VPN 2000. 2. 23 yihan@kt.co.kr kr
VPN 2
(1) (Private WAN) ( Virtual Private Networks ) Headquarters Public Network VPN Telecommuter Branch Office Mobile Worker 3
4 VPN VPN ( ) / Outsourcing Outsourcing (2) (2)
VPN ( ISP ISP ) (3) EC Hosting, Interactive Training, Personalized Service etc. 5
(4) 2000 50 50 VPN by Infonetics Research( 98) VPN H/W Market Revenue : $37M(1Q99), 156M(4Q99) by Infonetics Research( 99.5) ISP 37%( 37%( 99), 73%( 00) 00) VPN by Research( 99.5) 2002 90% VPDN by Group( 98.3) by Infonetics by Gartner Fortune 1000 55% 55% VPN by Forrester Research( 99) 2002 US Market $4.7B by IDC( by IDC( 99) 6
(5) IETF : A A Framework for IP Based Virtual Private Network VLL( Virtual Leased Line ) : IP VPN VPRN( Virtual Private Routed Networks) : ISP IP VPDN( Virtual Private Dial Networks ) : VPLS( Virtual Private LAN Segment ) : IP LAN segment emulation 7
ISP (1) 6~7 ISP VPN KT,, LG, SK, Samsung, Hyundae ISP VPN Remote Access VPN 8
(2) KORNET Dial Up VPN ADSL VPN MPLS VPN Virtual Circuits VPN MPLS VPN Frame Relay IP ( NCS ) 9
(3) VPN ( VPNet s VSU ) ) Remote LAN-to to-lan VPN VPN ( INET ) Remote VPN - 1 Remote S/W 10
(4) 01421 Remote VPN( VPDN ) L2TP/L2F ( 44 ) CISCO, LG-IBM,, 11
ISP (5) ISP IP Managed IP VPN AT&T MCI GTE ISP Remote LAN LAN-to-LAN VPN 12
AT&T (6) IP VPN (WorldNet) Bay Network Instant Internet Access Server Remote Access VPN Novell NDS Checkpoint Firewall-1 LAN-to to-lan NAT Packet VPN Firewall SLA 13
MCI (7) Checkpoint Firewall-1 Remote Access LAN LAN-to-LAN VPN Dial-up VPN S/W Firewall-1 SecuRemote One-time password VPN Firewall, Web 14
GTE (8) Site Patrol( ) Remote Access LAN LAN-to-LAN VPN Network Associates Gauntlet Firewall Checkpoint Firewall-1 V-One s SmartGate Dial-up VPN GTE 15
VPN VPN Remote Access VPN LAN-to to-lan VPN( site-to to-site VPN ) VPN Leased Line : Layer 1 Virtual Circuits : Layer 2 IP Network : Layer 3 MPLS : Layer 2 + Layer 3 16
Remote Access VPN VPN (2) Mobile Worker PSTN, ISDN, ADSL Client Initiated VPN NAS Initiated VPN (? ) SLA (? ) 17
Client Initiated VPN (1) Remote Access VPN (cont.) VPN (3) PC VPN S/W ( Home Gateway )) IP Public IP : Internet Private IP : Network : VPN & Internet : S/W Upgrade etc. Tunneling IPSec PPTP, L2TP(?) 18
Client Initiated VPN (2) Remote Access VPN (cont.) VPN (4) 1. User Identification Mobile Users Telecommuters Small Remote Offices POP Proxy Server Corporate Intranet 3. End-to-End Tunnel Established Public Network Home Gateway Security Server 2. User Authentication 19
NAS Initiated VPN (1) Remote Access VPN (cont.) VPN (5) ISP NAS( Network Access Server )) Home Gateway PC NAS VPN IP Internet., Tunneling L2TP, L2F Cisco, Lucent, 3Com 20
NAS Initiated VPN (2) Remote Access VPN (cont.) VPN (6) Mobile Users Telecommuters Small Remote Offices 1. User Identification POP 2. Tunnel to Home Gateway Corporate Intranet Public Network 5. End-to-End Connection Established Home Gateway Security Server 4. PPP Negotiation with User 3. User Authentication 21
LAN-to to-lan VPN VPN (7) IP VPN CPE based VPN site VPN Core based VPN (? ) MPLS Virtual Circuits VPN (? ) 22
CPE based VPN (1) LAN-to-LAN VPN (cont.) VPN (8) VPN S/W : Microsoft, Novell, Check Point, etc. H/W : VPNet,, Lucent, Xedia,, Cisco, etc. CPE VPN / ISP VPN Managed Network, Managed Firewall, Managed VPN Tunneling IPSec 23
CPE based VPN (2) LAN-to-LAN VPN (cont.) VPN (9) VPN Branch Office Headquarters VPN Branch Office 24
Core based VPN (1) LAN-to-LAN VPN (cont.) VPN (10) ISP (Router) Router) VPN Vendors : Cisco, Lucent, Notel,, etc. VPN Core QoS Service Management Tunneling IPSec,, MPLS 25
Core based VPN(IPSec IPSec) (2) LAN-to-LAN VPN (cont.) VPN (11) Branch Office Headquarters Branch Office VPN 26
Core based VPN(MPLS) (3) LAN-to-LAN VPN (cont.) VPN (12) MPLS : Multi-Protocol Label Switching Cisco Tag Switching IETF ( ATM, POS ) Label Packet Forwarding Load Traffic Engineering QoS VPN 27
Core based VPN(MPLS) (4) LAN-to-LAN VPN (cont.) VPN (13) IGP (e.g., OSPF)/LDP ebgp/static ibgp PE CE ISP Network uses an IGP like OSPF to exchange local information CEs (customer edge) and PEs (provider edge) exchange routing information (IP) via ebgp PEs exchange VPN routing information and tag bindings (VPN-IP) via ibgp LDP is used to bind labels to routes in the core LAN 28
Virtual Circuits VPN LAN-to-LAN VPN (cont.) VPN (14) Public Network ATM, F/R Virtual Circuits QoS Remote Access VPN(? ) 29
( Security ) QoS( ( Quality of Service ) ( Scalability ) ( Reliability ) / ( Management ) 30
Security (2) Logging PAP/CHAP, RADIUS, TACACS+, Token Key Packet : Diffie-Hellman, RSA : RC-4, DES, 3-DES 31
Tunneling Security (cont.) (3) (?) IP Packet IP Packet Layer 3 : IPSec Public IP IPSec/GRE Private IP Layer 2 : PPTP, L2F, L2TP Public IP L2TP/PPTP PPP Private (IP,IPX) 32
NAT & Filtering Security (cont.) (4) NAT IP Internet Filtering IP Packet ( IP Header ),, ID, Private(?) IP Network 33
QoS & Scalability (5) QoS Differentiated Service Queuing RSVP MPLS? Scalability Full Mesh or Hub&Spoke MPLS vs.. Other 34
Reliability (6) Business Average Cost per Hour Brokerage operations $6.45 million Credit card authorization $2.6 million Pay-per-view TV $150,000 Home shopping TV $113,000 Catalog sales $90,000 Airline reservations $89,500 Tele-ticket sales $69,000 Package shipping $28,000 ATM fees $14,000 MIS Back in one hour 35
Management (7) Planning Provisioning Operation Billing Business Management Layer Service Management Layer Network Management Layer Element Management Layer Element Layer FCAPS: Fault Configuration Accounting Performance Security 36
Comparison for Remote Access VPN (8) Security QoS Client = NAS Client < NAS Scalability Reliability Client > NAS Client = NAS Management Client < NAS 37
Comparison for LAN-to to-lan VPN (9) Security QoS CPE = MPLS = Virtual Circuits CPE < MPLS < Virtual Circuits Scalability Reliability CPE > MPLS = Virtual Circuits MPLS > CPE = Virtual Circuits ( with Network topology ) CPE? MPLS? Virtual Circuits Management CPE < MPLS = Virtual Circuits 38
WAN (1) (1) PSTN Long call Mobile Workers Headquarters F/R, X.25 Leased Line Branch Office( ) Internet Branch Office( ) 39
WAN (2) (2) Leased Line, F/R Intranet / 40
(3) / / VPN SLA,, Legacy SNA, DECNet, Extranet ( Personalized Network ) 41
ISP (4) 90% Network Manager buys products from VPN vendors and manages network ISP supplies basic Internet access Increasing Enterprise Network Role 50% Network Manager provides ongoing application and configuration management and Help Desk support ISP supplies VPN equipment and adds QoS to bandwidth offering 10% Net Manager administers security server ISP supplies complete VPN solution, including service, training, and Help Desk 10% Infonetics, 1997 50% Increasing Internet Service Provider Role 90% 42
VPN (1) (5) Headquarters ATM(?), F/R, X.25 Leased Line Branch Office( ) Internet Local call Branch Office( ) CPE based VPN Client/NAS initiated VPN Mobile Workers 43
VPN (2) (6) Headquarters Virtual Circuits VPN Managed Network ATM, F/R Branch Office( ) Internet Local call Branch Office( ) CPE based VPN Client/NAS initiated VPN Mobile Workers 44
VPN (3) (7) Headquarters Internet Branch Office( ) CPE/Core based VPN Client/NAS initiated VPN Local call Branch Office( ) Mobile Workers 45
VPN on ADSL (8) Remote Access : NAS( or Client ) Initiated VPN on Internet Telecommuters UADSL Internet ( KORNET ) Headquarters Branch Office ADSL DSLAM ATM LAN-to-LAN : CPE/Core based VPN on Internet Virtual Circuits VPN 46
VPN.. VPN EC hosting VoIP??? Intranet ISP 47
Q & A yihan@kt.co..co.kr 48