBX

Remote Office Enterprise AAA CA

DMZ

Service Provider A Web Servers DNS Server STMP Mail Relay

Regional Office 305 1112_06F9_c2

Remote Office

Mobile User Or Corporate Telecommuter 37

© 1999, Cisco Systems, Inc.

MPLS VPNs Corp A Site 3

VPN Membership Based on Interface And Unique RD Corp A Site 1

Corp A Site 2

Mpls Network Corporate Corporate A A MPLS MPLS VPN VPN

Corp B Site 2

Corporate Corporate B B MPLS MPLS VPN VPN

Corp B Site 3 Corp B Site 1

Traffic Separation By Interface 305 1112_06F9_c2

Scalable IETF Standards Based

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

38

19


Summary

QoS

Security Mgmt.

Platforms

Services

Core

Scalability Standards Based Future Flexibility

305 1112_06F9_c2

39

© 1999, Cisco Systems, Inc.

Other Useful Information

Location Cisco VPN Solutions

http://www.cisco.com/warp/public/779/largeent/learn/technologies/vpn/

L2TP

http://search.ietf.org/internet-drafts/draft-ietf-pppext-l2tp-15.txt

IPSec

http://www.cisco.com/warp/public/cc/cisco/mkt/security/encryp/tech/ipsec_wp.htm

PPTP

http://search.ietf.org/internet-drafts/draft-ietf-pppext-pptp-10.txt

MPPE

http://search.ietf.org/internet-drafts/draft-ietf-pppext-mppe-03.txt

305 1112_06F9_c2

http://www.cisco.com/warp/public/779/servpro/solutions/vpn/

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

40

20


Q&A

305305 1112_06F9_c2 Cisco Systems, Inc. Inc. 1112_06F9_c2 © 1999, © 1999, Cisco Systems,

41

Thank You

305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

42

21


Please Complete Your Evaluation Form Session 305

305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

43

305 1112_06F9_c2

© 1999, Cisco Systems, Inc.

44

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

22


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.