Secured Voice over VPN Tunnel and QoS. Feature Paper



Similar documents
Intranet Security Solution

1.1. Abstract VPN Overview

Technical papers Virtual private networks

Assuring Your Business Continuity

Gigabit Multi-Homing VPN Security Router

Tunnel Routing. Preface. Challenge

Gigabit Content Security Router

November Defining the Value of MPLS VPNs

Cisco Which VPN Solution is Right for You?

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

MPLS L2VPN (VLL) Technology White Paper

QoS (Quality of Service)

ethernet services for multi-site connectivity security, performance, ip transparency

VPLS lies at the heart of our Next Generation Network approach to creating converged, simplified WANs.

Network Services Internet VPN

VPN. Date: 4/15/2004 By: Heena Patel

Cisco Networks (ONT) 2006 Cisco Systems, Inc. All rights reserved.

WAN Traffic Management with PowerLink Pro100

Secure Network Design: Designing a DMZ & VPN

Firewall Defaults and Some Basic Rules

MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper

IP Telephony Basics. Part of The Technology Overview Series for Small and Medium Businesses

Edgewater Routers User Guide

Internet Privacy Options

ISG50 Application Note Version 1.0 June, 2011

ALLNET ALL-VPN10. VPN/Firewall WLAN-N WAN Router

Virtual Private Networks

Creating a VPN Using Windows 2003 Server and XP Professional

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services

802.1p An IEEE standard for providing QoS using three bits (defined in 802.1q) to allow switches to reorder packets based on priority level.

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Edgewater Routers User Guide

Firewall Architecture

Gigabit SSL VPN Security Router

Small, Medium and Large Businesses

A Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform

Voice over IP Basics for IT Technicians

Virtual Private Networks Solutions for Secure Remote Access. White Paper

Truffle Broadband Bonding Network Appliance

Development of the FITELnet-G20 Metro Edge Router

Quidway MPLS VPN Solution for Financial Networks

CHAPTER 1 INTRODUCTION

Course 4: IP Telephony and VoIP

The term Virtual Private Networks comes with a simple three-letter acronym VPN

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack

Preparing Your IP network for High Definition Video Conferencing

Cisco RV 120W Wireless-N VPN Firewall

WHITEPAPER MPLS: Key Factors to Consider When Selecting Your MPLS Provider

Security and the Mitel Networks Teleworker Solution (6010) Mitel Networks White Paper

MPLS/IP VPN Services Market Update, United States

Enterprise Business Products 2014

Virtual Private Network and Remote Access Setup

CVOICE Exam Topics Cisco Voice over IP Exam # /14/2005

Internetworking II: VPNs, MPLS, and Traffic Engineering

Cisco Virtual Office Express

The Next Generation Network:

Chapter 12 Supporting Network Address Translation (NAT)

UIP1868P User Interface Guide

VPN. VPN For BIPAC 741/743GE

WAN. Introduction. Services used by WAN. Circuit Switched Services. Architecture of Switch Services

How Virtual Private Networks Work

Key Term Quiz Answers

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling

Virtual Privacy vs. Real Security

Gigabit Multi-Homing VPN Security Router

EdgeMarc 4508T4/4508T4W Converged Networking Router

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

GPRS / 3G Services: VPN solutions supported

Constructing High Quality IP Core Network

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

This chapter covers four comprehensive scenarios that draw on several design topics covered in this book:

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway

Voice over IP (VoIP) Basics for IT Technicians

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

How To Balance Out The Power Of The Usg On A Network On A Pc Or Mac Mac 2.5 (For A Mac 2) On A 2G Network On An Ipnet 2.2 (For An Ipro) On An Un

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

Nationwide WAN + VoIP connectivity

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Virtual Leased Line (VLL) for Enterprise to Branch Office Communications

Small Business Server Part 2

Huawei esight Brief Product Brochure

High Availability Private Network (HAPN ) Network Upgrade Case Study

IVCi s IntelliNet SM Network

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

The need for bandwidth management and QoS control when using public or shared networks for disaster relief work

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.

Virtual Private Network and Remote Access

PREPARED FOR ABC CORPORATION

Advanced Internetworking

Voice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology

Enterprise Network Solution

ZyXEL offer more than just a product, we offer a solution. The Prestige DSL router family benefits providers and resellers enabling them to offer:

Region 10 Videoconference Network (R10VN)

DrayTek Vigor High Performance Firewall Router. - VPN - Up to 200 concurrent tunnels. - Load Balancing & Failover between WAN ports

SBSCET, Firozpur (Punjab), India

Transcription:

Secured Voice over VPN Tunnel and QoS Feature Paper

Table of Contents Introduction...3 Preface...3 Chapter 1: The Introduction of Virtual Private Network (VPN) 3 1.1 The Functions and Types of VPN...3 1.2 The Integration of VPN and VoIP.... 4 Chapter 2: The Introduction of Quality of Service (QoS)...7 2.1 VLAN and QoS. 7 2.2 QoS Application - ATM QoS and IP QoS...8 2

Secured Voice over VPN tunnel and QoS To integrate the data, voice and video into a single device, to provide security mechanism of certain levels, and to realize bandwidth management, are what every system provider endeavors to accomplish. Preface Today, the mid- and high-level household or business routers are featured with built-in VPN (Virtual Private Network), which can protect important data from being illegally captured and decoded while transferring via VPN. Also, due to the varied Internet resources and the availability of data, household and office users have been introduced Quality of Service (QoS), a bandwidth management solution, to their work environment to ensure that their data are transferred in real time and the bandwidth are not illegally used or viciously abused. Since 2004, QoS has been deemed as one of the basic features, even for the ADSL routers, which are gateways responsible for outside connections. Abundant resources on the Internet often fascinate general Internet users. As they always download or share data with others on the Internet, how to play on-line games and send emails with ease has become an essential, and QoS is undoubtedly the best solution. Making calls over the Internet has been the dream of many people in early days. And since the Internet became popular, many people tried to take advantage of the Internet to transfer Voice over Internet Protocol, VoIP, for free calls without any distance limitation. Thanks to the maturity of Internet technology, such as SIP (Session Initiation Protocol) of VoIP and the expansion of bandwidth, the ADSL2/2+ now allows users to upgrade the download rate of 8 Mbps and the upload rate of 1 Mbps to 24 Mbps and 1 Mbps, respectively. All of the functions seem to be independent, however, through integrating them continuously, one single router can now perform all of the functions that originally were performed by many devices. Chapter 1 The Introduction of Virtual Private Network (VPN) 1.1 The Functions and Types of VPN VPN is a virtual tunnel built between two communication points on the Internet. All of the data transferred via the tunnel are secured. The greatest advantage 3

of VPN is that if there is important data transferred via the Internet and has been illegally captured, the hacker will not be able to read the data if they don t have the original encryption protocol. This feature is essential for the business users especially when they exchange information/data among their branches. Most of the mid- and high-level routers support VPN feature. Besides, because of the fierce competition in the communication market, some routers that are designed for household use also support the VPN feature and no longer just support VPN pass through feature. There are three common types of VPN, as follows: - PPTP - IPSec - L2TP within IPSec PPTP is the earliest type of VPN solutions, which protects data by building a virtual tunnel between two points. Data transferred through the tunnel are plain-coded. IPSec transfers data through general routers, however, the data are complex encrypted and it generates a new packet to be transferred. Because the encryption and decode processes are extremely complicated, it needs processors with higher performance in order to increase the bandwidth to process the data. L2TP within IPSec: L2TP integrates the functions provided by the PPTP from Microsoft and L2F provided by the Cisco System. It also builds a virtual tunnel for data transfer. However, in order to ensure the privacy of the transferred data, it encrypts the data in the tunnel again with advanced data protection. 1.2 The Integration of VPN and VoIP VoIP is one of the hottest issues today. It also represents the great improvement of voice transfer in recent years. In early days, most of the VoIP systems were H.323, and were too huge and complicated. Thus, recently two new standards, MGCP and SIP, have been introduced to replace the existing H. 323. SIP protocol is more popular and prevalent now and is the main investment target for many companies. However, as VoIP has been flourishing, the security problem haunted the 4

Internet for a long time has also become the nightmare for VoIP. VoIP transforms the voice into data and transfers it in IP packet format. It means that during data transfer, data might be sabotaged, attacked or stolen. However, on the existing architecture, as long as the routers support VPN, the users can easily set up the system to allow both parties have a call connection that is protected and safe. Next we ll discuss how to set up the system to protect voice data on the existing VPN routers. SIP not only supports proxy but also P2P (peer to peer). The P2P is a call connection method that users can call the IP address directly without any authentication. It will build a direct point-to-point connection to transfer voice data. Figure 1: Point-to-Point via VoIP We can build a VPN connection between the caller and the receiver to encrypt the voice data, secure the call and protect the content. The caller and the receiver s external IP address is the remote subnet or single IP address that are designated by the caller and the receiver when they set up the VPN. VPN Tunnel Figure 2: Building a VPN tunnel and Designation IP address 5

Therefore, when the users want to build the connection, they have to transfer the data to the remote devices, and then the routers will check it and confirm that the data are transferred to the destination IP address via a VPN tunnel. The voice data now can be transferred via the VPN to accomplish the goal of voice encryption for VoIP. VPN Tunnel Figure 3: Voice Encryption for VoIP via VPN Tunnel. Source: Billion Electric Co., Ltd It is especially suitable for the business users. Most of the business users intranet infrastructures use VPN for data communication between headquarters and its branches. How To take advantage of VoIP to save expensive phone charges is also the goal that many business users endeavor to accomplish. After all, phone BiPAC 7402VGO bills are accounted for a fairly large proportion of BILLION VoIP ADSL2+ VPN Firewall Router operating costs. How to take full advantage of the VoIP to reduce phone expenses and to secure the calls is a very important subject in the future. Taking Billion Electric s BiPAC 7402VGO Router as an example, it supports 16 IPSec VPN tunnels that allow office users to build a secured data transfer tunnel through the public Internet that embedded with 3DES accelerator to enhance the performance of IPSec VPN significantly. Meanwhile, it supports SIP, which is prevalent among the industry, to allow users to connect to ordinary phones to make a VoIP call through the two built-in FXS ports. When the power failure happens or the Internet is disconnected, the users still can make traditional calls via Public Switched Telephone Network (PSTN). 6

Chapter 2 The Introduction of Quality of Service (QoS) 2.1 VLAN and Quality of Service (QoS) In early days, the Internet applications were simpler. Most of the business users had encountered a lot of problems and most of the problems were about how to improve intranet environment, where there were too many broadcast packets and multicast packets, and about how to separate different departments for security reason to avoid unauthorized access to data. Virtual LAN (VLAN) is the early mechanism to separate multi-ethernet-port into different groups. Although the switch/hub provides an intelligent, auto-learning mechanism, it will send the packets to all of the Ethernet ports as it gathers broadcast packets and multicast packets, and thus resulting in unnecessary bandwidth usage. VLAN is designed to solve these problems. All of the broadcast packets and multicast packets are only sent to their own groups. However, this mechanism can only help to prevent too many broadcast packets being sent. In Quality of Service (QoS), VLAN can only help to get rid of unnecessary data broadcasting, but it cannot really help the applications required real time transfer, such as VPN, voice data, etc. The data that are transferred via VPN tunnels must be of some importance, and the bandwidth for the data transfer cannot be allocated to other resources and allow no delay, especially voice data. It was not until recent years that VoIP broke its bottleneck and gained users attention for some of the most important reasons, such as better computing compression, the expansion of bandwidth and so on, in order to enhance the quality of call service and provide more comprehensive phone services in comparison to that of traditional phones. The major reason that people love digital technology now more than ever is that due to the expansion of bandwidth, the service providers now can provide more diversified services to their customers. Also, QoS is the most important factor when people come to choose their Internet services and is one of the key requirements for the office and general household users. So, the important subject now is how to let everybody access and use the Internet resources conveniently and enjoy the good quality service with limited budget and bandwidth. 7

2.2 QoS Application- ATM QoS and IP QoS QoS: In early days, most of the network backbones were built on Asymmetric Transfer Mode (ATM) network. Every ATM network node builds multi-vc (Virtual Circuit) to transfer data. It is like the third layer routing table of the network layers and different VCs are designated to transfer the data to different service hosts. Because the bandwidth between two nodes is fixed, the default bandwidth for all VCs is equally allocated. However, since there is priority for the data transfer, the QoS mentioned in early days was related to how to control the bandwidth to achieve the optimal performance under the fixed bandwidth. The QoS was then referred to the ATM QoS. Recently the IP-based network backbones have been growing fast, and ATM QoS is obviously not suitable for IP network backbone. That is why people nowadays favor IP QoS over ATM QoS. Meanwhile, the SIP that applied to the VoIP is also based on IP level and its voice data transfer allows no delay. Today, the main IP QoS technologies are IntServ, DiffServ, QoS routing and MPLS. DiffServ is the most common QoS with easy-to-use and high scalability features. The basic application of DiffServ is to divide the user s data processing procedure into different levels based on the service application requirements and all data can pass through the network gateway freely. However, when the data flow reaches a certain level and the network traffic is jammed, the high-level data flow is prior to the low-level data flow with regard to data transfer and resource allocation. DiffServ only provides comparative service quality and guarantees the proportion of bandwidth available for the users based on different levels, but it doesn t guarantees any specific index of service quality for users. In physical applications, in comparison to general household users whose VoIP, game playing and Internet browsing needs should be handled with highest priority, VPN, VoIP and Email sending and receiving needs should be handled with highest priority for office users. The reason to set priority is that there are many P2P files sharing programs that will ask the users to approve the upload in order to share the resources on the Internet. Consequently, the programs like Bit Torrent or emule will occupy the bandwidth and some companies may not aware that their employees have been used up the bandwidth available. So when the network speed slows down, it doesn t mean that the users need more bandwidth, but need to analyze the utility rate and control it effectively in order to achieve optimal Internet services. 8

Building network backbone has been implemented for years, while ISPs (Internet Service Provider) keep expanding their network backbone bandwidth. Most of the terminal equipment supports QoS to allocate the management resource, but the real Internet bottleneck for the business users or general household users are existed in the external gateway. Taking the popular ADSL as example, although every ISP claims that they have enough bandwidth support to provide services to their customers, but the maximum bandwidth for each user is only 8 Mbps for download and 1 Mbps for upload. Even ADSL 2/2 + has only the bandwidth of 24Mbps(download) / 1Mbps(upload). That is why QoS is essential for every user. The bandwidth allocation for home users, small and medium-sized office users is illustrated in the following two tables. Table 1: QoS Example of Data Ratio and Priority setting for Home Users Table 2: QoS Example of Data Ratio and Priority settings for Office Users Source: Billion Electric Co., Ltd Taking Billion Electric s BiPAC 7402VGO Router as an example for quality of service (QoS) control, the router s DiffServ structure encompasses easy-to-use and high scalability features to ensure its bandwidth availability and QoS feature. It also allows users to set up priority level for data transfer, such as voice packet, FTP data or videoconference, etc. Moreover, it controls 9

speed of the network to allow business users to build VPN structure between headquarters and its branches, and thus allows users to make cheap VoIP calls, while enjoying fast and smooth connection. With easy and fast installation, this router integrates all functions into one device, and is perfectly designed for every system integration provider to meet every user s needs. 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information