Académique Documents
Professionnel Documents
Culture Documents
Volume 2, Issue 10, October - 2015. ISSN 2348 4853, Impact Factor 1.317
I.
INTRODUCTION
The Internet is a worldwide, publicly accessible IP network. Due to its vast global proliferation, it has
become a viable method of interconnecting remote sites. However, the fact that it is a public
infrastructure has deterred most enterprises from adopting it as a viable remote access method for
branch and SOHO (Small Office Home Office) sites. The paper examines the security vulnerability
associated with GRE as a layer three Virtual Private Network method. GRE supports multiprotocol
tunneling. It can encapsulate multiple protocol packet types inside an IP tunnel. Adding an additional GRE
header between the payload and the tunneling IP header provides the multiprotocol functionality. IP
tunneling using GRE enables network expansion by connecting multiprotocol sub-networks across a
single-protocol backbone environment. GRE also supports IP multicast tunneling. Routing protocols that
are used across the tunnel enable dynamic exchange of routing information in the virtual network [1],
[2], [3], [4].
GRE tunnels are stateless. Each tunnel endpoint keeps no information about the state or availability of
the remote tunnel endpoint. This feature helps Internet Service Providers (ISPs) to provide IP tunnels to
81 | 2015, IJAFRC All Rights Reserved
www.ijafrc.org
www.ijafrc.org
www.ijafrc.org
www.ijafrc.org
The simulated network has two routers which establish connectivity to both clients (router 1 and router
2). Routing Information Protocol version 2 (RIP,v2) was configured on the ISPs routers. This enables the
ISP router receives network advertisement from router 1 and router 2 network.ISP1 router has two main
interfaces, interface fastethernet 0/0 and interface serial 0/1.Interface fastethernet 0/0 is directly
connected to router 1and interface serial 0/1 connected to ISP2 network. ISP 1 router was configured
with the command;
Router rip version 2
Network 200.1.1.0
Network 200.11.22.0
85 | 2015, IJAFRC All Rights Reserved
www.ijafrc.org
ISP 2 router has two main interfaces, interface fastethernet0/0 and serial 0/1.Interface fastethernet 0/0
is connects router 2 and interface serial 0/1 connects to ISP 2 network. ISP 2 router was configured with
the command;
Router rip version 2
Network 200.1.2.0
Network 200.11.22.0
Networks advertised on ISPs router are networks which are connected to interface fastethernet 0/0 to
router 1 and interface serial 0/0 to ISP2 interface. Networks advertised on ISP2 router are networks
which connected to interface fastethernet 0/0 to router 2 and interface serial 0/0 to ISP1.
A ping command was issued from router 1 to the various configured interface to verify that connectivity
across local subnets using the ping command was reachable. All ping commands sent were all successful.
Step one (1) to step three (3) are the processes used to simulate the GRE tunnel from router 1 through
the ISPs network to router 2.
IX. NETWORK INTERFACE MODES(INTERFACE OPERATION ON ROUTER ONE)
The command show ip interface brief was issued on router one (1) and the output shown in figure 4
was obtained. Fastethernet 0/0 with an IP address 200.1.1.1 connects to the ISP one (1) network which
shows that the interconnectivity between the client router and the service provider is active (up) whiles
the protocol supporting the interface is also active (up).Interface tunnel 0 configured for Generic Routing
Encapsulation (GRE) is also active (up).
www.ijafrc.org
www.ijafrc.org
www.ijafrc.org
www.ijafrc.org
FUTUREWORK
The future work will involve the analysis of data in-transit between a Service Providers routers and
its other counterpart network routers and also examine the security features required to safeguard all
data transmitted between different service providers.
XIV. REFERENCE
[1]
Farinacci, D., Traina, P., Hanks, S., & Li, T.Generic routing encapsulation (GRE) ,1994.retrieved
from http://xml2rfc.tools.ietf.org/html/rfc1701.
[2]
[3]
Glenn, R., & Kent, S. (1998). The NULL encryption algorithm and its use with IPsec, retrieved
from http://tools.ietf.org/html/rfc2410.
[4]
[5]
Harkins, D., & Carrel, D. (1998). The internet key exchange (IKE). RFC 2409, November.
,2005.ISO/IEC 17799, Information technology -- Security techniques -- Code of practice for
information security management.
Matthews, G. A., & Feinstein, B. S. The Intrusion Detection Exchange Protocol (IDXP). ,2007.
retrieved from http://tools.ietf.org/html/rfc4767.
[6]
[7]
[8]
Glenn, R., & Kent, S. (1998). The NULL encryption algorithm and its use with IPsec, retrieved
from http://tools.ietf.org/html/rfc2410.
[9]
Matthews, G. A., & Feinstein, B. S. (2007). The Intrusion Detection Exchange Protocol (IDXP).
2007,retrieved from http://tools.ietf.org/html/rfc4767
[10]
www.ijafrc.org
68,
retrieved
from
[12]
Marques, P., Guichard, J., Raszuk, R., Bonica, R., Patel, K., Fang, L., & Martini, L. . Constrained Route
Distribution for Border Gateway Protocol/MultiProtocol Label Switching (BGP/MPLS) Internet
Protocol
(IP)
Virtual
Private
Networks
(VPNs)2006,retrieved
fromhttp://xml2rfc.tools.ietf.org/html/rfc4684.
[13]
Atkinson, R., & Kent, S. (1998). IP encapsulating security payload (ESP),retrieved from
http://tools.ietf.org/html/rfc2406
[14]
Barker, K., & Morris, S. CCNA Security 640-554 Official Cert Guide: Pearson Education,2012.
[15]
Bhaiji Y-Network Security Technologies and Solutions: CCIE Professional Development (Cisco
Press, 2008)ISBN-10:1587052466.
[16]
Grossman, D., &Heinanen, J. (1999). Multiprotocol Encapsulation over ATM Adaptation Layer 5,
retrieved from http://tools.ietf.org/html/rfc2684.
AUTHORS PROFILE
Dr. Michael Asante received his Ph.D degree from the University of Reading in the United
Kingdom in 2007. He is a member of the Institute of Electrical, Electronic Engineering
(IEEE) and an executive member of Information Technology Association of Ghana (ITAG).
www.ijafrc.org
www.ijafrc.org
For indexing and directory maintenance registration, we offer 1000/- fee from Indian author and
20$ from Foreign author.
Account Name:Account Holder name: - Nandadevi Ashok Khandelwal
Account No:-50100026141932
Address: KHANDELWAL COMPLEX NEAR KHANDELWAL PETROL PUMP GAYATRI NAGAR
93 | 2015, IJAFRC All Rights Reserved
www.ijafrc.org
MICHAEL ASANTE,
ASANTE
IJAFRC-V2-I9-012
PERFORMANCE ANALYSIS ON THE SECURITY OF GENERIC ROUTING
ENCAPSULATION (GRE) OVER ISP'S NETWORK
KWAME NKRUMAH UNIV. OF SCIENCE AND TECHNOLOGY,KUMASI,GHANA
www.ijafrc.org
MICHAEL ASANTE
www.ijafrc.org
www.ijafrc.org