VPN, MPLS and overlay networks

Pintu R Shah

In this unit..
VPN technology, NAT address translation Translation table NAT and ISP MPLS operation, routing in MPLS domains Introduction to overlay networks Peer to Peer connection.
Pintu R Shah MPSTME SVKM's NMIMS 2

Virtual Private Networks and Network Address Translation

Pintu R Shah MPSTME SVKM's NMIMS

PRIVATE NETWORKS
A private network is designed to be used only inside an organization. It organization. allows access to shared resources and, at the same time, provides privacy. privacy.

Pintu R Shah MPSTME SVKM's NMIMS

Addresses for private networks

Pintu R Shah MPSTME SVKM's NMIMS

VIRTUAL PRIVATE NETWORKS(VPN)

Virtual private network (VPN) is a technology for large organizations that use the global Internet for both intra- and interorganization intracommunication, but require privacy in their intraorganization communication. communication. Types of VPN 1. Remote access VPN 2. Site to Site VPN Intranet VPN Extranet VPN

Pintu R Shah MPSTME SVKM's NMIMS

Private network

Pintu R Shah MPSTME SVKM's NMIMS

Hybrid network

Pintu R Shah MPSTME SVKM's NMIMS

Virtual private network

Pintu R Shah MPSTME SVKM's NMIMS

Benefits
Extended geographical communication Reduced operation cost Better network management Improved productivity

Pintu R Shah MPSTME SVKM's NMIMS

10

IPSec

Pintu R Shah MPSTME SVKM's NMIMS

11

Transport mode

Pintu R Shah MPSTME SVKM's NMIMS

12

Tunnel mode

Pintu R Shah MPSTME SVKM's NMIMS

13

Tunneling

Pintu R Shah MPSTME SVKM's NMIMS

14

Addressing in a VPN

Pintu R Shah MPSTME SVKM's NMIMS

15

NETWORK ADDRESS TRANSLATION (NAT)

Network address translation (NAT) allows a site to use a set of private addresses for internal communication and a set of global Internet addresses for communication with another site. The site must have only site. one single connection to the global Internet through a router that runs NAT software. software.

Pintu R Shah MPSTME SVKM's NMIMS

16

NAT

Pintu R Shah MPSTME SVKM's NMIMS

17

Address translation

Pintu R Shah MPSTME SVKM's NMIMS

18

Translation

Pintu R Shah MPSTME SVKM's NMIMS

19

FiveFive-column translation table

Pintu R Shah MPSTME SVKM's NMIMS

20

An ISP and NAT

Pintu R Shah MPSTME SVKM's NMIMS

21

Multiprotocol Label Switching (MPLS)

Pintu R Shah MPSTME SVKM's NMIMS

22

Introduction to MPLS
The idea behind MPLS was to emulate some property of circuit-switching network over a packet network, and to strike a happy middleground between extreme connectionoriented switching and pure connectionless routing service. Correlated packets require similar processing. MPLS follows the same idea and comes up with new techniques to make a pseudo (and shortterm) connection in a path (or subpath) for a sequence of correlated IP packets.
Pintu R Shah MPSTME SVKM's NMIMS 23

Conventional routing versus MPLS forwarding mode

Conventional routing mode MPLS forwarding model
In an MPLS environment, optimum paths through the network are identified in advance. Then, as data packets enter the MPLS network, ingress devices use information in the layer-3 header to assign the packets to one of the predetermined paths and assign some label referencing the end-to-end path into the packet. Subsequent routers along the path use the information in the label to determine the next hop device. Because these devices only manipulate information in the label, processor-intensive analysis and classification of the layer-3 header occurs only at the ingress point.

Pintu R Shah MPSTME SVKM's NMIMS

24

Benefits
Traffic engineering
Traffic engineering is the process of selecting network paths so that the resulting traffic patterns achieve a balanced utilization of resources.

Quality of service routing

QoS routing is the ability to choose a route for a particular data stream so that the path provides a desired level of service. These levels of service can specify acceptable levels of bandwidth, delay, or packet loss in the network.

Multiprotocol support
Pintu R Shah MPSTME SVKM's NMIMS 25

Terminology
Forwarding equivalency class (FEC) An FEC is a group of layer-3 packets that are forwarded in the same manner. All packets in this group follow the same network path and have the same prioritization. Label and labeled packet A label identifies a unique FEC. MPLS devices forward all identically labeled packets in the same way. A label is locally significant between a pair of MPLS devices. It represents an agreement between the two devices describing the mapping between a label and an FEC.

Pintu R Shah MPSTME SVKM's NMIMS

26

MPLS header format

Pintu R Shah MPSTME SVKM's NMIMS

27

Label stack router (LSR)

A label stack router is an MPLS node that is also capable of forwarding native layer-3 packets. There are two important types of LSRs in an MPLS network: An ingress node connects the MPLS network with a node that does not execute MPLS functionality. The ingress node handles traffic as it enters the MPLS network. An egress node connects the MPLS network with a node that does not execute MPLS functionality. The egress node handles traffic as it leaves the MPLS network.
Pintu R Shah MPSTME SVKM's NMIMS 28

Next hop label forwarding entry (NHLFE)

An NHLFE is used by an MPLS node to forward packets. There is at least one NHLFE for each FEC flowing through the node. Each node is responsible for maintaining an NHLFE information base containing the following information: The packets next hop address The operation performed on the label stack: Replace the label at the top of the stack with a specified new label. This is known as popping the old label and pushing a new label. The data link encapsulation used to transmit the packet (optional) The label stack encoding used to transmit the packet (optional) Any other information needed in order to properly process the packet

Pintu R Shah MPSTME SVKM's NMIMS

29

 Incoming label map (ILM)

The ILM is used by an MPLS node to forward labeled packets. The label in an incoming packet is used as a reference to the ILM. The ILM information allows the node to select a set of NHLFEs containing forwarding instructions. The ILM can map a label to a group of NHLFEs. This provides the ability to load balance over multiple equal-cost paths.

FEC-to-NHLFE map (FTN)

The FTN is used by an MPLS node to process packets that arrive unlabeled, but need to be labeled before forwarding. An unlabeled data packet is assigned a specific FEC at the ingress MPLS node. This FEC is used as a reference to the FTN. The FTN map allows the node to select a set of NHLFEs containing forwarding instructions. This activity is performed at the ingress node of the MPLS network. The FTN can map a label to a group of NHLFEs. This provides the ability to load balance over multiple equal cost paths.

Pintu R Shah MPSTME SVKM's NMIMS

30

 Label swapping
Label swapping is the process used by an MPLS node to forward a data packet to the next hop device. This process is used regardless of whether the packet arrives labeled or unlabeled.

Label switched path (LSP)

An LSP represents a set of MPLS nodes traversed by packets belonging to a specific FEC. The set is an ordered, unidirectional list. Traffic flows from the node at the head-end of the list toward the node at the tail-end of the list.
Pintu R Shah MPSTME SVKM's NMIMS 31

MPLS network processing

The primary goal of MPLS is the integration of label swapping paradigms with traditional network layer routing. This integration bring efficiencies in data forwarding as well as positioning the network for advanced QoS functions. Label swapping
Forwarding a labeled packet
An MPLS node examines the label at the top of the stack of an incoming packet. It uses the ILM to map the label to an NHLFE. The NHLFE indicates where to forward the packet and the operation to perform on the label stack. Using this information, the node encodes a new label stack and forwards the resulting packet.

Forwarding an unlabeled packet

An MPLS node examines the network layer header and any other pertinent information required to determine an FEC. The node uses the FTN to map the FEC to an NHLFE. Processing is now identical to a labeled packet.

Pintu R Shah MPSTME SVKM's NMIMS

32

Label swapping in an MPLS environment

Pintu R Shah MPSTME SVKM's NMIMS

33

Label switched path (LSP)

An LSP represents a set of MPLS nodes traversed by packets belonging to a specific FEC. The set is an ordered, unidirectional list. Traffic flows from the node at the head-end of the list toward the node at the tail-end of the list.

Pintu R Shah MPSTME SVKM's NMIMS

34

Label stack and label hierarchies

Pintu R Shah MPSTME SVKM's NMIMS

35

Label distribution protocols

A label distribution protocol is a set of procedures that allows one MPLS node to distribute labels to other peer nodes. This specification is used by an LSR to notify another LSR of an assigned label and its associated meaning. This exchange establishes a common agreement between peers.

Pintu R Shah MPSTME SVKM's NMIMS

36

Overlay Networks

37

Pintu R Shah MPSTME SVKM's NMIMS

Overlay Networks
Focus at the application level

38

Pintu R Shah MPSTME SVKM's NMIMS

Overlay Networks
A logical network built on top of a physical network
Overlay links are tunnels through the underlying network

Many logical networks may coexist at once

Over the same underlying network And providing its own particular service

Nodes are often end hosts

Acting as intermediate nodes that forward traffic Providing a service, such as access to files

Who controls the nodes providing service?

The party providing the service (e.g., Akamai) Distributed collection of end users (e.g., peer-to-peer)
39 Pintu R Shah MPSTME SVKM's NMIMS

Advantages
Overlay networks allow both networking developers and application users to easily design and implement their own communication environment and protocols on top of the Internet, such as data routing and file sharing management. Data routing in overlay networks can be very flexible, quickly detecting and avoiding network congestions by adaptively selecting paths based on different metrics, such as probed latency. Highly scalability and robust. Typical overlay networks include multicast overlays, peerto-peer overlays (e.g. Gnutella and Kazaa), parallel file downloading overlays (e.g. BitTorrent and eDonkey), routing overlays (e.g. skype for VoIP).
Pintu R Shah MPSTME SVKM's NMIMS 40

Peer-to-Peer Networks: KaAzA

Smart query flooding KaZaA history
2001: created by Dutch company (Kazaa BV) Single network called FastTrack used by other clients as well Eventually the protocol changed so other clients could no longer talk to it Join: on start, the client contacts a super-node (and may later become one) Publish: client sends list of files to its super-node Search: send query to supernode, and the super-nodes flood queries among themselves Fetch: get file directly from peer(s); can fetch from multiple peers at once

41

Pintu R Shah MPSTME SVKM's NMIMS

KaZaA: Exploiting Heterogeneity Each peer is either a group leader or assigned to a group leader
TCP connection between peer and its group leader TCP connections between some pairs of group leaders

Group leader tracks the content in all its children

ordinary peer group-leader peer neighoring relationships in overlay network

42

KaZaA: Motivation for Super-Nodes

Query consolidation
Many connected nodes may have only a few files Propagating query to a sub-node may take more time than for the super-node to answer itself

Stability
Super-node selection favors nodes with high uptime How long youve been on is a good predictor of how long youll be around in the future
43 Pintu R Shah MPSTME SVKM's NMIMS