SlideShare una empresa de Scribd logo

UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)

Naoto MATSUMOTO
Naoto MATSUMOTO

UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO) 18 Mar, 2014 SAKURA Internet Research Center Senior Researcher / Naoto MATSUMOTO Japan Vyatta Users Meeting 2014 Spring on Tokyo.

Tecnología
1 de 33
23 Mar, 2014 SAKURA Internet Research Center Senior Researcher / Naoto MATSUMOTO Japan Vyatta Users Meeting Spring 2014 in Tokyo.
BASIC Networking for VMM Env
Upstream Router redundancy
Virtual Router redundancy
NIC/Cable failure recovery
Switch failure recovery
Upstream Router recovery
Comparison of Fail-over model Source: SAKURA Internet Research Center 03/2014, Project THORN. Complexity vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV vSW VMVM 1GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM SW SW Stacking Type SRV vSW VMVM 10GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM 40GbE Network SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV Network Capacity Low High *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
Best Current Practice [Top of Rack] Source: SAKURA Internet Research Center 03/2014, Project THORN. Complexity vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV vSW VMVM 1GbE Network vSW VM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM SW SW Stacking Type SRV vSW VMVM 10GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM 40GbE Network SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV Network Capacity Low High VM *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
Best Current Practice [Performance] Source: SAKURA Internet Research Center 03/2014, Project THORN. Complexity vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV 1GbE Network vSW VM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV 10GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) 40GbE Network Virtual Chassis Type (MLAG,Fabric...etc) SRV Virtual Chassis Type (MLAG,Fabric...etc) SRV Network Capacity Low High VM vSW VMVM vSW VMVM vSW VMVM vSW VMVM SW SW SW SW Box Type SRV vSW VMVM SW SW SW SW Box Type SRV vSW VMVM SW SW SW SW *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
VRRP Clustering with multicast BCP Source: SAKURA Internet Research Center 03/2014, Project THORN. SW Virtual Chassis Type (MLAG,Fabric...etc) VM SRV vSW VMVM SRV vSW VMVM SW VMSRV vSW VMVM SRV vSW VMVM SW SW Stacking Type SW SW SW SW Box Type VM SRV vSW VMVM SRV vSW VMVM 1/10GbE Network 10/40GbE Network 10/40GbE Network Multicast FlowMulticast Flow Multicast Flow *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
BASIC Network Architecure
BASIC Configuration for LAN Vyatta vRouterVyatta vRouter
Logical IP Networking Vyatta vRouterVyatta vRouter
Clustering Configuration Vyatta vRouterVyatta vRouter
Logical IP Networking (MASTER) Vyatta vRouterVyatta vRouter
Logical IP Networking (SLAVE) Vyatta vRouterVyatta vRouter
Ubreakable VPN Architecure
BASIC Configuration for VPN
Virtualization == H/W Abstraction
Dual IPSec Tunneling Vyatta vRouterVyatta vRouter Vyatta vRouterVyatta vRouter
Dual IPSec Tunneling # set vpn ipsec ike-group IKE lifetime 3600 # set vpn ipsec ike-group IKE proposal 1 encryption aes256 # set vpn ipsec ike-group IKE proposal 1 hash sha1 # set vpn ipsec esp-group ESP lifetime 1800 # set vpn ipsec esp-group ESP mode tunnel # set vpn ipsec esp-group ESP pfs enable # set vpn ipsec esp-group ESP proposal 1 encryption aes256 # set vpn ipsec esp-group ESP proposal 1 hash sha1 # set vpn ipsec ipsec-interfaces interface eth0 # set vpn ipsec site-to-site peer 133.242.YYY.3 authentication mode pre-shared-secret # set vpn ipsec site-to-site peer 133.242.YYY.3 authentication pre-shared-secret XXXX # set vpn ipsec site-to-site peer 133.242.YYY.3 connection-type initiate # set vpn ipsec site-to-site peer 133.242.YYY.3 default-esp-group ESP # set vpn ipsec site-to-site peer 133.242.YYY.3 ike-group IKE # set vpn ipsec site-to-site peer 133.242.YYY.3 local-address 133.242.XXX.1 # set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 local prefix 10.10.10.0/24 # set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 remote prefix 10.20.20.0/24 IKE ESP
TCP-MSS Rewriting # set policy route TCP-MSS1386-ETH0 rule 1 destination address 10.20.20.0/24 # set policy route TCP-MSS1386-ETH0 rule 1 protocol tcp # set policy route TCP-MSS1386-ETH0 rule 1 set tcp-mss 1386 # set policy route TCP-MSS1386-ETH0 rule 1 tcp flags SYN # set interfaces tunnel eth0 policy route TCP-MSS1386-ETH0
Clustering Configuration
Clustering Configuration # set cluster dead-interval 1000 # set cluster group CLUSTER auto-failback true # set cluster interface eth0 # set cluster interface eth1 # set cluster keepalive-interval 200 # set cluster monitor-dead-interval 1000 # set cluster pre-shared-secret YYYYYY # set cluster group CLUSTER primary VR-1 # set cluster group CLUSTER secondary VR-2 # set cluster group CLUSTER service 10.10.10.100/24/eth1 # set cluster mcast-group 239.10.10.100
Clustering Group Monitoring
Clustering Group Monitoring # set cluster group CLUSTER monitor 133.242.YYY.3
Logical IP Networking (MASTER)
Logical IP Networking (SLAVE) Disposal IPSec link
Firewall/QoS Rule for DoS Attack
Another solution: DMVPN Tunneling DATACENTER A DATACENTER BDATACENTER C
DMVPN Tunneling with IPSec/BGP DATACENTER A DATACENTER BDATACENTER C AS65001 AS65002 AS65003 AS65005 AS65006AS65004
Thanks for your interest. SAKURA Internet Research Center.

Recomendados

An Easy way to build a server cluster without top of rack switches (MEMO)
An Easy way to build a server cluster without top of rack switches (MEMO)An Easy way to build a server cluster without top of rack switches (MEMO)
An Easy way to build a server cluster without top of rack switches (MEMO)Naoto MATSUMOTO
 
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)Naoto MATSUMOTO
 
Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Naoto MATSUMOTO
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Naoto MATSUMOTO
 
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)Naoto MATSUMOTO
 
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsecGireesh Hariharasubramony
 
How to ride a 100GbE LAN -MEMO-
How to ride a 100GbE LAN -MEMO-How to ride a 100GbE LAN -MEMO-
How to ride a 100GbE LAN -MEMO-Naoto MATSUMOTO
 
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 TunnelingUNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 TunnelingNaoto MATSUMOTO
 

Recomendados

An Easy way to build a server cluster without top of rack switches (MEMO)
An Easy way to build a server cluster without top of rack switches (MEMO)An Easy way to build a server cluster without top of rack switches (MEMO)
An Easy way to build a server cluster without top of rack switches (MEMO)Naoto MATSUMOTO
 
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)Naoto MATSUMOTO
 
Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Naoto MATSUMOTO
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Naoto MATSUMOTO
 
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)Naoto MATSUMOTO
 
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsecGireesh Hariharasubramony
 
How to ride a 100GbE LAN -MEMO-
How to ride a 100GbE LAN -MEMO-How to ride a 100GbE LAN -MEMO-
How to ride a 100GbE LAN -MEMO-Naoto MATSUMOTO
 
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 TunnelingUNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 TunnelingNaoto MATSUMOTO
 
IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]Naoto MATSUMOTO
 
VPNIPSec site to site
VPNIPSec site to siteVPNIPSec site to site
VPNIPSec site to siteDimitri LEMBOKOLO
 
VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法Naoto MATSUMOTO
 
How to Cisco ACI Multi-Pod
How to Cisco ACI Multi-PodHow to Cisco ACI Multi-Pod
How to Cisco ACI Multi-PodTakehiro Yokoishi
 
Server-side Intelligent Switching using vyatta
Server-side Intelligent Switching using vyattaServer-side Intelligent Switching using vyatta
Server-side Intelligent Switching using vyattaNaoto MATSUMOTO
 
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/StableSR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stablejuet-y
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseHarris Andrea
 
Westermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingWestermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingFabian Vandendyck
 
Nat
NatNat
NatMohamed Gamel
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNetwax Lab
 
SR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stablejuet-y
 
82599 sriov vm configuration notes
82599 sriov vm configuration notes82599 sriov vm configuration notes
82599 sriov vm configuration notesRyan Aydelott
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeFaelix Ltd
 
Examen main remote
Examen main remoteExamen main remote
Examen main remotejheral stalin
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)Security Date
 
大規模なスイッチレス・サーバクラスタリング構築運用の考察
大規模なスイッチレス・サーバクラスタリング構築運用の考察大規模なスイッチレス・サーバクラスタリング構築運用の考察
大規模なスイッチレス・サーバクラスタリング構築運用の考察Naoto MATSUMOTO
 
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...George Lestaris
 
Metaswitch and Intel: A Systematic Approach to NFV
Metaswitch and Intel: A Systematic Approach to NFVMetaswitch and Intel: A Systematic Approach to NFV
Metaswitch and Intel: A Systematic Approach to NFVSimon Dredge
 
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp011ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01Hussein Elmenshawy
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpnRajesh Porwal
 

Más contenido relacionado

La actualidad más candente

IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]Naoto MATSUMOTO
 
VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法Naoto MATSUMOTO
 
Server-side Intelligent Switching using vyatta
Server-side Intelligent Switching using vyattaServer-side Intelligent Switching using vyatta
Server-side Intelligent Switching using vyattaNaoto MATSUMOTO
 
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/StableSR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stablejuet-y
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseHarris Andrea
 
Westermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingWestermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingFabian Vandendyck
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNetwax Lab
 
SR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stablejuet-y
 
82599 sriov vm configuration notes
82599 sriov vm configuration notes82599 sriov vm configuration notes
82599 sriov vm configuration notesRyan Aydelott
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeFaelix Ltd
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)Security Date
 

La actualidad más candente (17)

IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]
 
VPNIPSec site to site
VPNIPSec site to siteVPNIPSec site to site
VPNIPSec site to site
 
VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法
 
How to Cisco ACI Multi-Pod
How to Cisco ACI Multi-PodHow to Cisco ACI Multi-Pod
How to Cisco ACI Multi-Pod
 
Server-side Intelligent Switching using vyatta
Server-side Intelligent Switching using vyattaServer-side Intelligent Switching using vyatta
Server-side Intelligent Switching using vyatta
 
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/StableSR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
 
Westermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingWestermo WeOS Multicast Tunneling
Westermo WeOS Multicast Tunneling
 
Nat
NatNat
Nat
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asa
 
SR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stable
 
82599 sriov vm configuration notes
82599 sriov vm configuration notes82599 sriov vm configuration notes
82599 sriov vm configuration notes
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edge
 
Examen main remote
Examen main remoteExamen main remote
Examen main remote
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)
 

Destacado

大規模なスイッチレス・サーバクラスタリング構築運用の考察
大規模なスイッチレス・サーバクラスタリング構築運用の考察大規模なスイッチレス・サーバクラスタリング構築運用の考察
大規模なスイッチレス・サーバクラスタリング構築運用の考察Naoto MATSUMOTO
 
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...George Lestaris
 
Metaswitch and Intel: A Systematic Approach to NFV
Metaswitch and Intel: A Systematic Approach to NFVMetaswitch and Intel: A Systematic Approach to NFV
Metaswitch and Intel: A Systematic Approach to NFVSimon Dredge
 
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp011ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01Hussein Elmenshawy
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpnRajesh Porwal
 
Vulnerabilities in IP Protocols
Vulnerabilities in IP ProtocolsVulnerabilities in IP Protocols
Vulnerabilities in IP Protocolsbabak danyal
 
Performance Lessons learned in vRouter - Stephen Hemminger
Performance Lessons learned in vRouter - Stephen HemmingerPerformance Lessons learned in vRouter - Stephen Hemminger
Performance Lessons learned in vRouter - Stephen Hemmingerharryvanhaaren
 
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014ozkan01
 
Brocade SDN Controller -Sample Code for Brocade vRouter-
Brocade SDN Controller -Sample Code for Brocade vRouter-Brocade SDN Controller -Sample Code for Brocade vRouter-
Brocade SDN Controller -Sample Code for Brocade vRouter-Brocade
 
Using Agilio SmartNICs for OpenStack Networking Acceleration
Using Agilio SmartNICs for OpenStack Networking AccelerationUsing Agilio SmartNICs for OpenStack Networking Acceleration
Using Agilio SmartNICs for OpenStack Networking AccelerationNetronome
 
Introduction to Open Mano
Introduction to Open ManoIntroduction to Open Mano
Introduction to Open Manovideos
 
Open contrail slides for BANV meetup
Open contrail slides for BANV meetupOpen contrail slides for BANV meetup
Open contrail slides for BANV meetupScott Edwards
 
InfiniBand Growth Trends - TOP500 (July 2015)
InfiniBand Growth Trends - TOP500 (July 2015)InfiniBand Growth Trends - TOP500 (July 2015)
InfiniBand Growth Trends - TOP500 (July 2015)Mellanox Technologies
 
Juniper Contrail VNS A BASIC introduction
Juniper Contrail VNS A BASIC introductionJuniper Contrail VNS A BASIC introduction
Juniper Contrail VNS A BASIC introductionMarketingArrowECS_CZ
 
Controlling remote pc using mobile
Controlling remote pc using mobileControlling remote pc using mobile
Controlling remote pc using mobileArchana Maharjan
 

Destacado (20)

大規模なスイッチレス・サーバクラスタリング構築運用の考察
大規模なスイッチレス・サーバクラスタリング構築運用の考察大規模なスイッチレス・サーバクラスタリング構築運用の考察
大規模なスイッチレス・サーバクラスタリング構築運用の考察
 
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...
CernVM Online and Cloud Gateway: a uniform interface for CernVM contextualiza...
 
Metaswitch and Intel: A Systematic Approach to NFV
Metaswitch and Intel: A Systematic Approach to NFVMetaswitch and Intel: A Systematic Approach to NFV
Metaswitch and Intel: A Systematic Approach to NFV
 
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp011ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
 
Vulnerabilities in IP Protocols
Vulnerabilities in IP ProtocolsVulnerabilities in IP Protocols
Vulnerabilities in IP Protocols
 
Mellanox Approach to NFV & SDN
Mellanox Approach to NFV & SDNMellanox Approach to NFV & SDN
Mellanox Approach to NFV & SDN
 
Performance Lessons learned in vRouter - Stephen Hemminger
Performance Lessons learned in vRouter - Stephen HemmingerPerformance Lessons learned in vRouter - Stephen Hemminger
Performance Lessons learned in vRouter - Stephen Hemminger
 
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
 
Brocade SDN Controller -Sample Code for Brocade vRouter-
Brocade SDN Controller -Sample Code for Brocade vRouter-Brocade SDN Controller -Sample Code for Brocade vRouter-
Brocade SDN Controller -Sample Code for Brocade vRouter-
 
Gre tunnel pdf
Gre tunnel pdfGre tunnel pdf
Gre tunnel pdf
 
Openstack meetup NFV
Openstack meetup NFV Openstack meetup NFV
Openstack meetup NFV
 
Using Agilio SmartNICs for OpenStack Networking Acceleration
Using Agilio SmartNICs for OpenStack Networking AccelerationUsing Agilio SmartNICs for OpenStack Networking Acceleration
Using Agilio SmartNICs for OpenStack Networking Acceleration
 
Introduction to Open Mano
Introduction to Open ManoIntroduction to Open Mano
Introduction to Open Mano
 
Tcp sockets
Tcp socketsTcp sockets
Tcp sockets
 
Open contrailのご紹介
Open contrailのご紹介Open contrailのご紹介
Open contrailのご紹介
 
Open contrail slides for BANV meetup
Open contrail slides for BANV meetupOpen contrail slides for BANV meetup
Open contrail slides for BANV meetup
 
InfiniBand Growth Trends - TOP500 (July 2015)
InfiniBand Growth Trends - TOP500 (July 2015)InfiniBand Growth Trends - TOP500 (July 2015)
InfiniBand Growth Trends - TOP500 (July 2015)
 
Juniper Contrail VNS A BASIC introduction
Juniper Contrail VNS A BASIC introductionJuniper Contrail VNS A BASIC introduction
Juniper Contrail VNS A BASIC introduction
 
Controlling remote pc using mobile
Controlling remote pc using mobileControlling remote pc using mobile
Controlling remote pc using mobile
 

Similar a UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)

Securing the network for VMs or Containers
Securing the network for VMs or ContainersSecuring the network for VMs or Containers
Securing the network for VMs or ContainersMarian Marinov
 
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim MortsolfDPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim MortsolfJim St. Leger
 
1/10/40GbE Switch Design Pattern for VRRP Clustering with Multicast
1/10/40GbE Switch Design Pattern for VRRP Clustering with Multicast1/10/40GbE Switch Design Pattern for VRRP Clustering with Multicast
1/10/40GbE Switch Design Pattern for VRRP Clustering with MulticastNaoto MATSUMOTO
 
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack NetworkingLinux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networkingyfauser
 
PLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined NetworkPLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined NetworkPROIDEA
 
VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration Eddie Parra
 
AWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private CloudAWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private CloudAmazon Web Services
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...ir. Carmelo Zaccone
 
EYWA Presentation v0.1.27
EYWA Presentation v0.1.27EYWA Presentation v0.1.27
EYWA Presentation v0.1.27JungIn Jung
 
Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view IPv6 Conference
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksAPNIC
 
Deep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private CloudDeep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private CloudAmazon Web Services
 
Design and Performance Characteristics of Tap-as-a-Service
Design and Performance Characteristics of Tap-as-a-ServiceDesign and Performance Characteristics of Tap-as-a-Service
Design and Performance Characteristics of Tap-as-a-Servicesoichi shigeta
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneYoshikazu Nojima
 
OpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail PresentationOpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail PresentationStacy Véronneau
 
Arista Nuage meetup dublin 18-2
Arista Nuage meetup dublin 18-2Arista Nuage meetup dublin 18-2
Arista Nuage meetup dublin 18-2Patrick Lynchehaun
 
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld
 

Similar a UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO) (20)

Securing the network for VMs or Containers
Securing the network for VMs or ContainersSecuring the network for VMs or Containers
Securing the network for VMs or Containers
 
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim MortsolfDPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
 
1/10/40GbE Switch Design Pattern for VRRP Clustering with Multicast
1/10/40GbE Switch Design Pattern for VRRP Clustering with Multicast1/10/40GbE Switch Design Pattern for VRRP Clustering with Multicast
1/10/40GbE Switch Design Pattern for VRRP Clustering with Multicast
 
Contrail Enabler for agile cloud services
Contrail Enabler for agile cloud servicesContrail Enabler for agile cloud services
Contrail Enabler for agile cloud services
 
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack NetworkingLinux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networking
 
PLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined NetworkPLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined Network
 
VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration
 
AWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private CloudAWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
 
EYWA Presentation v0.1.27
EYWA Presentation v0.1.27EYWA Presentation v0.1.27
EYWA Presentation v0.1.27
 
Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
 
Deep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private CloudDeep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private Cloud
 
Design and Performance Characteristics of Tap-as-a-Service
Design and Performance Characteristics of Tap-as-a-ServiceDesign and Performance Characteristics of Tap-as-a-Service
Design and Performance Characteristics of Tap-as-a-Service
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced Zone
 
OpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail PresentationOpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail Presentation
 
Arista Nuage meetup dublin 18-2
Arista Nuage meetup dublin 18-2Arista Nuage meetup dublin 18-2
Arista Nuage meetup dublin 18-2
 
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
 

Más de Naoto MATSUMOTO

Alder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature MonitoringAlder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature MonitoringNaoto MATSUMOTO
 
CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化Naoto MATSUMOTO
 
2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)Naoto MATSUMOTO
 
防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察Naoto MATSUMOTO
 
旅するパケットの見える化
旅するパケットの見える化旅するパケットの見える化
旅するパケットの見える化Naoto MATSUMOTO
 
LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91Naoto MATSUMOTO
 
災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化Naoto MATSUMOTO
 
BeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveBeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveNaoto MATSUMOTO
 
Network Adapter Deep dive
Network Adapter Deep diveNetwork Adapter Deep dive
Network Adapter Deep diveNaoto MATSUMOTO
 
x86_64 Hardware Deep dive
x86_64 Hardware Deep divex86_64 Hardware Deep dive
x86_64 Hardware Deep diveNaoto MATSUMOTO
 
ADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetNaoto MATSUMOTO
 
3/4G USB modem Cheat Sheet
3/4G USB modem Cheat Sheet3/4G USB modem Cheat Sheet
3/4G USB modem Cheat SheetNaoto MATSUMOTO
 
How To Train Your ARM(SBC)
How To Train Your ARM(SBC)How To Train Your ARM(SBC)
How To Train Your ARM(SBC)Naoto MATSUMOTO
 
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~Naoto MATSUMOTO
 
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)Naoto MATSUMOTO
 
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化Naoto MATSUMOTO
 

Más de Naoto MATSUMOTO (20)

Alder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature MonitoringAlder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature Monitoring
 
CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化
 
5Gの見える化
5Gの見える化5Gの見える化
5Gの見える化
 
2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)
 
防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察
 
旅するパケットの見える化
旅するパケットの見える化旅するパケットの見える化
旅するパケットの見える化
 
LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91
 
災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化
 
BeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveBeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep dive
 
AMDGPU ROCm Deep dive
AMDGPU ROCm Deep diveAMDGPU ROCm Deep dive
AMDGPU ROCm Deep dive
 
Network Adapter Deep dive
Network Adapter Deep diveNetwork Adapter Deep dive
Network Adapter Deep dive
 
RTL2838 DVB-T Deep dive
RTL2838 DVB-T Deep diveRTL2838 DVB-T Deep dive
RTL2838 DVB-T Deep dive
 
x86_64 Hardware Deep dive
x86_64 Hardware Deep divex86_64 Hardware Deep dive
x86_64 Hardware Deep dive
 
ADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheet
 
curl --http3 cheatsheet
curl --http3 cheatsheetcurl --http3 cheatsheet
curl --http3 cheatsheet
 
3/4G USB modem Cheat Sheet
3/4G USB modem Cheat Sheet3/4G USB modem Cheat Sheet
3/4G USB modem Cheat Sheet
 
How To Train Your ARM(SBC)
How To Train Your ARM(SBC)How To Train Your ARM(SBC)
How To Train Your ARM(SBC)
 
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
 
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
 
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
 

Último

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Último (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)

  • 1. 23 Mar, 2014 SAKURA Internet Research Center Senior Researcher / Naoto MATSUMOTO Japan Vyatta Users Meeting Spring 2014 in Tokyo.
  • 8. Comparison of Fail-over model Source: SAKURA Internet Research Center 03/2014, Project THORN. Complexity vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV vSW VMVM 1GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM SW SW Stacking Type SRV vSW VMVM 10GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM 40GbE Network SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV Network Capacity Low High *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
  • 9. Best Current Practice [Top of Rack] Source: SAKURA Internet Research Center 03/2014, Project THORN. Complexity vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV vSW VMVM 1GbE Network vSW VM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM SW SW Stacking Type SRV vSW VMVM 10GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW SW SW Box Type SRV vSW VMVM 40GbE Network SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV SW SW Virtual Chassis Type (MLAG,Fabric...etc) vSW VMVM SRV Network Capacity Low High VM *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
  • 10. Best Current Practice [Performance] Source: SAKURA Internet Research Center 03/2014, Project THORN. Complexity vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV 1GbE Network vSW VM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) SW SW Stacking Type SRV 10GbE Network vSW VMVM SRV SW SW SW SW Legacy Type (STP/RSTP/MSTP...etc) 40GbE Network Virtual Chassis Type (MLAG,Fabric...etc) SRV Virtual Chassis Type (MLAG,Fabric...etc) SRV Network Capacity Low High VM vSW VMVM vSW VMVM vSW VMVM vSW VMVM SW SW SW SW Box Type SRV vSW VMVM SW SW SW SW Box Type SRV vSW VMVM SW SW SW SW *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
  • 11. VRRP Clustering with multicast BCP Source: SAKURA Internet Research Center 03/2014, Project THORN. SW Virtual Chassis Type (MLAG,Fabric...etc) VM SRV vSW VMVM SRV vSW VMVM SW VMSRV vSW VMVM SRV vSW VMVM SW SW Stacking Type SW SW SW SW Box Type VM SRV vSW VMVM SRV vSW VMVM 1/10GbE Network 10/40GbE Network 10/40GbE Network Multicast FlowMulticast Flow Multicast Flow *SW: Ethernet Switch, SRV: Server, vSW: Virtual Switch on VMM, VM: Virtual Maching on VMM
  • 13. BASIC Configuration for LAN Vyatta vRouterVyatta vRouter
  • 14. Logical IP Networking Vyatta vRouterVyatta vRouter
  • 16. Logical IP Networking (MASTER) Vyatta vRouterVyatta vRouter
  • 17. Logical IP Networking (SLAVE) Vyatta vRouterVyatta vRouter
  • 20. Virtualization == H/W Abstraction
  • 21. Dual IPSec Tunneling Vyatta vRouterVyatta vRouter Vyatta vRouterVyatta vRouter
  • 22. Dual IPSec Tunneling # set vpn ipsec ike-group IKE lifetime 3600 # set vpn ipsec ike-group IKE proposal 1 encryption aes256 # set vpn ipsec ike-group IKE proposal 1 hash sha1 # set vpn ipsec esp-group ESP lifetime 1800 # set vpn ipsec esp-group ESP mode tunnel # set vpn ipsec esp-group ESP pfs enable # set vpn ipsec esp-group ESP proposal 1 encryption aes256 # set vpn ipsec esp-group ESP proposal 1 hash sha1 # set vpn ipsec ipsec-interfaces interface eth0 # set vpn ipsec site-to-site peer 133.242.YYY.3 authentication mode pre-shared-secret # set vpn ipsec site-to-site peer 133.242.YYY.3 authentication pre-shared-secret XXXX # set vpn ipsec site-to-site peer 133.242.YYY.3 connection-type initiate # set vpn ipsec site-to-site peer 133.242.YYY.3 default-esp-group ESP # set vpn ipsec site-to-site peer 133.242.YYY.3 ike-group IKE # set vpn ipsec site-to-site peer 133.242.YYY.3 local-address 133.242.XXX.1 # set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 local prefix 10.10.10.0/24 # set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 remote prefix 10.20.20.0/24 IKE ESP
  • 23. TCP-MSS Rewriting # set policy route TCP-MSS1386-ETH0 rule 1 destination address 10.20.20.0/24 # set policy route TCP-MSS1386-ETH0 rule 1 protocol tcp # set policy route TCP-MSS1386-ETH0 rule 1 set tcp-mss 1386 # set policy route TCP-MSS1386-ETH0 rule 1 tcp flags SYN # set interfaces tunnel eth0 policy route TCP-MSS1386-ETH0
  • 25. Clustering Configuration # set cluster dead-interval 1000 # set cluster group CLUSTER auto-failback true # set cluster interface eth0 # set cluster interface eth1 # set cluster keepalive-interval 200 # set cluster monitor-dead-interval 1000 # set cluster pre-shared-secret YYYYYY # set cluster group CLUSTER primary VR-1 # set cluster group CLUSTER secondary VR-2 # set cluster group CLUSTER service 10.10.10.100/24/eth1 # set cluster mcast-group 239.10.10.100
  • 27. Clustering Group Monitoring # set cluster group CLUSTER monitor 133.242.YYY.3
  • 29. Logical IP Networking (SLAVE) Disposal IPSec link
  • 30. Firewall/QoS Rule for DoS Attack
  • 31. Another solution: DMVPN Tunneling DATACENTER A DATACENTER BDATACENTER C
  • 32. DMVPN Tunneling with IPSec/BGP DATACENTER A DATACENTER BDATACENTER C AS65001 AS65002 AS65003 AS65005 AS65006AS65004
  • 33. Thanks for your interest. SAKURA Internet Research Center.