NATIONAL RESEARCH AGENCY CASE STUDY - CCTV NETWORK SERVICES

Size: px
Start display at page:

Download "NATIONAL RESEARCH AGENCY CASE STUDY - CCTV NETWORK SERVICES"

Transcription

1 NATIONAL RESEARCH AGENCY CASE STUDY - CCTV NWORK SERVICES

2 A Major CCTV network and surveilance services provider chose Senetas certified high-speed encryptors to protect European law enforcement CCTV network transmitted data. Senetas CN Series encryptors enable certified data security and integrity without compromising CCTV network s performance. OUR CUSTOMER AND ITS NEEDS Our customer is a specialist in delivering intelligent and secure surveillance information in challenging environments; they work with governments and multinational corporations on the most complex and critical surveillance challenges within the defence, law enforcement and critical infrastructure sectors. Working with a law enforcement organisation in Northern Europe the challenge was to design a secure video distribution infrastructure that would allow sensitive CCTV streams to be securely distributed across the whole country. CCTV technology is commonly used to help protect high-profile locations such as borders, airports, public buildings, military bases, oil and gas facilities, public gathering areas and streets, ports and public transportation systems. Demand for live video is being driven by many sectors and has led to a proliferation of network video traffic much of which is sensitive and must be securely and efficiently transmitted across communication infrastructures. Specifically, CCTV data requires protection against privacy breaches and input of rogue data and any unauthorised access that may adversely affect the CCTV data s integrity. These are particularly important issues to law enforcement. Importantly, efficient video distribution, which typically involves very large volumes of data) uses multicast transmission protocols to ensure that data is only sent to devices that have requested it.

3 Secure Cloud service Figure 1 CCTV Network A first solution was considered based on a regular Layer 3 routed data network with all traffic to be using the common IPSec security protocol. IPSec is an industry standard for securing data across Layer 3 routed data network environments it is optimised for use on best-effort networks such as the Internet. However, the IPSec protocol has several limitations, especially when high-performance delivery of the CCTV feeds is required maximum speed, low latency and minimum network overhead. There are also technical issues of complexity that arise when encrypting at Layer 3. Layer 3 IPSec encryption solutions typically require customers to increase the network bandwidth at considerable cost to help overcome (in part) some of these limitations. IPSec introduces a high additional per frame overhead that may generate significant additional network bandwidth and latency when compared to the un traffic.

4 Encryption at Layer 3 IP Packet IP Header IP Payload IP Packet IP Transport Mode IP Header ESP Header IP Payload ESP Trailer ESP Authentication Exposed all IP addresses IP Packet IP Sec Tunnel Mode New IP Header ESP Header IP Header IP Payload ESP Trailer ESP Authentication Huge overhead (58-73 bytes) Has to participate in network routing Figure 2 IPSec encryption overhead Also, securing multicast encryption at Layer 3 is problematic because the underlying network requires additional routing protocols to support multicast traffic such as the Protocol-Independent Multicast (PIM) routing family. These protocols provide an additional level of complexity when required to interoperate with IPSec encryption. In practice the issue is that much of multicast IP (Internet Protocol) traffic is therefore encapsulated using GRE (Generic Routing Encapsulation) tunnels to allow the simpler encryption of unicast traffic, albeit with far higher overheads. Consequently, when encrypting at Layer 3, the underlying data network and equipment typically need to be of a higher specification and cost; and data delivery is very inefficient for larger scale multicast deployments. SENAS PRODUCT SOLUTION With the limitations and disadvantages of transmitting multi-location CCTV data across Layer 3 network links clearly identified, an alternative network architecture was considered. The alternative network architecture proposed and ultimately preferred) was based on a pure Layer 2 WAN service with high-speed encryption at the Ethernet layer. The Senetas CN high-speed encryptors would not add overheads to the network data; offered near-zero latency and have no impact on other network assets. Importantly at Layer 2, the Senetas encryptors provide far simpler set and forget implementation and ongoing management making the solution mush more efficient technically and financially. The Senetas encryption solution is optimised for network services such as Metro Ethernet E-LAN, E-LINE or E-TREE, layer 2 MPLS (VPLS) or across simple point-to-point dark fibre and WDM (Wavelength Division Multiplexor) connections. Because Layer 2 encryption occurs at the data link layer on Ethernet networks, the Ethernet payload is but the Ethernet header (including MAC addresses and VLAN identifiers) is unmodified allowing transmission across service provider networks. The Ethernet payload fully encapsulates the IP header and IP payloads which are also providing the additional security benefit of hiding all IP addresses in the transmitted data. By taking advantage of the underlying Layer 2 network characteristics, encryption at Layer 2 may deliver 100% throughput even at speeds up to 10Gbps with little or no additional per frame overhead. And because encryption occurs at the data link layer, no special configuration or protocols are required to encrypt multicast or broadcast traffic.

5 Senetas Encryption at Layer 2 DA SA VID MAC Header (18 bytes) Payload Data ( bytes) CRC Checksum (4 bytes) Simple transport mode Zero overhead all IP headers protected DA SA VID IV Payload ICV CRC MAC Header (18 bytes) SecTag (8 bytes) Data ( bytes) Integrity Check Value (4-16 bytes) Checksum (4 bytes) Authenticated mode Integrity reply protection 24 bytes overhead worst case Figure 3 Ethernet encryption overhead To ensure efficient multicast data transmission across a Layer 2 network, protocols such as IGMP or MLD are often deployed between hosts and routers. Network switches may also perform IGMP monitoring to listen in on the IGMP conversation allowing them to maintain a map of links that need IP multicast streams. This mechanism maintains data network efficiency by only delivering frames where they are needed. By allowing IGMP/MLD traffic to be bypassed (when required) a Layer 2 encryptor allows the network to continue operating with maximum efficiency without requiring any underlying changes to its operation. Ultimately, for these reasons of encryption and data network performance and efficiencies, the CCTV services provider and its customer chose to implement Senetas high-performance Ethernet encryptors. The Senetas CN encryptors protect data transmitted from approximately one hundred end points throughout northern Europe from where video traffic is distributed. By reducing the data latency and network overheads and minimising technical complexities, the Senetas CN encryptors maximise the available bandwidth for the customer s use. The customer is able to significantly reduce its bandwidth and network management requirements and ultimately its costs. THE OUTCOME AND CUSTOMER BENEFITS Senetas CN series Ethernet encryptors provide certified information security; full line rate encryption for all data transmitted across point-point, hub and spoke and fully meshed data network environments. Network performance is maximised for delivery of multicast as well as unicast traffic. Simple, automatic zero-touch key management ensures that encryption scales efficiently to the largest deployments. Figure 4 CN6040 Ethernet encryptor

6 Real throughput for varying frame size and encryption mode 100% 90% Throughput 80% 70% Sen CTR Shim rate 8 Sen GCM Shim rate 32 IPSec ESP IPSec GRE_ESP 60% 50% Frame Size Figure 5 Layer 2 vs Layer 3 throughput The continuous and consistent near-zero latency performance is enabled by Senetas s unique technology purpose built hardware encryption engines which perform cut-through processing of network traffic at wire speed. Their tamper resistant chassis provides protection to all encryption keys and user credentials at government certified levels. Senetas CN encryptors hold all three leading international, independent testing authority certifications FIPS, Common Criteria and CAPS.

7 Figure 6 CM7 Management tool To assist the ease of implementation and encryptor management, Senetas CM7 remote management software is provided to all customers. Large numbers of encryptors are easily and securely managed using Senetas CM7. Using SNMPv3 this tool provides simple, secure remote management either out-ofband or in-band using the Ethernet port. Other important benefits to our customer include: > > FLEXIBILITY AND INTEROPERABILITY Senetas s unique Field Programmable Gate Array technology which enables customisation flexibility. All CN encryptors are interoperable providing an efficient longterm investment. > > ZERO IMPACT Senetas CN encryptors have no impact on other network assets and do not require any network changes during implementation. > > OUTSTANDING RELIABILITY Senetas encryptors provide % uptime in the most demanding 24/7 availability environments. Their defence-grade design and manufacture ensure peace of mind. > > FIELD UPGRADABILITY among the various CN encryptors, many have field replaceable and upgradeable components.

ETHERNET WAN ENCRYPTION SOLUTIONS COMPARED

ETHERNET WAN ENCRYPTION SOLUTIONS COMPARED HERN WAN ENCRYPTION SOLUTIONS COMPARED KEY WORDS AND TERMS MACsec, WAN security, WAN data protection, MACsec encryption, network data protection, network data security, high-speed encryption, Senetas,

More information

ETHERNET ENCRYPTION MODES TECHNICAL-PAPER

ETHERNET ENCRYPTION MODES TECHNICAL-PAPER 1 ETHERNET ENCRYPTION MODES TECHNICAL-PAPER The CN series encryption platform is designed to secure information transmitted over a number of network protocols. The CN series encryptors secure Ethernet

More information

How To Protect Your Data With A Senior Security Encryptor From Being Hacked By A Hacker

How To Protect Your Data With A Senior Security Encryptor From Being Hacked By A Hacker CCTV NETWORK ENCRYPTION SOLUTIONS-PAPER CCTV S ADVANCES AND INCREASED USE IN PUBLIC AND PRIVATE APPLICATIONS DEMAND RIGOROUS DATA PROTECTION. WHETHER CCTV NETWORK DATA PROTECTION IS REGULATED OR NOT, THE

More information

THE DATA PROTECTION COMPANY HIGH EFFICIENCY SWITCHABLE CERTIFIED ENCRYPTION UP TO 10 GBPS CN6000 SERIES

THE DATA PROTECTION COMPANY HIGH EFFICIENCY SWITCHABLE CERTIFIED ENCRYPTION UP TO 10 GBPS CN6000 SERIES THE DATA ROTECTION COMANY HIGH EFFICIENCY SWITCHABLE CERTIFIED ENCRYTION U TO 10 GBS CN6000 SERIES CN6000 Series Encryptors CN6000 Series Encryptors scalable, efficient and certified - maximum protection

More information

Senetas CERTIFIED network data security - For commercial & industrial SENETAS CERTIFIED NETWORK DATA SECURITY - FOR COMMERCIAL & INDUSTRIAL

Senetas CERTIFIED network data security - For commercial & industrial SENETAS CERTIFIED NETWORK DATA SECURITY - FOR COMMERCIAL & INDUSTRIAL Senetas CERTIFIED network data security - For commercial & industrial SENETAS CERTIFIED NETWORK DATA SECURITY - FOR COMMERCIAL & INDUSTRIAL SENETAS CERTIFIED HARDWARE ENCRYPTORS ARE TRUSTED TO PROTECT

More information

Senetas CERTIFIED network data security - For Government SENETAS CERTIFIED NETWORK DATA SECURITY - FOR GOVERNMENT

Senetas CERTIFIED network data security - For Government SENETAS CERTIFIED NETWORK DATA SECURITY - FOR GOVERNMENT Senetas CERTIFIED network data security - For Government SENETAS CERTIFIED NETWORK DATA SECURITY - FOR SENETAS CERTIFIED HARDWARE ENCRYPTORS ARE TRUSTED BY S IN MORE THAN 20 COUNTRIES TO PROTECT SENSITIVE

More information

SENETAS CERTIFIED NETWORK DATA ENCRYPTION FOR COMMERCIAL AND INDUSTRIAL

SENETAS CERTIFIED NETWORK DATA ENCRYPTION FOR COMMERCIAL AND INDUSTRIAL SENETAS CERTIFIED NETWORK DATA ENCRYPTION FOR COMMERCIAL AND INDUSTRIAL Senetas certified hardware encryptors are trusted by market leading commercial and industrial organisations around the world to protect

More information

SECURE AVAYA FABRIC CONNECT SOLUTIONS WITH SENETAS ETHERNET ENCRYPTORS

SECURE AVAYA FABRIC CONNECT SOLUTIONS WITH SENETAS ETHERNET ENCRYPTORS SECURE AVAYA FABRIC CONNECT SOLUTIONS WITH SENETAS ETHERNET ENCRYPTORS AUDIENCE Data networks consultants, Network architects, designers and administrators/ managers, Systems Integrators (SI) and networks

More information

IN CONTROL AT LAYER 2: A TECTONIC SHIFT IN NETWORK SECURITY.

IN CONTROL AT LAYER 2: A TECTONIC SHIFT IN NETWORK SECURITY. IN CONTROL AT LAYER 2: A TECTONIC SHIFT IN NWORK SECURITY. WHO SHOULD READ THIS WHITE-PAPER: NWORK ARCHITECTS / MANAGERS, DATA SECURITY MANAGERS, CIOs, CSOs. EXECUTIVE SUMMARY Network hacking and corporate

More information

How To Secure My Data

How To Secure My Data How To Secure My Data What to Protect??? DATA Data At Rest Data at Rest Examples Lost Infected Easily Used as Backup Lent to others Data Corruptions more common Stolen Left at airports, on trains etc Hard

More information

Big Data solutions-paper

Big Data solutions-paper Big Data solutions-paper INFORMATION-RICH BIG DATA IS UNDER INCREASING THREAT OF THEFT AND BUSINESS DISRUPTION. AS THE NETWORKS AND TECHNOLOGIES THAT ENABLE BIG DATA COLLECTION, analyses SHARING AND STORAGE

More information

Layer 2 Network Encryption where safety is not an optical illusion Marko Bobinac SafeNet PreSales Engineer

Layer 2 Network Encryption where safety is not an optical illusion Marko Bobinac SafeNet PreSales Engineer Layer 2 Network Encryption where safety is not an optical illusion Marko Bobinac SafeNet PreSales Engineer Layer 2 Network Encryption where safety is not an optical illusion Todays Agenda Fibre is safe

More information

HIGH PERFORMANCE ENCRYPTION SOLUTIONS SECURING CRITICAL NATIONAL INFRASTRUCTURE

HIGH PERFORMANCE ENCRYPTION SOLUTIONS SECURING CRITICAL NATIONAL INFRASTRUCTURE HIGH PERFORMANCE ENCRYPTION SOLUTIONS SECURING CRITICAL NATIONAL INFRASTRUCTURE CRITICAL NATIONAL INFRASTRUCTURE The UKs national infrastructure is defined by Government as those facilities, systems, sites

More information

INFRASTRUCTURE CONTROL SYSTEMS ENCRYPTION

INFRASTRUCTURE CONTROL SYSTEMS ENCRYPTION INFRASTRUCTURE CONTROL SYSTEMS ENCRYPTION solutions-paper INFRASTRUCTURE AND INDUSTRIAL PROCESS AND CONTROL SYSTEMS SECURITY ARE OF NATIONAL IMPORTANCE DUE TO THEIR ESSENTIAL SERVICES AND ECONOMIC IMPACT.

More information

SafeNet Network Encryption Solutions Safenet High-Speed Network Encryptors Combine the Highest Performance With the Easiest Integration and

SafeNet Network Encryption Solutions Safenet High-Speed Network Encryptors Combine the Highest Performance With the Easiest Integration and SafeNet Network Encryption Solutions Safenet High-Speed Network Encryptors Combine the Highest Performance With the Easiest Integration and Management SafeNet Network Encryption and Isolation Solution

More information

LAYER 2 ENCRYPTORS METRO AND CARRIER ETHERNET METROS AND WIDE AREA NETWORKS ETHERNET ENCRYPTION FOR PRESENTS:

LAYER 2 ENCRYPTORS METRO AND CARRIER ETHERNET METROS AND WIDE AREA NETWORKS ETHERNET ENCRYPTION FOR PRESENTS: PRESENTS: LAYER 2 ENCRYPTORS FOR METRO AND CARRIER ETHERNET METROS AND WIDE AREA NETWORKS ETHERNET ENCRYPTION INTRODUCTION: PROTECTING VIRTUAL PRIVATE NETWORKS AND LAN EXTENSIONS: LAYER 2 VS. LAYER 3 Version

More information

data Centres solutions-paper

data Centres solutions-paper data Centres solutions-paper DATA CENTRE TECHNOLOGY GROWTH AND THEIR NETWORKS HAVE GAINED INCREASING CYBER-CRIMINAL ATTENTION. THE RISKS OF SERIOUS BUSINESS DISRUPTION, DATA THEFT AND BREACHES HAVE INCREASED

More information

Demonstrating the high performance and feature richness of the compact MX Series

Demonstrating the high performance and feature richness of the compact MX Series WHITE PAPER Midrange MX Series 3D Universal Edge Routers Evaluation Report Demonstrating the high performance and feature richness of the compact MX Series Copyright 2011, Juniper Networks, Inc. 1 Table

More information

Virtual Privacy vs. Real Security

Virtual Privacy vs. Real Security Virtual Privacy vs. Real Security Certes Networks at a glance Leader in Multi-Layer Encryption Offices throughout North America, Asia and Europe Growing installed based with customers in 37 countries Developing

More information

High Speed Encryption Made in Germany

High Speed Encryption Made in Germany High Speed Encryption Made in Germany Today s Trends in Network Encryption 2 Today s Trends in Network Encryption Contents Background ATMedia GmbH Why Encryption? Which Encryption? How to deploy Encryption

More information

VXLAN: Scaling Data Center Capacity. White Paper

VXLAN: Scaling Data Center Capacity. White Paper VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where

More information

High speed Ethernet WAN: Is encryption compromising your network?

High speed Ethernet WAN: Is encryption compromising your network? High speed Ethernet WAN: Is encryption compromising your network? Trademark: 2010 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names

More information

Rohde & Schwarz R&S SITLine ETH VLAN Encryption Device Functionality & Performance Tests

Rohde & Schwarz R&S SITLine ETH VLAN Encryption Device Functionality & Performance Tests Rohde & Schwarz R&S Encryption Device Functionality & Performance Tests Introduction Following to our test of the Rohde & Schwarz ETH encryption device in April 28 the European Advanced Networking Test

More information

TrustNet Group Encryption

TrustNet Group Encryption TrustNet Group Encryption Executive Summary Protecting data in motion has become a high priority for a growing number of companies. As more companies face the real and growing threat of data theft, along

More information

High Speed Ethernet WAN: Is encryption compromising your network?

High Speed Ethernet WAN: Is encryption compromising your network? High Speed Ethernet WAN: Is encryption compromising your network? 2015 Gemalto 2015. All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain

More information

WAN and VPN Solutions:

WAN and VPN Solutions: WAN and VPN Solutions: Choosing the Best Type for Your Organization xo.com WAN and VPN Solutions: Choosing the Best Type for Your Organization WAN and VPN Solutions: Choosing the Best Type for Your Organization

More information

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation

More information

ethernet services for multi-site connectivity security, performance, ip transparency

ethernet services for multi-site connectivity security, performance, ip transparency ethernet services for multi-site connectivity security, performance, ip transparency INTRODUCTION Interconnecting three or more sites across a metro or wide area network has traditionally been accomplished

More information

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling Release: 1 ICTTEN6172A Design and configure an IP-MPLS network with virtual private network tunnelling Modification

More information

TrustNet CryptoFlow. Group Encryption WHITE PAPER. Executive Summary. Table of Contents

TrustNet CryptoFlow. Group Encryption WHITE PAPER. Executive Summary. Table of Contents WHITE PAPER TrustNet CryptoFlow Group Encryption Table of Contents Executive Summary...1 The Challenges of Securing Any-to- Any Networks with a Point-to-Point Solution...2 A Smarter Approach to Network

More information

Extending Networking to Fit the Cloud

Extending Networking to Fit the Cloud VXLAN Extending Networking to Fit the Cloud Kamau WangŨ H Ũ Kamau Wangũhgũ is a Consulting Architect at VMware and a member of the Global Technical Service, Center of Excellence group. Kamau s focus at

More information

Lecture 17 - Network Security

Lecture 17 - Network Security Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat

More information

Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.

Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. A Network and Data Link Layer infrastructure Design to Improve QoS in Voice and video Traffic Jesús Arturo Pérez,

More information

Universal Network Access Policy

Universal Network Access Policy Universal Network Access Policy Purpose Poynton Workmens Club makes extensive use of network ed Information Technology resources to support its research and administration functions and provides a variety

More information

Using & Offering Wholesale Ethernet Network and Operational Considerations

Using & Offering Wholesale Ethernet Network and Operational Considerations White Paper Using and Offering Wholesale Ethernet Using & Offering Wholesale Ethernet Network and Operational Considerations Introduction Business services customers are continuing to migrate to Carrier

More information

MPLS/IP VPN Services Market Update, 2014. United States

MPLS/IP VPN Services Market Update, 2014. United States MPLS/IP VPN Services Market Update, 2014 United States August 2014 Contents Section Slide Numbers Executive Summary 4 Market Overview & Definitions 8 Drivers & Restraints 14 Market Trends & Revenue Forecasts

More information

BLACK BOX. EncrypTight

BLACK BOX. EncrypTight WAN Encryption Secure WAN links without tunnels!» Strong WAN encryption without IPsec VPN tunnels.» Multilayer encryption.» Transparent operation without latency. BLACK BOX 724-746-5500 blackbox.com/go/

More information

Ethernet, VLAN, Ethernet Carrier Grade

Ethernet, VLAN, Ethernet Carrier Grade Ethernet, VLAN, Ethernet Carrier Grade Dr. Rami Langar LIP6/PHARE UPMC - University of Paris 6 Rami.langar@lip6.fr www-phare.lip6.fr/~langar RTEL 1 Point-to-Point vs. Broadcast Media Point-to-point PPP

More information

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various

More information

Three Key Design Considerations of IP Video Surveillance Systems

Three Key Design Considerations of IP Video Surveillance Systems Three Key Design Considerations of IP Video Surveillance Systems 2012 Moxa Inc. All rights reserved. Three Key Design Considerations of IP Video Surveillance Systems Copyright Notice 2012 Moxa Inc. All

More information

Cisco Group Encrypted Transport VPN: Tunnel-less VPN Delivering Encryption and Authentication for the WAN

Cisco Group Encrypted Transport VPN: Tunnel-less VPN Delivering Encryption and Authentication for the WAN Cisco Group Encrypted Transport VPN: Tunnel-less VPN Delivering Encryption and Authentication for the WAN Product Overview Today s networked applications such as voice and video are accelerating the need

More information

The Wireless Network Road Trip

The Wireless Network Road Trip The Wireless Network Road Trip The Association Process To begin, you need a network. This lecture uses the common logical topology seen in Figure 9-1. As you can see, multiple wireless clients are in

More information

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications Product Overview Cisco Dynamic Multipoint VPN (DMVPN) is a Cisco IOS Software-based security solution for building scalable

More information

Network Virtualization for Large-Scale Data Centers

Network Virtualization for Large-Scale Data Centers Network Virtualization for Large-Scale Data Centers Tatsuhiro Ando Osamu Shimokuni Katsuhito Asano The growing use of cloud technology by large enterprises to support their business continuity planning

More information

WAN Data Link Protocols

WAN Data Link Protocols WAN Data Link Protocols In addition to Physical layer devices, WANs require Data Link layer protocols to establish the link across the communication line from the sending to the receiving device. 1 Data

More information

Certes Networks Layer 4 Encryption. Network Services Impact Test Results

Certes Networks Layer 4 Encryption. Network Services Impact Test Results Certes Networks Layer 4 Encryption Network Services Impact Test Results Executive Summary One of the largest service providers in the United States tested Certes Networks Layer 4 payload encryption over

More information

- Hubs vs. Switches vs. Routers -

- Hubs vs. Switches vs. Routers - 1 Layered Communication - Hubs vs. Switches vs. Routers - Network communication models are generally organized into layers. The OSI model specifically consists of seven layers, with each layer representing

More information

diversifeye Application Note

diversifeye Application Note diversifeye Application Note Test Performance of IGMP based Multicast Services with emulated IPTV STBs Shenick Network Systems Test Performance of IGMP based Multicast Services with emulated IPTV STBs

More information

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles. Data Networking and Architecture The course focuses on theoretical principles and practical implementation of selected Data Networking protocols and standards. Physical network architecture is described

More information

Virtual Private LAN Service (VPLS)

Virtual Private LAN Service (VPLS) Virtual Private LAN Service (VPLS) Walking through Wan history, from the early days Leased lines Customers subscribe to dedicated point-to-point links Cost prohibitive for customers Started in the 1980

More information

Layer 2 Encryption Fortifying data transport

Layer 2 Encryption Fortifying data transport autumn meeting 2014 Layer 2 Encryption Fortifying data transport Christian Zank n Cube Optics AG n October 2, 2014 Need for Encryption? n 50.000 network intrusions detected every day Cisco 2013 n Data

More information

VLANs. Application Note

VLANs. Application Note VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static

More information

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2 1 ISTANBUL 1.1 MPLS overview 1 1.1.1 Principle Use of a ATM core network 2 Overlay Network One Virtual Circuit per communication No routing protocol Scalability problem 2 1.1.1 Principle Weakness of overlay

More information

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business

More information

ITL BULLETIN FOR JANUARY 2011

ITL BULLETIN FOR JANUARY 2011 ITL BULLETIN FOR JANUARY 2011 INTERNET PROTOCOL VERSION 6 (IPv6): NIST GUIDELINES HELP ORGANIZATIONS MANAGE THE SECURE DEPLOYMENT OF THE NEW NETWORK PROTOCOL Shirley Radack, Editor Computer Security Division

More information

ENTERPRISE CONNECTIVITY

ENTERPRISE CONNECTIVITY ENTERPRISE CONNECTIVITY IP Services for Business, Governmental & Non-Governmental Organizations The success of today s organizations and enterprises highly depends on reliable and secure connectivity.

More information

MPLS Layer 3 and Layer 2 VPNs over an IP only Core. Rahul Aggarwal Juniper Networks. rahul@juniper.net

MPLS Layer 3 and Layer 2 VPNs over an IP only Core. Rahul Aggarwal Juniper Networks. rahul@juniper.net MPLS Layer 3 and Layer 2 VPNs over an IP only Core Rahul Aggarwal Juniper Networks rahul@juniper.net Agenda MPLS VPN services and transport technology Motivation for MPLS VPN services over an IP only core

More information

Wireless Encryption Protection

Wireless Encryption Protection Wireless Encryption Protection We re going to jump around a little here and go to something that I really find interesting, how do you secure yourself when you connect to a router. Now first and foremost

More information

Group Encryption. The key to protecting data in motion BLACK BOX. 724-746-5500 blackbox.com

Group Encryption. The key to protecting data in motion BLACK BOX. 724-746-5500 blackbox.com The key to protecting data in motion BLACK BOX 724-746-5500 blackbox.com Table of Contents Introduction... 3 Why data encryption?... 3 Types of data encryption... 4 The problem with IPsec... 5 The group

More information

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs A Silicon Valley Insider MPLS VPN Services PW, VPLS and BGP MPLS/IP VPNs Technology White Paper Serge-Paul Carrasco Abstract Organizations have been demanding virtual private networks (VPNs) instead of

More information

SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE

SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE VSPEX IMPLEMENTATION GUIDE SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE Silver Peak Abstract This Implementation Guide describes the deployment of Silver Peak

More information

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode 13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4

More information

Communication Networks. MAP-TELE 2011/12 José Ruela

Communication Networks. MAP-TELE 2011/12 José Ruela Communication Networks MAP-TELE 2011/12 José Ruela Network basic mechanisms Introduction to Communications Networks Communications networks Communications networks are used to transport information (data)

More information

How To Configure Voice Vlan On An Ip Phone

How To Configure Voice Vlan On An Ip Phone 1 VLAN (Virtual Local Area Network) is used to logically divide a physical network into several broadcast domains. VLAN membership can be configured through software instead of physically relocating devices

More information

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)

More information

hp ProLiant network adapter teaming

hp ProLiant network adapter teaming hp networking june 2003 hp ProLiant network adapter teaming technical white paper table of contents introduction 2 executive summary 2 overview of network addressing 2 layer 2 vs. layer 3 addressing 2

More information

MPLS VPN basics. E-Guide

MPLS VPN basics. E-Guide E-Guide In this eguide discover the differences between MPLS VPNs and traditional virtual private networks, as well as the advantages and disadvantages of the latest in service provider offerings. While

More information

L2 Box. Layer 2 Network encryption Verifiably secure, simple, fast.

L2 Box. Layer 2 Network encryption Verifiably secure, simple, fast. L2 Box Layer 2 Network encryption Verifiably secure, simple, fast. reliable line encryption. Nowadays internal and confidential data is exchanged between locations or computer centres of public authorities

More information

Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance

Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance Johnnie Chen Project Manager of Network Security Group Network Benchmarking Lab Network Benchmarking Laboratory

More information

Successfully Delivering Multiple Leased Line, Cloud and Storage Connectivity solutions on a Common Optical Platform

Successfully Delivering Multiple Leased Line, Cloud and Storage Connectivity solutions on a Common Optical Platform Successfully Delivering Multiple Leased Line, Cloud and Storage Connectivity solutions on a Common Optical Platform Steve Blew Surf Telecoms Commercial Strategy & Development Manager Neil Sugden Transmode

More information

Simwood Carrier Ethernet

Simwood Carrier Ethernet Simwood Carrier Ethernet Simwood Carrier Ethernet is a high security, low latency means to connect sites or services either point-to-point or as a mesh. We use a number of technologies on top of our own

More information

Lab VI Capturing and monitoring the network traffic

Lab VI Capturing and monitoring the network traffic Lab VI Capturing and monitoring the network traffic 1. Goals To gain general knowledge about the network analyzers and to understand their utility To learn how to use network traffic analyzer tools (Wireshark)

More information

How To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan

How To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan Centec s SDN Switch Built from the Ground Up to Deliver an Optimal Virtual Private Cloud Table of Contents Virtualization Fueling New Possibilities Virtual Private Cloud Offerings... 2 Current Approaches

More information

EVALUATING NETWORKING TECHNOLOGIES

EVALUATING NETWORKING TECHNOLOGIES WHITE PAPER EVALUATING NETWORKING TECHNOLOGIES CONTENTS EXECUTIVE SUMMARY 01 NETWORKS HAVE CHANGED 02 Origin of VPNS Next-generation VPNS TODAY S CHOICES 04 Layer 3 VPNS Layer 2 VPNS MAKING YOUR DECISION

More information

Virtual Private Networks

Virtual Private Networks Virtual Private Networks The Ohio State University Columbus, OH 43210 Jain@cse.ohio-State.Edu http://www.cse.ohio-state.edu/~jain/ 1 Overview Types of VPNs When and why VPN? VPN Design Issues Security

More information

WHITEPAPER. VPLS for Any-to-Any Ethernet Connectivity: When Simplicity & Control Matter

WHITEPAPER. VPLS for Any-to-Any Ethernet Connectivity: When Simplicity & Control Matter WHITEPAPER VPLS for Any-to-Any Ethernet Connectivity: When Simplicity & Control Matter The Holy Grail: Achieving Simplicity and Control in the IT Infrastructure Today s Information Technology decision-makers

More information

Network Simulation Traffic, Paths and Impairment

Network Simulation Traffic, Paths and Impairment Network Simulation Traffic, Paths and Impairment Summary Network simulation software and hardware appliances can emulate networks and network hardware. Wide Area Network (WAN) emulation, by simulating

More information

Service Definition. Internet Service. Introduction. Product Overview. Service Specification

Service Definition. Internet Service. Introduction. Product Overview. Service Specification Service Definition Introduction This Service Definition describes Nexium s from the customer s perspective. In this document the product is described in terms of an overview, service specification, service

More information

Best practices for protecting network data

Best practices for protecting network data Best practices for protecting network data A company s value at risk The biggest risk to network security is underestimating the threat to network security. Recent security breaches have proven that much

More information

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet CCNA R&S: Introduction to Networks Chapter 5: Ethernet 5.0.1.1 Introduction The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.

More information

WAN Optimization. Riverbed Steelhead Appliances

WAN Optimization. Riverbed Steelhead Appliances WAN Optimization Riverbed Steelhead Appliances Steelhead appliances deliver the highest performance and the most scalable wide-area data services solution available, overcoming both bandwidth and latency

More information

ADVANCED NETWORK CONFIGURATION GUIDE

ADVANCED NETWORK CONFIGURATION GUIDE White Paper ADVANCED NETWORK CONFIGURATION GUIDE CONTENTS Introduction 1 Terminology 1 VLAN configuration 2 NIC Bonding configuration 3 Jumbo frame configuration 4 Other I/O high availability options 4

More information

Tunnel Routing. Preface. Challenge

Tunnel Routing. Preface. Challenge Tunnel Routing Preface As the pace of economic globalization picks up, more and more enterprises have set up branch offices beyond the geographical boundaries. Traditionally, private leased lines are used

More information

LAYER 1 & LAYER 2 ENCRYPTION WHY: ONE SIZE DOES NOT FIT ALL

LAYER 1 & LAYER 2 ENCRYPTION WHY: ONE SIZE DOES NOT FIT ALL LAYER 1 & LAYER 2 ENCRYPTION WHY: ONE SIZE DOES NOT FIT ALL GIVEN ON 4/28/2015 Todd Bundy Director of Global Business Development ADVA Optical Networking tbundy@advaoptical.com 203-546-8230 2015 Internet2

More information

Layer 3 Network + Dedicated Internet Connectivity

Layer 3 Network + Dedicated Internet Connectivity Layer 3 Network + Dedicated Internet Connectivity Client: One of the IT Departments in a Northern State Customer's requirement: The customer wanted to establish CAN connectivity (Campus Area Network) for

More information

Unified Services Routers

Unified Services Routers High-Performance VPN Protocols IPSec PPTP L2TP SSL VPN Tunnels Up to 25 (DSR-250N) Up to 35 (DSR-500/500N) Up to 70 (DSR-1000/1000N) SSL VPN tunnels Up to 5 (DSR-250N) Up to 10 (DSR-500/500N) Up to 20

More information

ETHERNET CONNECT. CONNECT YOUR BUSINESS WITH A FLEXIBLE, HIGH-PERFORMANCE NETWORK THAT S BUILT FOR RELIABILITY.

ETHERNET CONNECT. CONNECT YOUR BUSINESS WITH A FLEXIBLE, HIGH-PERFORMANCE NETWORK THAT S BUILT FOR RELIABILITY. ETHERNET CONNECT. CONNECT YOUR BUSINESS WITH A FLEXIBLE, HIGH-PERFORMANCE NETWORK THAT S BUILT FOR RELIABILITY. I can t believe how much I ve done already. Link your sites across the UK with one secure

More information

Metro Ethernet Services

Metro Ethernet Services CHAPTER 6 Metro Ethernet Service Framework This chapter describes the typical available from service providers (SPs). For the most part, these services are derived from and map to the following Metro Ethernet

More information

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec CSCI 454/554 Computer and Network Security Topic 8.1 IPsec Outline IPsec Objectives IPsec architecture & concepts IPsec authentication header IPsec encapsulating security payload 2 IPsec Objectives Why

More information

VPLS lies at the heart of our Next Generation Network approach to creating converged, simplified WANs.

VPLS lies at the heart of our Next Generation Network approach to creating converged, simplified WANs. Virtual Private LAN Service (VPLS) A WAN that thinks it s a LAN. VPLS is a high security, low latency means to connect sites or services either point-to-point or as a mesh. We use Virtual Private LAN Service

More information

Cisco Networks (ONT) 2006 Cisco Systems, Inc. All rights reserved.

Cisco Networks (ONT) 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) reserved. Lesson 2.4: Calculating Bandwidth Requirements for VoIP reserved. Objectives Describe factors influencing encapsulation overhead and bandwidth requirements

More information

Virtual Private LAN Service (VPLS) Conformance and Performance Testing Sample Test Plans

Virtual Private LAN Service (VPLS) Conformance and Performance Testing Sample Test Plans Virtual Private LAN Service (VPLS) Conformance and Performance Testing Sample Test Plans Contents Overview...3 1. VPLS Traffic CoS Test...3 2. VPLS VSI Isolation Test...5 3. VPLS MAC Address Purge Test...7

More information

UNDERSTANDING BUSINESS ETHERNET SERVICES

UNDERSTANDING BUSINESS ETHERNET SERVICES UNDERSTANDING BUSINESS ETHERNET SERVICES EMPOWER YOUR BUSINESS TO MEET 21ST CENTURY DEMANDS INTRODUCTION The network is your business has been a mantra for many years indicating how businesses rely more

More information

Six reasons to access cloud services over a private connection and not the Internet

Six reasons to access cloud services over a private connection and not the Internet 1 Six reasons to access cloud services over a private connection and not the Internet The benefits of moving to cloud computing are stronger than ever for New Zealand organisations. Selecting the best

More information

UNDERSTANDING BUSINESS ETHERNET SERVICES

UNDERSTANDING BUSINESS ETHERNET SERVICES EMPOWER YOUR BUSINESS TO MEET 21ST CENTURY DEMANDS INTRODUCTION The network is your business has been a mantra for many years indicating how businesses rely more heavily on being networked between their

More information

TDM services over IP networks

TDM services over IP networks Keyur Parikh Junius Kim TDM services over IP networks 1. ABSTRACT Time Division Multiplexing (TDM) circuits have been the backbone of communications over the past several decades. These circuits which

More information

VPN taxonomy. János Mohácsi NIIF/HUNGARNET tf-ngn meeting April 2005

VPN taxonomy. János Mohácsi NIIF/HUNGARNET tf-ngn meeting April 2005 VPN taxonomy János Mohácsi NIIF/HUNGARNET tf-ngn meeting April 2005 VPNs Definition: the capability of both private and public networks to support a communication infrastructure connecting geographically

More information