The Experts below are selected from a list of 6825 Experts worldwide ranked by ideXlab platform
Marco Carugi - One of the best experts on this subject based on the ideXlab platform.
-
Service Requirements for Layer 3 Provider Provisioned Virtual Private Networks (PPVPNs)
2005Co-Authors: Dave Mcdysan, Marco CarugiAbstract:This document provides requirements for Layer 3 Virtual Private Networks (L3VPNs). It identifies requirements applicable to a number of individual approaches that a Service Provider may use to provision a Virtual Private Network (VPN) service. This document expresses a service provider perspective, based upon past experience with IP-based service offerings and the ever-evolving needs of the customers of such services. Toward this end, it first defines terminology and states general requirements. Detailed requirements are expressed from a customer perspective as well as that of a service provider. This memo provides information for the Internet community.
-
layer 1 Virtual Private Networks service concepts architecture requirements and related advances in standardization
IEEE Communications Magazine, 2004Co-Authors: T Takeda, I Inoue, R Aubin, Marco CarugiAbstract:This article describes service concepts, service requirements, and high-level network architecture requirements for layer 1 Virtual Private network service. It takes in consideration progress achieved in standardization, mainly inside ITU-T SG 13, which has been very active in this area.
-
Virtual Private network services scenarios requirements and architectural constructs from a standardization perspective
IEEE Communications Magazine, 2004Co-Authors: Marco Carugi, J De ClercqAbstract:This article describes scenarios, general requirements, and architectural constructs for the emerging category of services known as Virtual Private Networks. According to the adopted reference models, the principal architectural choices in the service provider solution space and current VPN-related standardization initiatives are introduced.
Fei Chen - One of the best experts on this subject based on the ideXlab platform.
-
Privacy Preserving Collaborative Enforcement of Firewall Policies in Virtual Private Networks
2013Co-Authors: Alex X. Liu, Fei Chen, Student MemberAbstract:Abstract—The widely deployed Virtual Private Network (VPN) technology allows roaming users to build an encrypted tunnel to a VPN server, which, henceforth, allows roaming users to access some resources as if that computer were residing on their home organization’s network. Although VPN technology is very useful, it imposes security threats on the remote network because its firewall does not know what traffic is flowing inside the VPN tunnel. To address this issue, we propose VGuard, a framework that allows a policy owner and a request owner to collaboratively determine whether the request satisfies the policy without the policy owner knowing the request and the request owner knowing the policy. We first present an efficient protocol, called Xhash, for oblivious comparison, which allows two parties, where each party has a number, to compare whether they have the same number, without disclosing their numbers to each other. Then, we present the VGuard framework that uses Xhash as the basic building block. The basic idea of VGuard is to first convert a firewall policy to nonoverlapping numerical rules and then use Xhash to check whether a request matches a rule. Comparing with the Cross-Domain Cooperative Firewall (CDCF) framework, which represents the state-of-theart, VGuard is not only more secure but also orders of magnitude more efficient. On real-life firewall policies, for processing packets, our experimental results show that VGuard is three to four orders of magnitude faster than CDCF. Index Terms—Virtual Private Networks, privacy, network security.
-
privacy preserving collaborative enforcement of firewall policies in Virtual Private Networks
IEEE Transactions on Parallel and Distributed Systems, 2011Co-Authors: Fei ChenAbstract:The widely deployed Virtual Private Network (VPN) technology allows roaming users to build an encrypted tunnel to a VPN server, which, henceforth, allows roaming users to access some resources as if that computer were residing on their home organization's network. Although VPN technology is very useful, it imposes security threats on the remote network because its firewall does not know what traffic is flowing inside the VPN tunnel. To address this issue, we propose VGuard, a framework that allows a policy owner and a request owner to collaboratively determine whether the request satisfies the policy without the policy owner knowing the request and the request owner knowing the policy. We first present an efficient protocol, called Xhash, for oblivious comparison, which allows two parties, where each party has a number, to compare whether they have the same number, without disclosing their numbers to each other. Then, we present the VGuard framework that uses Xhash as the basic building block. The basic idea of VGuard is to first convert a firewall policy to nonoverlapping numerical rules and then use Xhash to check whether a request matches a rule. Comparing with the Cross-Domain Cooperative Firewall (CDCF) framework, which represents the state-of-the-art, VGuard is not only more secure but also orders of magnitude more efficient. On real-life firewall policies, for processing packets, our experimental results show that VGuard is three to four orders of magnitude faster than CDCF.
-
Collaborative Enforcement of Firewall Policies in Virtual Private Networks
2010Co-Authors: Alex X. Liu, Fei ChenAbstract:The widely deployed Virtual Private Network (VPN) technology allows roaming users to build an encrypted tunnel to a VPN server, which henceforth allows roaming users to access some resources as if that computer is residing on their home organization’s network. Although the VPN technology is very useful, it imposes security threats to the remote network because their firewall does not know what traffic is flowing inside the VPN tunnel. To address this issue, we propose VGuard, a framework that allows a policy owner and a request owner to collaboratively determine whether the request satisfies the policy without the policy owner knowing the request and the request owner knowing the policy. We first present an efficient protocol, called Xhash, for oblivious comparison, which allows two parties, where each party has a number, to compare whether they have the same number, without disclosing their numbers to each other. Then, we present the VGuard framework that uses Xhash as the basic building block. The basic idea of VGuard is to first convert a firewall policy to non-overlapping numerical rules and then use Xhash to check whether a request matches a rule. Comparing with the Cross-Domain Cooperative Firewall (CDCF) framework, which represents the state-of-theart, VGuard is not only more secure but also orders of magnitude more efficient. On real-life firewall policies, for processing packets, our experimental results show that VGuard is 552 times faster than CDCF on one party and 5035 times faster than CDCF on the other party
T Takeda - One of the best experts on this subject based on the ideXlab platform.
-
Framework and Requirements for Layer 1 Virtual Private Networks
2007Co-Authors: T TakedaAbstract:This document provides a framework and service level requirements for Layer 1 Virtual Private Networks (L1VPNs). This framework is intended to aid in developing and standardizing protocols and mechanisms to support interoperable L1VPNs. The document examines motivations for L1VPNs, high level (service level) requirements, and outlines some of the architectural models that might be used to build L1VPNs.
-
layer 1 Virtual Private Networks service concepts architecture requirements and related advances in standardization
IEEE Communications Magazine, 2004Co-Authors: T Takeda, I Inoue, R Aubin, Marco CarugiAbstract:This article describes service concepts, service requirements, and high-level network architecture requirements for layer 1 Virtual Private network service. It takes in consideration progress achieved in standardization, mainly inside ITU-T SG 13, which has been very active in this area.
Eric Rosen - One of the best experts on this subject based on the ideXlab platform.
-
provisioning auto discovery and signaling in layer 2 Virtual Private Networks l2vpns
RFC, 2011Co-Authors: Eric RosenAbstract:Provider Provisioned Layer 2 Virtual Private Networks (L2VPNs) may have different "provisioning models", i.e., models for what information needs to be configured in what entities. Once configured, the provisioning information is distributed by a "discovery process". When the discovery process is complete, a signaling protocol is automatically invoked to set up the mesh of pseudowires (PWs) that form the (Virtual) backbone of the L2VPN. This document specifies a number of L2VPN provisioning models, and further specifies the semantic structure of the endpoint identifiers required by each model. It discusses the distribution of these identifiers by the discovery process, especially when discovery is based on the Border Gateway Protocol (BGP). It then specifies how the endpoint identifiers are carried in the two signaling protocols that are used to set up PWs, the Label Distribution Protocol (LDP), and the Layer 2 Tunneling Protocol version 3 (L2TPv3). [STANDARDS- TRACK]
-
Framework for Layer 2 Virtual Private Networks (L2VPNs)
2006Co-Authors: Eric Rosen, Loa AnderssonAbstract:This document provides a framework for Layer 2 Provider Provisioned Virtual Private Networks (L2VPNs). This framework is intended to aid in standardizing protocols and mechanisms to support interoperable L2VPNs. This memo provides information for the Internet community.
-
bgp mpls ip Virtual Private Networks vpns
RFC, 2006Co-Authors: Eric Rosen, Yakov RekhterAbstract:This document describes a method by which a Service Provider may use an IP backbone to provide IP Virtual Private Networks (VPNs) for its customers. This method uses a "peer model", in which the customers' edge routers (CE routers) send their routes to the Service Provider's edge routers (PE routers); there is no "overlay" visible to the customer's routing algorithm, and CE routers at different sites do not peer with each other. Data packets are tunneled through the backbone, so that the core routers do not need to know the VPN routes. [STANDARDS-TRACK]
Nirwan Ansari - One of the best experts on this subject based on the ideXlab platform.
-
Toward IP Virtual Private network quality of service: a service provider perspective
IEEE Communications Magazine, 2003Co-Authors: Jingdi Zeng, Nirwan AnsariAbstract:To complement classical enterprise wide area network infrastructures, IP (based) Virtual Private Networks have been gaining ground, with the capability of offering cost-effective, secure, and Private-network-like services. In order to provision the equivalent quality of service of legacy connection-oriented layer 2 Virtual Private Networks (VPNs), IP VPNs have to overcome the intrinsically best effort characteristics of the Internet in this multimedia era. This article discusses the IP VPN quality of service (QoS) issue from a service provider point of view, where QoS guarantees are carried out at the network level as well as at the node level. It presents the whole picture by highlighting and stitching together various QoS enabling technologies from previous research and engineering work.
