Remote Access to Internet - PowerPoint PPT Presentation

1 / 39
About This Presentation
Title:

Remote Access to Internet

Description:

TV/Video. Video Services. Serial Communications, CEENet Workshop '00, Budapest, August '00 ... propagating dial-up host and dial-up LAN routes into the backbone ... – PowerPoint PPT presentation

Number of Views:23
Avg rating:3.0/5.0
Slides: 40
Provided by: cee3
Category:

less

Transcript and Presenter's Notes

Title: Remote Access to Internet


1
Remote Access to Internet
  • Ksenija Furman Jug
  • ARNES
  • ksenija.furman_at_arnes.si

2
How?
  • Leased line
  • xDSL Services (ADSL, SDSL, HDSL, )
  • Cable Modems
  • Wireless services
  • Dial-Up

3
Permanent
Circuit Switched
Wireless
Asymmetrical
Symmetrical
Always On On Demand
CPDP WAP Mobile Data
Slow 300kbs
V.34
V.90/92
56kbs
Switched 56
ISDN
ADSL/ PPPoE
ADSL
T1 E1
Cable
Cable/ PPPoE
Point-to-Point/ Multipoint
Fast (5mbs)
SDSL/HDSL
xDSL
4
Permanent Services
  • Fixed cost
  • May be bandwidth limitations
  • Full time connectivity
  • convenient for Internet servers
  • Leading Edge technologies may not be widely
    available

5
Leased line
Providers router
LAN
Synchronous modem
Leased line
Synchronous modem
Router
6
Cable Modem
Providers router
LAN
Cable modem Bank
TV Cable Plant
Video Services
Router
Cable modem
TV/Video
7
xDSL
Providers router
LAN
Copper Phone Lines
xDSL Termination
Router
Splitter
xDSL Interface
POTS Services
8
Permanent
Circuit Switched
Wireless
Asymmetrical
Symmetrical
Always On On Demand
CPDP WAP Mobile Data
Slow 300kbs
V.34
V.90/92
56kbs
Switched 56
ISDN
ADSL/ PPPoE
ADSL
T1 E1
Cable
Cable/ PPPoE
Point-to-Point/ Multipoint
Fast (5mbs)
SDSL/HDSL
xDSL
9
Dial-up host
Providers Access Server
Asynchronous modem Pool
Users PC
POTS
Asynchronous modem
10
Dial-up LAN
Providers Access Sever
LAN
Asynchronous modem Pool
POTS
Asynchronous modem
Router
11
Dial-up
  • Technology type
  • POTS - Plain Old Telephone System
  • ISDN - Integrated Services Digital Network
  • Type of services
  • host
  • LAN

12
Providers needs
  • Telecom infrastructure
  • Modems/ISDN equipment
  • Network protocols (IP)
  • IP Addressing scheme
  • Routing protocols
  • User database

13
Providers needs (cont.)
  • Security mechanisms
  • Management

14
Telecom Infrastructure
  • Number of telephone lines (POTS/ISDN)
  • Number of users per line (Ratio 101 or ?)
  • Geographical distribution

15
Modem/ISDN Equipment (Access Server)
  • ISDN Access server with digital modems
  • or
  • Access server with analog modems

16
IP addressing scheme - Dial-up host
  • Dynamic address allocation
  • saves address space
  • users can not be reachable at same IP address
  • NAS or centralized administration
  • IP address dedicated per user
  • impossible with large number of users
  • useful for some services

17
IP addressing scheme - Dial-up LAN
  • Addresses on LAN side
  • registered IP addresses
  • IP masquerading - using private address space
  • PAT (Port Address Translation - special case of
    Network Address Translation (NAT))
  • not recommended for applications that are
    carrying source/destination IP address in the
    data field

18
Routing Protocols
  • needed for
  • forwarding packets from NAS towards dial-up LANs
  • static routes linked to LAN profiles
  • dynamic routing not recommended

19
Routing protocols (cont.)
  • propagating dial-up host and dial-up LAN routes
    into the backbone
  • dynamic classless routing protocol
  • quick convergence
  • beware propagation of host routes - use route
    agregation
  • OSPF, IGRP,..

20
Static routing
Network 193.225.219.0
193.225.220.6
Users router
Providers Access Server
Static route for 193.225.219.0
Default route pointing to the asynchronous
interface
to address 193.225.220.6
21
Dynamic routing
Network 193.225.219.0
Users router
Providers Access Server
Enable routing protocol on both interfaces
22
Port Address Translation
Network private address space
WAN IP address assigned by Access Server
statically or dynamically
Users router using PAT
Providers Access Server
No IP routing - remote LAN equals to individual
dial-up host
23
Routing scheme for LAN
  • Static routing
  • dedicated address on PPP side to which a static
    route is pointing
  • Dynamic routing
  • filter routing information to disable
    advertisement of invalid routes
  • No routing
  • for PAT

24
User database
  • on NAS
  • on a special secured host
  • database format (txt, DBMS, LDAP,..)

25
Security mechanisms
  • DIAL-UP - a big security threatanybody and
    everybody can dial-in
  • Should be always able to identify the username
    and/or phone number of an intruder
  • Authentication

26
Security Mechanisms (cont.)
  • Authorization
  • Accounting/Logging
  • Antispoofing
  • Time synchronization
  • Traffic filtering

27
Authentication
  • Based on something
  • you are (fingerprints, retina scans, DNA,..)
  • you have (Token Cards)
  • you know (passwords,..)
  • Each user having a good password
  • Users forced to change password
  • Policy choice Safe vs. Popular

28
Authentication (cont.)
  • One time passwords
  • Token Cards, OTP Schemes
  • PPP authentication (PAP vs. CHAP)
  • Caller Line Identification (ISDN)

29
Authorization
  • Who is allowed to do what
  • Time-of-Day
  • Requested service (Analog, 1 channel ISDN,
    multilink, PPP, SLIP, etc.)
  • Access Point
  • Etc., etc.

30
User Accounting
  • In case of dynamic addressing helps to trace
    intruders
  • For charging/usage accounting
  • Commercial, non-profit and public service
  • Storage of data
  • Interface to billing/security system

31
RADIUS (TACACS?)
  • TACACS
  • Proprietary
  • Based on TCP
  • Encrypts all data
  • Separated AAA
  • More complex
  • Open for future extensions, but?
  • RADIUS
  • IETF Standard
  • Multi-Vendor Support
  • Based on UDP
  • Encrypts only challenge responses
  • Many implementations including commercial servers
  • Billing interfaces

32
Antispoofing
  • NEVER let a user sent packets with source IP not
    equal to his (dynamically assigned or registered)

33
Time Synchronization
  • Network Time Protocol (NTP)
  • easier troubleshooting
  • easier intruder tracing

34
Traffic filtering
  • Prevents sending unwanted traffic (DOS attacks,
    ..)

35
New Technologies
  • Virtual Private Dialup Networks (VPDN)
  • Outsourcing dial-up ports to other organizations
  • Global Roaming
  • Outsourcing dial-up ports to other service
    providers

36
Cost control
  • Geographically distributed points of presence
  • Callback
  • Calls based on time of day
  • Special Telecom politics for academic customers

37
Scalability
  • Multichassis Multilink PPP
  • Central management of IP addresses
  • IP route summarization
  • Centralized user database

38
Users perspective
  • Dial-up host - time dependent cost
  • Dial-up not convenient for Internet servers
  • Dial-on-demand for LANs

39
Dial on Demand
  • Reducing telephone costs by
  • defining interesting packets
  • defining idle-timers
  • Be careful!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Remote Access to Internet" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!