Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
INB 35605
ADVANCED ROUTING
GROUP LO1
(JANUARY 2019)
GROUP ASSIGNMENT
NAME STUDENT ID
NURUL LYANA BINTI MOHAMED SAZALI 52211116082
AINUL SYAHIRA BINTI MD NOOR 52211116077
PREPARED FOR:
MADAM SHAHIDATUL ARFAH BINTI BAHARUDIN
MPLS-BASED VPN
MPLS VPN allows for the creation of virtual private networks using MPLS. There are
three types of MPLS VPNs that are in use:
1. Point-to-Point (Pseudowire):
Encapsulating TDM T1 circuits attached to Remote Terminal Units.
Forwarding non-routed DNP3 traffic across the backbone network to the
SCADA master controller.
DISADVANTAGES
The drawback of using MPLS network:
1. The carrier has to play a role in configuration of the overall network:
If using static routing on network, provider will be responsible for the routing
of data within their MPLS cloud.
While using dynamic routing will work in most cases, the user and provider
will have to work together in routing MPLS traffic.
2. Security:
Does not offer any inherent data protection, and improper implementation
can open up the network to vulnerabilities.
User should work with provider to ensure that all devices and interfaces are
sufficiently hardened to ensure the network is secured and vulnerabilities are
minimized.
Tunneling VPNs
GRE
Tunneling protocol developed by Cisco that enables encapsulation of arbitrary Layer
3 protocols inside a point-to-point, tunnel-over-IP network.
Traffic that is transported over the GRE tunnel is not encrypted
GRE traffic is usually encapsulated within IPsec.
Multipoint GRE
IPsec
Features
IPsec, also known as the Internet Protocol Security that defines the architecture for
security services for IP network traffic.
Also included in IPsec are protocols that define the cryptographic algorithms used to
encrypt, decrypt and authenticate packets, as well as the protocols needed for secure
key exchange and key management.
It also defined two mechanisms for imposing security on IP packets, the Encapsulating
Security Payload (ESP) protocol, which defined a method for encrypting data in IP
packets, and the Authentication Header (AH) protocol, which defined a method for
digitally signing IP packets. The Internet Key Exchange (IKE) protocol is used to
manage the cryptographic keys used by hosts for IPsec.
Advantages
IPsec can be used to protect network data, for example, by setting up circuits using
IPsec tunneling, in which all data being sent between two endpoints is encrypted, as
with a Virtual Private Network (VPN) connection.
It also for encrypting application layer data and for providing security for routers
sending routing data across the public internet.
IPsec can also be used to provide authentication without encryption, for example to
authenticate that data originates from a known sender.
It can be applied in networks of all sizes including LAN’s to global network.
Disadvantages
When transmitting small packets, the encryption process of IPSec generates a large
overhead. This diminishes the performance of the network.
Because IPSec has a great number of features and options, it is very complex.
Complexity will increase the probability of the presence of a weakness or hole. For
example, IPSec is a weak against replay attacks.
The implementation of IPSec defeats the purpose of a firewall. This is because firewalls
are based on preconfigured rules, which IPSec encrypts.
Advantages
DMVPN supports star, full mesh, or a partial mesh topology.
It can distribute multicast traffic by taking advantage of protocols such as PIM, IGMP
and MSDP.
Allows monitoring and logging. All topology changes, connections and disconnections
are logged and can be monitored.
All primary and secondary/backup DMVPN tunnels are pre-established, such that a
new tunnel does not have to be established in the event of a failure scenario.
Disadvantages
No support for non-IP protocols.
IGP routing peers tend to limit the design scalability.
No interoperability with non-Cisco IOS routers.
Not possible to implement a QoS service policy per VPN tunnel.