SlideShare a Scribd company logo

Unbreakable VPN using Vyatta/VyOS - HOW TO -

Naoto MATSUMOTO
Naoto MATSUMOTO

Unbreakable VPN using Vyatta/VyOS - HOW TO - 13 May, 2014 SAKURA Internet Research Center Senior Researcher / Naoto MATSUMOTO

Technology
1 of 18
13 May, 2014 SAKURA Internet Research Center Senior Researcher / Naoto MATSUMOTO
Basic idea for inter-cloud LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch MASTER BACKUP
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Configure Clustering group 1/2 VR-1 VR-2 VR-3 VR-4 LANLAN Private Cloud A Private Cloud B VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ vSwitchvSwitch Secondary Node Secondary Node VIP: Shared Virtual IP Address VIP VIP Primary Node Primary Node
Configure Clustering group 2/2 VR-1 VR-2 VR-3 VR-4 vSwitch LANvSwitchLAN Private Cloud A Private Cloud B VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ Corss Monitoring Cross Monitoring
Configure Dual IPSec Tunneling VR-1 VR-2 VR-3 VR-4 vSwitch LANvSwitchLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/
Logical IP Network view (MASTER) LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch VIP: Shared Virtual IP Address VIP VIP Primary Node Primary Node
Logical IP Network view (BACKUP) LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch VIP: Shared Virtual IP Address VIP VIP Monitoring failure
Unbreakable VPN using Vyatta/VyOS - Sample Configuration TIPS-
Configure Clustering group 1/3 VR-1 VR-2 LAN vSwitch Primary Node Secondary Node 10.10.10.100/24 VIP Sample Configuration for VR-1 and VR-2 $ configure # set system host-name VR-1 (or VR-2) # set cluster dead-interval 1000 # set cluster group CLUSTER auto-failback true # set cluster interface eth0 # set cluster interface eth1 # set cluster keepalive-interval 200 # set cluster pre-shared-secret SeCrEt # set cluster group CLUSTER primary VR-1 # set cluster group CLUSTER secondary VR-2 # set cluster group CLUSTER service 10.10.10.100/24/eth1 # set cluster mcast-group 239.10.10.100
Configure Clustering group 2/3 Sample Configuration for VR-3 and VR-4 $ configure # set system host-name VR-3 (or VR-4) # set cluster dead-interval 1000 # set cluster group CLUSTER auto-failback true # set cluster interface eth0 # set cluster interface eth1 # set cluster keepalive-interval 200 # set cluster pre-shared-secret SeCrEt # set cluster group CLUSTER primary VR-3 # set cluster group CLUSTER secondary VR-4 # set cluster group CLUSTER service 10.20.20.100/24/eth1 # set cluster mcast-group 239.20.20.100 VR-3 VR-4 LANvSwitchSecondary Node VIP 10.20.20.100/24 Primary Node
Configure Clustering group 3/3 VR-1 VR-3 vSwitch LANvSwitchLAN Monitoring VR-1# set cluster monitor-dead-interval 1000 VR-1# set cluster group CLUSTER monitor 133.242.YYY.3 VR-1# commit VR-1# save VR-3# set cluster monitor-dead-interval 1000 VR-3# set cluster group CLUSTER monitor 133.242.XXX.1 VR-3# commit VR-3# save 133.242.YYY.3133.242.XXX.1
Configure Dual IPSec Tunneling 1/3 VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel Sample Configuration for VR-1 and VR-3 # set vpn ipsec esp-group ESP lifetime 1800 # set vpn ipsec esp-group ESP mode tunnel # set vpn ipsec esp-group ESP pfs enable # set vpn ipsec esp-group ESP proposal 1 encryption aes256 # set vpn ipsec esp-group ESP proposal 1 hash sha1 # set vpn ipsec ike-group IKE lifetime 3600 # set vpn ipsec ike-group IKE proposal 1 encryption aes256 # set vpn ipsec ike-group IKE proposal 1 hash sha1 # set vpn ipsec ipsec-interfaces interface eth0
Configure Dual IPSec Tunneling 2/3 VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 local-address 133.242.XXX.1 VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 authentication mode pre-shared-secret VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 authentication pre-shared-secret SeCrEt VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 connection-type initiate VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 default-esp-group ESP VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 ike-group IKE VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 local prefix 10.10.10.0/24 VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 remote prefix 10.20.20.0/24 VR-1# commit VR-1# save 133.242.YYY.3133.242.XXX.1 10.10.10.0/24 10.20.20.0/24
Configure Dual IPSec Tunneling 3/3 VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 local-address 133.242.YYY.3 VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 authentication mode pre-shared-secret VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 authentication pre-shared-secret SeCrEt VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 connection-type initiate VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 default-esp-group ESP VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 ike-group IKE VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 tunnel 0 local prefix 10.20.20.0/24 VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 tunnel 0 remote prefix 10.10.10.0/24 VR-3# commit VR-3# save 133.242.YYY.3133.242.XXX.1 10.10.10.0/24 10.20.20.0/24
Configure TCP-MSS modify for VPN VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel VR-1# set policy route TCP-MSS1386-ETH0 rule 1 destination address 10.20.20.0/24 VR-1# set policy route TCP-MSS1386-ETH0 rule 1 protocol tcp VR-1# set policy route TCP-MSS1386-ETH0 rule 1 set tcp-mss 1386 VR-1# set policy route TCP-MSS1386-ETH0 rule 1 tcp flags SYN TCP VR-1# set interfaces ethernet eth0 policy route TCP-MSS1386-ETH0 VR-1# commit 10.10.10.0/24 10.20.20.0/24 VR-3# set policy route TCP-MSS1386-ETH0 rule 1 destination address 10.10.10.0/24 VR-3# set policy route TCP-MSS1386-ETH0 rule 1 protocol tcp VR-3# set policy route TCP-MSS1386-ETH0 rule 1 set tcp-mss 1386 VR-3# set policy route TCP-MSS1386-ETH0 rule 1 tcp flags SYN TCP VR-3# set interfaces ethernet eth0 policy route TCP-MSS1386-ETH0 VR-3# commit
Unbreakable VPN Architecure LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch MASTER BACKUP
Thanks for your interest. SAKURA Internet Research Center.

Recommended

Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsecGireesh Hariharasubramony
 
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)Kuniyasu Suzaki
 
BETTER TOGETHER 〜VMware NSXとJuniperデバイスを繋いでみよう!〜
BETTER TOGETHER 〜VMware NSXとJuniperデバイスを繋いでみよう!〜BETTER TOGETHER 〜VMware NSXとJuniperデバイスを繋いでみよう!〜
BETTER TOGETHER 〜VMware NSXとJuniperデバイスを繋いでみよう!〜Juniper Networks (日本)
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network InterfacesKernel TLV
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitchSim Janghoon
 
RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)
RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)
RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)Kuniyasu Suzaki
 
3GPP LTE introduction 3 (Attach)
3GPP LTE introduction 3 (Attach)3GPP LTE introduction 3 (Attach)
3GPP LTE introduction 3 (Attach)Ryuichi Yasunaga
 
Infiniband hack-a-thon #2 Windows班まとめ資料 Windows Server 2012 + FDR Infinibandで...
Infiniband hack-a-thon #2 Windows班まとめ資料 Windows Server 2012 + FDR Infinibandで...Infiniband hack-a-thon #2 Windows班まとめ資料 Windows Server 2012 + FDR Infinibandで...
Infiniband hack-a-thon #2 Windows班まとめ資料 Windows Server 2012 + FDR Infinibandで...milk hanakara
 

Recommended

Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsecGireesh Hariharasubramony
 
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)Kuniyasu Suzaki
 
BETTER TOGETHER 〜VMware NSXとJuniperデバイスを繋いでみよう!〜
BETTER TOGETHER 〜VMware NSXとJuniperデバイスを繋いでみよう!〜BETTER TOGETHER 〜VMware NSXとJuniperデバイスを繋いでみよう!〜
BETTER TOGETHER 〜VMware NSXとJuniperデバイスを繋いでみよう!〜Juniper Networks (日本)
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network InterfacesKernel TLV
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitchSim Janghoon
 
RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)
RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)
RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)Kuniyasu Suzaki
 
3GPP LTE introduction 3 (Attach)
3GPP LTE introduction 3 (Attach)3GPP LTE introduction 3 (Attach)
3GPP LTE introduction 3 (Attach)Ryuichi Yasunaga
 
Infiniband hack-a-thon #2 Windows班まとめ資料 Windows Server 2012 + FDR Infinibandで...
Infiniband hack-a-thon #2 Windows班まとめ資料 Windows Server 2012 + FDR Infinibandで...Infiniband hack-a-thon #2 Windows班まとめ資料 Windows Server 2012 + FDR Infinibandで...
Infiniband hack-a-thon #2 Windows班まとめ資料 Windows Server 2012 + FDR Infinibandで...milk hanakara
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallHarris Andrea
 
TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support Hanoch Haim
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)NetProtocol Xpert
 
NetBox as the Source of Truth for Cisco NSO Configurations
NetBox as the Source of Truth for Cisco NSO ConfigurationsNetBox as the Source of Truth for Cisco NSO Configurations
NetBox as the Source of Truth for Cisco NSO ConfigurationsHank Preston
 
Xenとzfsで作る家庭内VDIサーバ
Xenとzfsで作る家庭内VDIサーバXenとzfsで作る家庭内VDIサーバ
Xenとzfsで作る家庭内VDIサーバzgock
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLANIndonesia Network Operators Group
 
SUSE shim and things related to it
SUSE shim and things related to itSUSE shim and things related to it
SUSE shim and things related to itSUSE Labs Taipei
 
I/O仮想化最前線〜ネットワークI/Oを中心に〜
I/O仮想化最前線〜ネットワークI/Oを中心に〜I/O仮想化最前線〜ネットワークI/Oを中心に〜
I/O仮想化最前線〜ネットワークI/Oを中心に〜Ryousei Takano
 
Introduction to Initramfs - Initramfs-tools and Dracut
Introduction to Initramfs - Initramfs-tools and DracutIntroduction to Initramfs - Initramfs-tools and Dracut
Introduction to Initramfs - Initramfs-tools and DracutTaisuke Yamada
 
Bastion jump hosts with Teleport
Bastion jump hosts with TeleportBastion jump hosts with Teleport
Bastion jump hosts with TeleportFaelix Ltd
 
オープンソースソフトウェアで実現するエンタープライズにおけるセキュリティ脅威分析の勘所
オープンソースソフトウェアで実現するエンタープライズにおけるセキュリティ脅威分析の勘所オープンソースソフトウェアで実現するエンタープライズにおけるセキュリティ脅威分析の勘所
オープンソースソフトウェアで実現するエンタープライズにおけるセキュリティ脅威分析の勘所Hibino Hisashi
 
Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3NGINX, Inc.
 
TRex Traffic Generator - Hanoch Haim
TRex Traffic Generator - Hanoch HaimTRex Traffic Generator - Hanoch Haim
TRex Traffic Generator - Hanoch Haimharryvanhaaren
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksLaurent Bernaille
 
Vpc notes
Vpc notesVpc notes
Vpc notesKrunal Shah
 
ロードバランスへの長い道
ロードバランスへの長い道ロードバランスへの長い道
ロードバランスへの長い道Jun Kato
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
 
RFC5996(IKEv2)第2版
RFC5996(IKEv2)第2版RFC5996(IKEv2)第2版
RFC5996(IKEv2)第2版Tetsuya Hasegawa
 
Hyperledger Fabric practice (v2.0)
Hyperledger Fabric practice (v2.0) Hyperledger Fabric practice (v2.0)
Hyperledger Fabric practice (v2.0) wonyong hwang
 
Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Naoto MATSUMOTO
 
さくらのクラウドでVyOS使ってみた
さくらのクラウドでVyOS使ってみたさくらのクラウドでVyOS使ってみた
さくらのクラウドでVyOS使ってみたSAKURA Internet Inc.
 

More Related Content

What's hot

Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallHarris Andrea
 
TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support Hanoch Haim
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)NetProtocol Xpert
 
NetBox as the Source of Truth for Cisco NSO Configurations
NetBox as the Source of Truth for Cisco NSO ConfigurationsNetBox as the Source of Truth for Cisco NSO Configurations
NetBox as the Source of Truth for Cisco NSO ConfigurationsHank Preston
 
Xenとzfsで作る家庭内VDIサーバ
Xenとzfsで作る家庭内VDIサーバXenとzfsで作る家庭内VDIサーバ
Xenとzfsで作る家庭内VDIサーバzgock
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLANIndonesia Network Operators Group
 
SUSE shim and things related to it
SUSE shim and things related to itSUSE shim and things related to it
SUSE shim and things related to itSUSE Labs Taipei
 
I/O仮想化最前線〜ネットワークI/Oを中心に〜
I/O仮想化最前線〜ネットワークI/Oを中心に〜I/O仮想化最前線〜ネットワークI/Oを中心に〜
I/O仮想化最前線〜ネットワークI/Oを中心に〜Ryousei Takano
 
Introduction to Initramfs - Initramfs-tools and Dracut
Introduction to Initramfs - Initramfs-tools and DracutIntroduction to Initramfs - Initramfs-tools and Dracut
Introduction to Initramfs - Initramfs-tools and DracutTaisuke Yamada
 
Bastion jump hosts with Teleport
Bastion jump hosts with TeleportBastion jump hosts with Teleport
Bastion jump hosts with TeleportFaelix Ltd
 
オープンソースソフトウェアで実現するエンタープライズにおけるセキュリティ脅威分析の勘所
オープンソースソフトウェアで実現するエンタープライズにおけるセキュリティ脅威分析の勘所オープンソースソフトウェアで実現するエンタープライズにおけるセキュリティ脅威分析の勘所
オープンソースソフトウェアで実現するエンタープライズにおけるセキュリティ脅威分析の勘所Hibino Hisashi
 
Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3NGINX, Inc.
 
TRex Traffic Generator - Hanoch Haim
TRex Traffic Generator - Hanoch HaimTRex Traffic Generator - Hanoch Haim
TRex Traffic Generator - Hanoch Haimharryvanhaaren
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksLaurent Bernaille
 
ロードバランスへの長い道
ロードバランスへの長い道ロードバランスへの長い道
ロードバランスへの長い道Jun Kato
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
 
Hyperledger Fabric practice (v2.0)
Hyperledger Fabric practice (v2.0) Hyperledger Fabric practice (v2.0)
Hyperledger Fabric practice (v2.0) wonyong hwang
 

What's hot (20)

Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
 
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA Firewall
 
TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)
 
NetBox as the Source of Truth for Cisco NSO Configurations
NetBox as the Source of Truth for Cisco NSO ConfigurationsNetBox as the Source of Truth for Cisco NSO Configurations
NetBox as the Source of Truth for Cisco NSO Configurations
 
Xenとzfsで作る家庭内VDIサーバ
Xenとzfsで作る家庭内VDIサーバXenとzfsで作る家庭内VDIサーバ
Xenとzfsで作る家庭内VDIサーバ
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
 
SUSE shim and things related to it
SUSE shim and things related to itSUSE shim and things related to it
SUSE shim and things related to it
 
I/O仮想化最前線〜ネットワークI/Oを中心に〜
I/O仮想化最前線〜ネットワークI/Oを中心に〜I/O仮想化最前線〜ネットワークI/Oを中心に〜
I/O仮想化最前線〜ネットワークI/Oを中心に〜
 
Introduction to Initramfs - Initramfs-tools and Dracut
Introduction to Initramfs - Initramfs-tools and DracutIntroduction to Initramfs - Initramfs-tools and Dracut
Introduction to Initramfs - Initramfs-tools and Dracut
 
Bastion jump hosts with Teleport
Bastion jump hosts with TeleportBastion jump hosts with Teleport
Bastion jump hosts with Teleport
 
オープンソースソフトウェアで実現するエンタープライズにおけるセキュリティ脅威分析の勘所
オープンソースソフトウェアで実現するエンタープライズにおけるセキュリティ脅威分析の勘所オープンソースソフトウェアで実現するエンタープライズにおけるセキュリティ脅威分析の勘所
オープンソースソフトウェアで実現するエンタープライズにおけるセキュリティ脅威分析の勘所
 
Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3
 
TRex Traffic Generator - Hanoch Haim
TRex Traffic Generator - Hanoch HaimTRex Traffic Generator - Hanoch Haim
TRex Traffic Generator - Hanoch Haim
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay Networks
 
Vpc notes
Vpc notesVpc notes
Vpc notes
 
ロードバランスへの長い道
ロードバランスへの長い道ロードバランスへの長い道
ロードバランスへの長い道
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking Walkthrough
 
RFC5996(IKEv2)第2版
RFC5996(IKEv2)第2版RFC5996(IKEv2)第2版
RFC5996(IKEv2)第2版
 
Hyperledger Fabric practice (v2.0)
Hyperledger Fabric practice (v2.0) Hyperledger Fabric practice (v2.0)
Hyperledger Fabric practice (v2.0)
 

Viewers also liked

Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Naoto MATSUMOTO
 
さくらのクラウドでVyOS使ってみた
さくらのクラウドでVyOS使ってみたさくらのクラウドでVyOS使ってみた
さくらのクラウドでVyOS使ってみたSAKURA Internet Inc.
 
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)Naoto MATSUMOTO
 
VVyatta Core 6.5R1 Policy Base Routing mechanism MEMO
VVyatta Core 6.5R1 Policy Base Routing mechanism MEMOVVyatta Core 6.5R1 Policy Base Routing mechanism MEMO
VVyatta Core 6.5R1 Policy Base Routing mechanism MEMONaoto MATSUMOTO
 
Unfolding - A Library for Interactive Maps and Geovisualizations
Unfolding - A Library for Interactive Maps and GeovisualizationsUnfolding - A Library for Interactive Maps and Geovisualizations
Unfolding - A Library for Interactive Maps and GeovisualizationsTill Nagel
 
Japan Vyatta Users Group Introduction
Japan Vyatta Users Group IntroductionJapan Vyatta Users Group Introduction
Japan Vyatta Users Group IntroductionNaoto MATSUMOTO
 
Software-Based Networking & Security for the Cloud
Software-Based Networking & Security for the CloudSoftware-Based Networking & Security for the Cloud
Software-Based Networking & Security for the CloudMatt Wolpin
 
Vyatta open cloudcampus 2011/08/02
Vyatta open cloudcampus 2011/08/02Vyatta open cloudcampus 2011/08/02
Vyatta open cloudcampus 2011/08/02Kentaro Ebisawa
 
Zimbra Collaboration Suite And Google Apps
Zimbra Collaboration Suite And Google AppsZimbra Collaboration Suite And Google Apps
Zimbra Collaboration Suite And Google Appsagileware
 
Sinatra Pattern 20130415
Sinatra Pattern 20130415Sinatra Pattern 20130415
Sinatra Pattern 20130415Naotoshi Seo
 
Vyatta Ip Services Ref Vc5 V03
Vyatta Ip Services Ref Vc5 V03Vyatta Ip Services Ref Vc5 V03
Vyatta Ip Services Ref Vc5 V03Kittanun Nuaon
 
Vyatta lan interfaces-6.5_r1_v01
Vyatta lan interfaces-6.5_r1_v01Vyatta lan interfaces-6.5_r1_v01
Vyatta lan interfaces-6.5_r1_v01Nguyen Van Duy
 
VYATTA USERS MEETING Spring 2014 イントロダクション
VYATTA USERS MEETING Spring 2014 イントロダクションVYATTA USERS MEETING Spring 2014 イントロダクション
VYATTA USERS MEETING Spring 2014 イントロダクションNaoto MATSUMOTO
 
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFVOVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFVNAIM Networks, Inc.
 
Introduction to Cloud B2B Integration
Introduction to Cloud B2B IntegrationIntroduction to Cloud B2B Integration
Introduction to Cloud B2B IntegrationMark Morley, MBA
 
云网锦绣 SDN实战研讨会
云网锦绣 SDN实战研讨会云网锦绣 SDN实战研讨会
云网锦绣 SDN实战研讨会Hardway Hou
 

Viewers also liked (20)

Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)
 
さくらのクラウドでVyOS使ってみた
さくらのクラウドでVyOS使ってみたさくらのクラウドでVyOS使ってみた
さくらのクラウドでVyOS使ってみた
 
Vyatta 改造入門
Vyatta 改造入門Vyatta 改造入門
Vyatta 改造入門
 
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
 
VVyatta Core 6.5R1 Policy Base Routing mechanism MEMO
VVyatta Core 6.5R1 Policy Base Routing mechanism MEMOVVyatta Core 6.5R1 Policy Base Routing mechanism MEMO
VVyatta Core 6.5R1 Policy Base Routing mechanism MEMO
 
Unfolding - A Library for Interactive Maps and Geovisualizations
Unfolding - A Library for Interactive Maps and GeovisualizationsUnfolding - A Library for Interactive Maps and Geovisualizations
Unfolding - A Library for Interactive Maps and Geovisualizations
 
Japan Vyatta Users Group Introduction
Japan Vyatta Users Group IntroductionJapan Vyatta Users Group Introduction
Japan Vyatta Users Group Introduction
 
Unite! VYATTA APAC
Unite! VYATTA APACUnite! VYATTA APAC
Unite! VYATTA APAC
 
VyattaCore TIPS2013
VyattaCore TIPS2013VyattaCore TIPS2013
VyattaCore TIPS2013
 
Software-Based Networking & Security for the Cloud
Software-Based Networking & Security for the CloudSoftware-Based Networking & Security for the Cloud
Software-Based Networking & Security for the Cloud
 
Vyatta open cloudcampus 2011/08/02
Vyatta open cloudcampus 2011/08/02Vyatta open cloudcampus 2011/08/02
Vyatta open cloudcampus 2011/08/02
 
Zimbra Collaboration Suite And Google Apps
Zimbra Collaboration Suite And Google AppsZimbra Collaboration Suite And Google Apps
Zimbra Collaboration Suite And Google Apps
 
Sinatra Pattern 20130415
Sinatra Pattern 20130415Sinatra Pattern 20130415
Sinatra Pattern 20130415
 
Vyatta Ip Services Ref Vc5 V03
Vyatta Ip Services Ref Vc5 V03Vyatta Ip Services Ref Vc5 V03
Vyatta Ip Services Ref Vc5 V03
 
Vyatta lan interfaces-6.5_r1_v01
Vyatta lan interfaces-6.5_r1_v01Vyatta lan interfaces-6.5_r1_v01
Vyatta lan interfaces-6.5_r1_v01
 
VYATTA USERS MEETING Spring 2014 イントロダクション
VYATTA USERS MEETING Spring 2014 イントロダクションVYATTA USERS MEETING Spring 2014 イントロダクション
VYATTA USERS MEETING Spring 2014 イントロダクション
 
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFVOVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
 
Introduction to Cloud B2B Integration
Introduction to Cloud B2B IntegrationIntroduction to Cloud B2B Integration
Introduction to Cloud B2B Integration
 
云网锦绣 SDN实战研讨会
云网锦绣 SDN实战研讨会云网锦绣 SDN实战研讨会
云网锦绣 SDN实战研讨会
 
vSRX
vSRXvSRX
vSRX
 

Similar to Unbreakable VPN using Vyatta/VyOS - HOW TO -

UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO) UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO) Naoto MATSUMOTO
 
IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]Naoto MATSUMOTO
 
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld
 
Westermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingWestermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingFabian Vandendyck
 
VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration Eddie Parra
 
Deep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private CloudDeep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private CloudAmazon Web Services
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
Securing the network for VMs or Containers
Securing the network for VMs or ContainersSecuring the network for VMs or Containers
Securing the network for VMs or ContainersMarian Marinov
 
AWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private CloudAWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private CloudAmazon Web Services
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksAPNIC
 
Understanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeUnderstanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeVictor Morales
 
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 TunnelingUNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 TunnelingNaoto MATSUMOTO
 
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Sam Kim
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...LinuxCon ContainerCon CloudOpen China
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
PLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined NetworkPLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined NetworkPROIDEA
 

Similar to Unbreakable VPN using Vyatta/VyOS - HOW TO - (20)

UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO) UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
 
IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]
 
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
 
Westermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingWestermo WeOS Multicast Tunneling
Westermo WeOS Multicast Tunneling
 
VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration
 
Deep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private CloudDeep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private Cloud
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)
 
Securing the network for VMs or Containers
Securing the network for VMs or ContainersSecuring the network for VMs or Containers
Securing the network for VMs or Containers
 
AWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private CloudAWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
 
Understanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeUnderstanding kube proxy in ipvs mode
Understanding kube proxy in ipvs mode
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
 
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 TunnelingUNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
 
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 Administration
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...
 
ACI MultiPod 구성
ACI MultiPod 구성ACI MultiPod 구성
ACI MultiPod 구성
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
PLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined NetworkPLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined Network
 

More from Naoto MATSUMOTO

Alder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature MonitoringAlder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature MonitoringNaoto MATSUMOTO
 
CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化Naoto MATSUMOTO
 
2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)Naoto MATSUMOTO
 
防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察Naoto MATSUMOTO
 
旅するパケットの見える化
旅するパケットの見える化旅するパケットの見える化
旅するパケットの見える化Naoto MATSUMOTO
 
LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91Naoto MATSUMOTO
 
災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化Naoto MATSUMOTO
 
BeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveBeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveNaoto MATSUMOTO
 
Network Adapter Deep dive
Network Adapter Deep diveNetwork Adapter Deep dive
Network Adapter Deep diveNaoto MATSUMOTO
 
x86_64 Hardware Deep dive
x86_64 Hardware Deep divex86_64 Hardware Deep dive
x86_64 Hardware Deep diveNaoto MATSUMOTO
 
ADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetNaoto MATSUMOTO
 
3/4G USB modem Cheat Sheet
3/4G USB modem Cheat Sheet3/4G USB modem Cheat Sheet
3/4G USB modem Cheat SheetNaoto MATSUMOTO
 
How To Train Your ARM(SBC)
How To Train Your ARM(SBC)How To Train Your ARM(SBC)
How To Train Your ARM(SBC)Naoto MATSUMOTO
 
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~Naoto MATSUMOTO
 
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)Naoto MATSUMOTO
 
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化Naoto MATSUMOTO
 

More from Naoto MATSUMOTO (20)

Alder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature MonitoringAlder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature Monitoring
 
CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化
 
5Gの見える化
5Gの見える化5Gの見える化
5Gの見える化
 
2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)
 
防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察
 
旅するパケットの見える化
旅するパケットの見える化旅するパケットの見える化
旅するパケットの見える化
 
LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91
 
災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化
 
BeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveBeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep dive
 
AMDGPU ROCm Deep dive
AMDGPU ROCm Deep diveAMDGPU ROCm Deep dive
AMDGPU ROCm Deep dive
 
Network Adapter Deep dive
Network Adapter Deep diveNetwork Adapter Deep dive
Network Adapter Deep dive
 
RTL2838 DVB-T Deep dive
RTL2838 DVB-T Deep diveRTL2838 DVB-T Deep dive
RTL2838 DVB-T Deep dive
 
x86_64 Hardware Deep dive
x86_64 Hardware Deep divex86_64 Hardware Deep dive
x86_64 Hardware Deep dive
 
ADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheet
 
curl --http3 cheatsheet
curl --http3 cheatsheetcurl --http3 cheatsheet
curl --http3 cheatsheet
 
3/4G USB modem Cheat Sheet
3/4G USB modem Cheat Sheet3/4G USB modem Cheat Sheet
3/4G USB modem Cheat Sheet
 
How To Train Your ARM(SBC)
How To Train Your ARM(SBC)How To Train Your ARM(SBC)
How To Train Your ARM(SBC)
 
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
 
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
 
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
 

Recently uploaded

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 

Recently uploaded (20)

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 

Unbreakable VPN using Vyatta/VyOS - HOW TO -

  • 1. 13 May, 2014 SAKURA Internet Research Center Senior Researcher / Naoto MATSUMOTO
  • 2. Basic idea for inter-cloud LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch MASTER BACKUP
  • 3. Unbreakable VPN using Vyatta/VyOS - HOW TO -
  • 4. Configure Clustering group 1/2 VR-1 VR-2 VR-3 VR-4 LANLAN Private Cloud A Private Cloud B VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ vSwitchvSwitch Secondary Node Secondary Node VIP: Shared Virtual IP Address VIP VIP Primary Node Primary Node
  • 5. Configure Clustering group 2/2 VR-1 VR-2 VR-3 VR-4 vSwitch LANvSwitchLAN Private Cloud A Private Cloud B VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ Corss Monitoring Cross Monitoring
  • 6. Configure Dual IPSec Tunneling VR-1 VR-2 VR-3 VR-4 vSwitch LANvSwitchLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/
  • 7. Logical IP Network view (MASTER) LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch VIP: Shared Virtual IP Address VIP VIP Primary Node Primary Node
  • 8. Logical IP Network view (BACKUP) LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch VIP: Shared Virtual IP Address VIP VIP Monitoring failure
  • 9. Unbreakable VPN using Vyatta/VyOS - Sample Configuration TIPS-
  • 10. Configure Clustering group 1/3 VR-1 VR-2 LAN vSwitch Primary Node Secondary Node 10.10.10.100/24 VIP Sample Configuration for VR-1 and VR-2 $ configure # set system host-name VR-1 (or VR-2) # set cluster dead-interval 1000 # set cluster group CLUSTER auto-failback true # set cluster interface eth0 # set cluster interface eth1 # set cluster keepalive-interval 200 # set cluster pre-shared-secret SeCrEt # set cluster group CLUSTER primary VR-1 # set cluster group CLUSTER secondary VR-2 # set cluster group CLUSTER service 10.10.10.100/24/eth1 # set cluster mcast-group 239.10.10.100
  • 11. Configure Clustering group 2/3 Sample Configuration for VR-3 and VR-4 $ configure # set system host-name VR-3 (or VR-4) # set cluster dead-interval 1000 # set cluster group CLUSTER auto-failback true # set cluster interface eth0 # set cluster interface eth1 # set cluster keepalive-interval 200 # set cluster pre-shared-secret SeCrEt # set cluster group CLUSTER primary VR-3 # set cluster group CLUSTER secondary VR-4 # set cluster group CLUSTER service 10.20.20.100/24/eth1 # set cluster mcast-group 239.20.20.100 VR-3 VR-4 LANvSwitchSecondary Node VIP 10.20.20.100/24 Primary Node
  • 12. Configure Clustering group 3/3 VR-1 VR-3 vSwitch LANvSwitchLAN Monitoring VR-1# set cluster monitor-dead-interval 1000 VR-1# set cluster group CLUSTER monitor 133.242.YYY.3 VR-1# commit VR-1# save VR-3# set cluster monitor-dead-interval 1000 VR-3# set cluster group CLUSTER monitor 133.242.XXX.1 VR-3# commit VR-3# save 133.242.YYY.3133.242.XXX.1
  • 13. Configure Dual IPSec Tunneling 1/3 VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel Sample Configuration for VR-1 and VR-3 # set vpn ipsec esp-group ESP lifetime 1800 # set vpn ipsec esp-group ESP mode tunnel # set vpn ipsec esp-group ESP pfs enable # set vpn ipsec esp-group ESP proposal 1 encryption aes256 # set vpn ipsec esp-group ESP proposal 1 hash sha1 # set vpn ipsec ike-group IKE lifetime 3600 # set vpn ipsec ike-group IKE proposal 1 encryption aes256 # set vpn ipsec ike-group IKE proposal 1 hash sha1 # set vpn ipsec ipsec-interfaces interface eth0
  • 14. Configure Dual IPSec Tunneling 2/3 VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 local-address 133.242.XXX.1 VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 authentication mode pre-shared-secret VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 authentication pre-shared-secret SeCrEt VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 connection-type initiate VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 default-esp-group ESP VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 ike-group IKE VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 local prefix 10.10.10.0/24 VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 remote prefix 10.20.20.0/24 VR-1# commit VR-1# save 133.242.YYY.3133.242.XXX.1 10.10.10.0/24 10.20.20.0/24
  • 15. Configure Dual IPSec Tunneling 3/3 VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 local-address 133.242.YYY.3 VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 authentication mode pre-shared-secret VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 authentication pre-shared-secret SeCrEt VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 connection-type initiate VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 default-esp-group ESP VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 ike-group IKE VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 tunnel 0 local prefix 10.20.20.0/24 VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 tunnel 0 remote prefix 10.10.10.0/24 VR-3# commit VR-3# save 133.242.YYY.3133.242.XXX.1 10.10.10.0/24 10.20.20.0/24
  • 16. Configure TCP-MSS modify for VPN VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel VR-1# set policy route TCP-MSS1386-ETH0 rule 1 destination address 10.20.20.0/24 VR-1# set policy route TCP-MSS1386-ETH0 rule 1 protocol tcp VR-1# set policy route TCP-MSS1386-ETH0 rule 1 set tcp-mss 1386 VR-1# set policy route TCP-MSS1386-ETH0 rule 1 tcp flags SYN TCP VR-1# set interfaces ethernet eth0 policy route TCP-MSS1386-ETH0 VR-1# commit 10.10.10.0/24 10.20.20.0/24 VR-3# set policy route TCP-MSS1386-ETH0 rule 1 destination address 10.10.10.0/24 VR-3# set policy route TCP-MSS1386-ETH0 rule 1 protocol tcp VR-3# set policy route TCP-MSS1386-ETH0 rule 1 set tcp-mss 1386 VR-3# set policy route TCP-MSS1386-ETH0 rule 1 tcp flags SYN TCP VR-3# set interfaces ethernet eth0 policy route TCP-MSS1386-ETH0 VR-3# commit
  • 17. Unbreakable VPN Architecure LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch MASTER BACKUP
  • 18. Thanks for your interest. SAKURA Internet Research Center.