SlideShare a Scribd company logo

UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)

Naoto MATSUMOTO
Naoto MATSUMOTO

UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO) 18 Mar, 2014 SAKURA Internet Research Center Senior Researcher / Naoto MATSUMOTO Japan Vyatta Users Meeting 2014 Spring on Tokyo.

Technology
1 of 33
23 Mar, 2014 SAKURA Internet Research Center Senior Researcher / Naoto MATSUMOTO Japan Vyatta Users Meeting Spring 2014 in Tokyo.
BASIC Networking for VMM Env
Upstream Router redundancy
Virtual Router redundancy
NIC/Cable failure recovery
Switch failure recovery
Upstream Router recovery
Comparison of Fail-over model Source: SAKURA Internet Research Center 03/2014, Project THORN. Complexity vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV vSW VMVM 1GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM SW SW Stacking Type SRV vSW VMVM 10GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM 40GbE Network SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV Network Capacity Low High *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
Best Current Practice [Top of Rack] Source: SAKURA Internet Research Center 03/2014, Project THORN. Complexity vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV vSW VMVM 1GbE Network vSW VM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM SW SW Stacking Type SRV vSW VMVM 10GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM 40GbE Network SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV Network Capacity Low High VM *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
Best Current Practice [Performance] Source: SAKURA Internet Research Center 03/2014, Project THORN. Complexity vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV 1GbE Network vSW VM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV 10GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) 40GbE Network Virtual Chassis Type (MLAG,Fabric...etc) SRV Virtual Chassis Type (MLAG,Fabric...etc) SRV Network Capacity Low High VM vSW VMVM vSW VMVM vSW VMVM vSW VMVM SW SW SW SW Box Type SRV vSW VMVM SW SW SW SW Box Type SRV vSW VMVM SW SW SW SW *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
VRRP Clustering with multicast BCP Source: SAKURA Internet Research Center 03/2014, Project THORN. SW Virtual Chassis Type (MLAG,Fabric...etc) VM SRV vSW VMVM SRV vSW VMVM SW VMSRV vSW VMVM SRV vSW VMVM SW SW Stacking Type SW SW SW SW Box Type VM SRV vSW VMVM SRV vSW VMVM 1/10GbE Network 10/40GbE Network 10/40GbE Network Multicast FlowMulticast Flow Multicast Flow *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
BASIC Network Architecure
BASIC Configuration for LAN Vyatta vRouterVyatta vRouter
Logical IP Networking Vyatta vRouterVyatta vRouter
Clustering Configuration Vyatta vRouterVyatta vRouter
Logical IP Networking (MASTER) Vyatta vRouterVyatta vRouter
Logical IP Networking (SLAVE) Vyatta vRouterVyatta vRouter
Ubreakable VPN Architecure
BASIC Configuration for VPN
Virtualization == H/W Abstraction
Dual IPSec Tunneling Vyatta vRouterVyatta vRouter Vyatta vRouterVyatta vRouter
Dual IPSec Tunneling # set vpn ipsec ike-group IKE lifetime 3600 # set vpn ipsec ike-group IKE proposal 1 encryption aes256 # set vpn ipsec ike-group IKE proposal 1 hash sha1 # set vpn ipsec esp-group ESP lifetime 1800 # set vpn ipsec esp-group ESP mode tunnel # set vpn ipsec esp-group ESP pfs enable # set vpn ipsec esp-group ESP proposal 1 encryption aes256 # set vpn ipsec esp-group ESP proposal 1 hash sha1 # set vpn ipsec ipsec-interfaces interface eth0 # set vpn ipsec site-to-site peer 133.242.YYY.3 authentication mode pre-shared-secret # set vpn ipsec site-to-site peer 133.242.YYY.3 authentication pre-shared-secret XXXX # set vpn ipsec site-to-site peer 133.242.YYY.3 connection-type initiate # set vpn ipsec site-to-site peer 133.242.YYY.3 default-esp-group ESP # set vpn ipsec site-to-site peer 133.242.YYY.3 ike-group IKE # set vpn ipsec site-to-site peer 133.242.YYY.3 local-address 133.242.XXX.1 # set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 local prefix 10.10.10.0/24 # set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 remote prefix 10.20.20.0/24 IKE ESP
TCP-MSS Rewriting # set policy route TCP-MSS1386-ETH0 rule 1 destination address 10.20.20.0/24 # set policy route TCP-MSS1386-ETH0 rule 1 protocol tcp # set policy route TCP-MSS1386-ETH0 rule 1 set tcp-mss 1386 # set policy route TCP-MSS1386-ETH0 rule 1 tcp flags SYN # set interfaces tunnel eth0 policy route TCP-MSS1386-ETH0
Clustering Configuration
Clustering Configuration # set cluster dead-interval 1000 # set cluster group CLUSTER auto-failback true # set cluster interface eth0 # set cluster interface eth1 # set cluster keepalive-interval 200 # set cluster monitor-dead-interval 1000 # set cluster pre-shared-secret YYYYYY # set cluster group CLUSTER primary VR-1 # set cluster group CLUSTER secondary VR-2 # set cluster group CLUSTER service 10.10.10.100/24/eth1 # set cluster mcast-group 239.10.10.100
Clustering Group Monitoring
Clustering Group Monitoring # set cluster group CLUSTER monitor 133.242.YYY.3
Logical IP Networking (MASTER)
Logical IP Networking (SLAVE) Disposal IPSec link
Firewall/QoS Rule for DoS Attack
Another solution: DMVPN Tunneling DATACENTER A DATACENTER BDATACENTER C
DMVPN Tunneling with IPSec/BGP DATACENTER A DATACENTER BDATACENTER C AS65001 AS65002 AS65003 AS65005 AS65006AS65004
Thanks for your interest. SAKURA Internet Research Center.

Recommended

An Easy way to build a server cluster without top of rack switches (MEMO)
An Easy way to build a server cluster without top of rack switches (MEMO)An Easy way to build a server cluster without top of rack switches (MEMO)
An Easy way to build a server cluster without top of rack switches (MEMO)Naoto MATSUMOTO
 
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)Naoto MATSUMOTO
 
Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Naoto MATSUMOTO
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Naoto MATSUMOTO
 
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)Naoto MATSUMOTO
 
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsecGireesh Hariharasubramony
 
How to ride a 100GbE LAN -MEMO-
How to ride a 100GbE LAN -MEMO-How to ride a 100GbE LAN -MEMO-
How to ride a 100GbE LAN -MEMO-Naoto MATSUMOTO
 
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 TunnelingUNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 TunnelingNaoto MATSUMOTO
 

Recommended

An Easy way to build a server cluster without top of rack switches (MEMO)
An Easy way to build a server cluster without top of rack switches (MEMO)An Easy way to build a server cluster without top of rack switches (MEMO)
An Easy way to build a server cluster without top of rack switches (MEMO)Naoto MATSUMOTO
 
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)Naoto MATSUMOTO
 
Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Naoto MATSUMOTO
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Naoto MATSUMOTO
 
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)Naoto MATSUMOTO
 
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsecGireesh Hariharasubramony
 
How to ride a 100GbE LAN -MEMO-
How to ride a 100GbE LAN -MEMO-How to ride a 100GbE LAN -MEMO-
How to ride a 100GbE LAN -MEMO-Naoto MATSUMOTO
 
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 TunnelingUNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 TunnelingNaoto MATSUMOTO
 
IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]Naoto MATSUMOTO
 
VPNIPSec site to site
VPNIPSec site to siteVPNIPSec site to site
VPNIPSec site to siteDimitri LEMBOKOLO
 
VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法Naoto MATSUMOTO
 
How to Cisco ACI Multi-Pod
How to Cisco ACI Multi-PodHow to Cisco ACI Multi-Pod
How to Cisco ACI Multi-PodTakehiro Yokoishi
 
Server-side Intelligent Switching using vyatta
Server-side Intelligent Switching using vyattaServer-side Intelligent Switching using vyatta
Server-side Intelligent Switching using vyattaNaoto MATSUMOTO
 
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/StableSR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stablejuet-y
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseHarris Andrea
 
Westermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingWestermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingFabian Vandendyck
 
Nat
NatNat
NatMohamed Gamel
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNetwax Lab
 
SR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stablejuet-y
 
82599 sriov vm configuration notes
82599 sriov vm configuration notes82599 sriov vm configuration notes
82599 sriov vm configuration notesRyan Aydelott
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeFaelix Ltd
 
Examen main remote
Examen main remoteExamen main remote
Examen main remotejheral stalin
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)Security Date
 
大規模なスイッチレス・サーバクラスタリング構築運用の考察
大規模なスイッチレス・サーバクラスタリング構築運用の考察大規模なスイッチレス・サーバクラスタリング構築運用の考察
大規模なスイッチレス・サーバクラスタリング構築運用の考察Naoto MATSUMOTO
 
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...George Lestaris
 
Metaswitch and Intel: A Systematic Approach to NFV
Metaswitch and Intel: A Systematic Approach to NFVMetaswitch and Intel: A Systematic Approach to NFV
Metaswitch and Intel: A Systematic Approach to NFVSimon Dredge
 
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp011ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01Hussein Elmenshawy
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpnRajesh Porwal
 

More Related Content

What's hot

IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]Naoto MATSUMOTO
 
VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法Naoto MATSUMOTO
 
Server-side Intelligent Switching using vyatta
Server-side Intelligent Switching using vyattaServer-side Intelligent Switching using vyatta
Server-side Intelligent Switching using vyattaNaoto MATSUMOTO
 
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/StableSR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stablejuet-y
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseHarris Andrea
 
Westermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingWestermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingFabian Vandendyck
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNetwax Lab
 
SR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stablejuet-y
 
82599 sriov vm configuration notes
82599 sriov vm configuration notes82599 sriov vm configuration notes
82599 sriov vm configuration notesRyan Aydelott
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeFaelix Ltd
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)Security Date
 

What's hot (17)

IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]
 
VPNIPSec site to site
VPNIPSec site to siteVPNIPSec site to site
VPNIPSec site to site
 
VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法
 
How to Cisco ACI Multi-Pod
How to Cisco ACI Multi-PodHow to Cisco ACI Multi-Pod
How to Cisco ACI Multi-Pod
 
Server-side Intelligent Switching using vyatta
Server-side Intelligent Switching using vyattaServer-side Intelligent Switching using vyatta
Server-side Intelligent Switching using vyatta
 
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/StableSR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
 
Westermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingWestermo WeOS Multicast Tunneling
Westermo WeOS Multicast Tunneling
 
Nat
NatNat
Nat
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asa
 
SR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stable
 
82599 sriov vm configuration notes
82599 sriov vm configuration notes82599 sriov vm configuration notes
82599 sriov vm configuration notes
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edge
 
Examen main remote
Examen main remoteExamen main remote
Examen main remote
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)
 

Viewers also liked

大規模なスイッチレス・サーバクラスタリング構築運用の考察
大規模なスイッチレス・サーバクラスタリング構築運用の考察大規模なスイッチレス・サーバクラスタリング構築運用の考察
大規模なスイッチレス・サーバクラスタリング構築運用の考察Naoto MATSUMOTO
 
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...George Lestaris
 
Metaswitch and Intel: A Systematic Approach to NFV
Metaswitch and Intel: A Systematic Approach to NFVMetaswitch and Intel: A Systematic Approach to NFV
Metaswitch and Intel: A Systematic Approach to NFVSimon Dredge
 
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp011ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01Hussein Elmenshawy
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpnRajesh Porwal
 
Vulnerabilities in IP Protocols
Vulnerabilities in IP ProtocolsVulnerabilities in IP Protocols
Vulnerabilities in IP Protocolsbabak danyal
 
Performance Lessons learned in vRouter - Stephen Hemminger
Performance Lessons learned in vRouter - Stephen HemmingerPerformance Lessons learned in vRouter - Stephen Hemminger
Performance Lessons learned in vRouter - Stephen Hemmingerharryvanhaaren
 
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014ozkan01
 
Brocade SDN Controller -Sample Code for Brocade vRouter-
Brocade SDN Controller -Sample Code for Brocade vRouter-Brocade SDN Controller -Sample Code for Brocade vRouter-
Brocade SDN Controller -Sample Code for Brocade vRouter-Brocade
 
Using Agilio SmartNICs for OpenStack Networking Acceleration
Using Agilio SmartNICs for OpenStack Networking AccelerationUsing Agilio SmartNICs for OpenStack Networking Acceleration
Using Agilio SmartNICs for OpenStack Networking AccelerationNetronome
 
Introduction to Open Mano
Introduction to Open ManoIntroduction to Open Mano
Introduction to Open Manovideos
 
Open contrail slides for BANV meetup
Open contrail slides for BANV meetupOpen contrail slides for BANV meetup
Open contrail slides for BANV meetupScott Edwards
 
InfiniBand Growth Trends - TOP500 (July 2015)
InfiniBand Growth Trends - TOP500 (July 2015)InfiniBand Growth Trends - TOP500 (July 2015)
InfiniBand Growth Trends - TOP500 (July 2015)Mellanox Technologies
 
Juniper Contrail VNS A BASIC introduction
Juniper Contrail VNS A BASIC introductionJuniper Contrail VNS A BASIC introduction
Juniper Contrail VNS A BASIC introductionMarketingArrowECS_CZ
 
Controlling remote pc using mobile
Controlling remote pc using mobileControlling remote pc using mobile
Controlling remote pc using mobileArchana Maharjan
 

Viewers also liked (20)

大規模なスイッチレス・サーバクラスタリング構築運用の考察
大規模なスイッチレス・サーバクラスタリング構築運用の考察大規模なスイッチレス・サーバクラスタリング構築運用の考察
大規模なスイッチレス・サーバクラスタリング構築運用の考察
 
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...
 
Metaswitch and Intel: A Systematic Approach to NFV
Metaswitch and Intel: A Systematic Approach to NFVMetaswitch and Intel: A Systematic Approach to NFV
Metaswitch and Intel: A Systematic Approach to NFV
 
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp011ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
 
Vulnerabilities in IP Protocols
Vulnerabilities in IP ProtocolsVulnerabilities in IP Protocols
Vulnerabilities in IP Protocols
 
Mellanox Approach to NFV & SDN
Mellanox Approach to NFV & SDNMellanox Approach to NFV & SDN
Mellanox Approach to NFV & SDN
 
Performance Lessons learned in vRouter - Stephen Hemminger
Performance Lessons learned in vRouter - Stephen HemmingerPerformance Lessons learned in vRouter - Stephen Hemminger
Performance Lessons learned in vRouter - Stephen Hemminger
 
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
 
Brocade SDN Controller -Sample Code for Brocade vRouter-
Brocade SDN Controller -Sample Code for Brocade vRouter-Brocade SDN Controller -Sample Code for Brocade vRouter-
Brocade SDN Controller -Sample Code for Brocade vRouter-
 
Gre tunnel pdf
Gre tunnel pdfGre tunnel pdf
Gre tunnel pdf
 
Openstack meetup NFV
Openstack meetup NFV Openstack meetup NFV
Openstack meetup NFV
 
Using Agilio SmartNICs for OpenStack Networking Acceleration
Using Agilio SmartNICs for OpenStack Networking AccelerationUsing Agilio SmartNICs for OpenStack Networking Acceleration
Using Agilio SmartNICs for OpenStack Networking Acceleration
 
Introduction to Open Mano
Introduction to Open ManoIntroduction to Open Mano
Introduction to Open Mano
 
Tcp sockets
Tcp socketsTcp sockets
Tcp sockets
 
Open contrailのご紹介
Open contrailのご紹介Open contrailのご紹介
Open contrailのご紹介
 
Open contrail slides for BANV meetup
Open contrail slides for BANV meetupOpen contrail slides for BANV meetup
Open contrail slides for BANV meetup
 
InfiniBand Growth Trends - TOP500 (July 2015)
InfiniBand Growth Trends - TOP500 (July 2015)InfiniBand Growth Trends - TOP500 (July 2015)
InfiniBand Growth Trends - TOP500 (July 2015)
 
Juniper Contrail VNS A BASIC introduction
Juniper Contrail VNS A BASIC introductionJuniper Contrail VNS A BASIC introduction
Juniper Contrail VNS A BASIC introduction
 
Controlling remote pc using mobile
Controlling remote pc using mobileControlling remote pc using mobile
Controlling remote pc using mobile
 

Similar to UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)

Securing the network for VMs or Containers
Securing the network for VMs or ContainersSecuring the network for VMs or Containers
Securing the network for VMs or ContainersMarian Marinov
 
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim MortsolfDPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim MortsolfJim St. Leger
 
1/10/40GbE Switch Design Pattern for VRRP Clustering with Multicast
1/10/40GbE Switch Design Pattern for VRRP Clustering with Multicast1/10/40GbE Switch Design Pattern for VRRP Clustering with Multicast
1/10/40GbE Switch Design Pattern for VRRP Clustering with MulticastNaoto MATSUMOTO
 
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack NetworkingLinux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networkingyfauser
 
PLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined NetworkPLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined NetworkPROIDEA
 
VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration Eddie Parra
 
AWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private CloudAWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private CloudAmazon Web Services
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...ir. Carmelo Zaccone
 
EYWA Presentation v0.1.27
EYWA Presentation v0.1.27EYWA Presentation v0.1.27
EYWA Presentation v0.1.27JungIn Jung
 
Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view IPv6 Conference
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksAPNIC
 
Deep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private CloudDeep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private CloudAmazon Web Services
 
Design and Performance Characteristics of Tap-as-a-Service
Design and Performance Characteristics of Tap-as-a-ServiceDesign and Performance Characteristics of Tap-as-a-Service
Design and Performance Characteristics of Tap-as-a-Servicesoichi shigeta
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneYoshikazu Nojima
 
OpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail PresentationOpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail PresentationStacy Véronneau
 
Arista Nuage meetup dublin 18-2
Arista Nuage meetup dublin 18-2Arista Nuage meetup dublin 18-2
Arista Nuage meetup dublin 18-2Patrick Lynchehaun
 
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld
 

Similar to UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO) (20)

Securing the network for VMs or Containers
Securing the network for VMs or ContainersSecuring the network for VMs or Containers
Securing the network for VMs or Containers
 
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim MortsolfDPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
 
1/10/40GbE Switch Design Pattern for VRRP Clustering with Multicast
1/10/40GbE Switch Design Pattern for VRRP Clustering with Multicast1/10/40GbE Switch Design Pattern for VRRP Clustering with Multicast
1/10/40GbE Switch Design Pattern for VRRP Clustering with Multicast
 
Contrail Enabler for agile cloud services
Contrail Enabler for agile cloud servicesContrail Enabler for agile cloud services
Contrail Enabler for agile cloud services
 
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack NetworkingLinux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networking
 
PLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined NetworkPLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined Network
 
VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration
 
AWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private CloudAWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
 
EYWA Presentation v0.1.27
EYWA Presentation v0.1.27EYWA Presentation v0.1.27
EYWA Presentation v0.1.27
 
Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
 
Deep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private CloudDeep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private Cloud
 
Design and Performance Characteristics of Tap-as-a-Service
Design and Performance Characteristics of Tap-as-a-ServiceDesign and Performance Characteristics of Tap-as-a-Service
Design and Performance Characteristics of Tap-as-a-Service
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced Zone
 
OpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail PresentationOpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail Presentation
 
Arista Nuage meetup dublin 18-2
Arista Nuage meetup dublin 18-2Arista Nuage meetup dublin 18-2
Arista Nuage meetup dublin 18-2
 
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
 

More from Naoto MATSUMOTO

Alder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature MonitoringAlder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature MonitoringNaoto MATSUMOTO
 
CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化Naoto MATSUMOTO
 
2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)Naoto MATSUMOTO
 
防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察Naoto MATSUMOTO
 
旅するパケットの見える化
旅するパケットの見える化旅するパケットの見える化
旅するパケットの見える化Naoto MATSUMOTO
 
LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91Naoto MATSUMOTO
 
災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化Naoto MATSUMOTO
 
BeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveBeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveNaoto MATSUMOTO
 
Network Adapter Deep dive
Network Adapter Deep diveNetwork Adapter Deep dive
Network Adapter Deep diveNaoto MATSUMOTO
 
x86_64 Hardware Deep dive
x86_64 Hardware Deep divex86_64 Hardware Deep dive
x86_64 Hardware Deep diveNaoto MATSUMOTO
 
ADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetNaoto MATSUMOTO
 
3/4G USB modem Cheat Sheet
3/4G USB modem Cheat Sheet3/4G USB modem Cheat Sheet
3/4G USB modem Cheat SheetNaoto MATSUMOTO
 
How To Train Your ARM(SBC)
How To Train Your ARM(SBC)How To Train Your ARM(SBC)
How To Train Your ARM(SBC)Naoto MATSUMOTO
 
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~Naoto MATSUMOTO
 
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)Naoto MATSUMOTO
 
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化Naoto MATSUMOTO
 

More from Naoto MATSUMOTO (20)

Alder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature MonitoringAlder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature Monitoring
 
CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化
 
5Gの見える化
5Gの見える化5Gの見える化
5Gの見える化
 
2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)
 
防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察
 
旅するパケットの見える化
旅するパケットの見える化旅するパケットの見える化
旅するパケットの見える化
 
LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91
 
災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化
 
BeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveBeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep dive
 
AMDGPU ROCm Deep dive
AMDGPU ROCm Deep diveAMDGPU ROCm Deep dive
AMDGPU ROCm Deep dive
 
Network Adapter Deep dive
Network Adapter Deep diveNetwork Adapter Deep dive
Network Adapter Deep dive
 
RTL2838 DVB-T Deep dive
RTL2838 DVB-T Deep diveRTL2838 DVB-T Deep dive
RTL2838 DVB-T Deep dive
 
x86_64 Hardware Deep dive
x86_64 Hardware Deep divex86_64 Hardware Deep dive
x86_64 Hardware Deep dive
 
ADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheet
 
curl --http3 cheatsheet
curl --http3 cheatsheetcurl --http3 cheatsheet
curl --http3 cheatsheet
 
3/4G USB modem Cheat Sheet
3/4G USB modem Cheat Sheet3/4G USB modem Cheat Sheet
3/4G USB modem Cheat Sheet
 
How To Train Your ARM(SBC)
How To Train Your ARM(SBC)How To Train Your ARM(SBC)
How To Train Your ARM(SBC)
 
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
 
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
 
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)

  • 1. 23 Mar, 2014 SAKURA Internet Research Center Senior Researcher / Naoto MATSUMOTO Japan Vyatta Users Meeting Spring 2014 in Tokyo.
  • 8. Comparison of Fail-over model Source: SAKURA Internet Research Center 03/2014, Project THORN. Complexity vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV vSW VMVM 1GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM SW SW Stacking Type SRV vSW VMVM 10GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM 40GbE Network SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV Network Capacity Low High *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
  • 9. Best Current Practice [Top of Rack] Source: SAKURA Internet Research Center 03/2014, Project THORN. Complexity vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV vSW VMVM 1GbE Network vSW VM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM SW SW Stacking Type SRV vSW VMVM 10GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM 40GbE Network SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV Network Capacity Low High VM *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
  • 10. Best Current Practice [Performance] Source: SAKURA Internet Research Center 03/2014, Project THORN. Complexity vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV 1GbE Network vSW VM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV 10GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) 40GbE Network Virtual Chassis Type (MLAG,Fabric...etc) SRV Virtual Chassis Type (MLAG,Fabric...etc) SRV Network Capacity Low High VM vSW VMVM vSW VMVM vSW VMVM vSW VMVM SW SW SW SW Box Type SRV vSW VMVM SW SW SW SW Box Type SRV vSW VMVM SW SW SW SW *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
  • 11. VRRP Clustering with multicast BCP Source: SAKURA Internet Research Center 03/2014, Project THORN. SW Virtual Chassis Type (MLAG,Fabric...etc) VM SRV vSW VMVM SRV vSW VMVM SW VMSRV vSW VMVM SRV vSW VMVM SW SW Stacking Type SW SW SW SW Box Type VM SRV vSW VMVM SRV vSW VMVM 1/10GbE Network 10/40GbE Network 10/40GbE Network Multicast FlowMulticast Flow Multicast Flow *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
  • 13. BASIC Configuration for LAN Vyatta vRouterVyatta vRouter
  • 14. Logical IP Networking Vyatta vRouterVyatta vRouter
  • 16. Logical IP Networking (MASTER) Vyatta vRouterVyatta vRouter
  • 17. Logical IP Networking (SLAVE) Vyatta vRouterVyatta vRouter
  • 20. Virtualization == H/W Abstraction
  • 21. Dual IPSec Tunneling Vyatta vRouterVyatta vRouter Vyatta vRouterVyatta vRouter
  • 22. Dual IPSec Tunneling # set vpn ipsec ike-group IKE lifetime 3600 # set vpn ipsec ike-group IKE proposal 1 encryption aes256 # set vpn ipsec ike-group IKE proposal 1 hash sha1 # set vpn ipsec esp-group ESP lifetime 1800 # set vpn ipsec esp-group ESP mode tunnel # set vpn ipsec esp-group ESP pfs enable # set vpn ipsec esp-group ESP proposal 1 encryption aes256 # set vpn ipsec esp-group ESP proposal 1 hash sha1 # set vpn ipsec ipsec-interfaces interface eth0 # set vpn ipsec site-to-site peer 133.242.YYY.3 authentication mode pre-shared-secret # set vpn ipsec site-to-site peer 133.242.YYY.3 authentication pre-shared-secret XXXX # set vpn ipsec site-to-site peer 133.242.YYY.3 connection-type initiate # set vpn ipsec site-to-site peer 133.242.YYY.3 default-esp-group ESP # set vpn ipsec site-to-site peer 133.242.YYY.3 ike-group IKE # set vpn ipsec site-to-site peer 133.242.YYY.3 local-address 133.242.XXX.1 # set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 local prefix 10.10.10.0/24 # set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 remote prefix 10.20.20.0/24 IKE ESP
  • 23. TCP-MSS Rewriting # set policy route TCP-MSS1386-ETH0 rule 1 destination address 10.20.20.0/24 # set policy route TCP-MSS1386-ETH0 rule 1 protocol tcp # set policy route TCP-MSS1386-ETH0 rule 1 set tcp-mss 1386 # set policy route TCP-MSS1386-ETH0 rule 1 tcp flags SYN # set interfaces tunnel eth0 policy route TCP-MSS1386-ETH0
  • 25. Clustering Configuration # set cluster dead-interval 1000 # set cluster group CLUSTER auto-failback true # set cluster interface eth0 # set cluster interface eth1 # set cluster keepalive-interval 200 # set cluster monitor-dead-interval 1000 # set cluster pre-shared-secret YYYYYY # set cluster group CLUSTER primary VR-1 # set cluster group CLUSTER secondary VR-2 # set cluster group CLUSTER service 10.10.10.100/24/eth1 # set cluster mcast-group 239.10.10.100
  • 27. Clustering Group Monitoring # set cluster group CLUSTER monitor 133.242.YYY.3
  • 29. Logical IP Networking (SLAVE) Disposal IPSec link
  • 30. Firewall/QoS Rule for DoS Attack
  • 31. Another solution: DMVPN Tunneling DATACENTER A DATACENTER BDATACENTER C
  • 32. DMVPN Tunneling with IPSec/BGP DATACENTER A DATACENTER BDATACENTER C AS65001 AS65002 AS65003 AS65005 AS65006AS65004
  • 33. Thanks for your interest. SAKURA Internet Research Center.