31 |
MobiVPN: Towards a Reliable and Efficient Mobile VPNJanuary 2017 (has links)
abstract: A Virtual Private Network (VPN) is the traditional approach for an end-to-end secure connection between two endpoints. Most existing VPN solutions are intended for wired networks with reliable connections. In a mobile environment, network connections are less reliable and devices experience intermittent network disconnections due to either switching from one network to another or experiencing a gap in coverage during roaming. These disruptive events affects traditional VPN performance, resulting in possible termination of applications, data loss, and reduced productivity. Mobile VPNs bridge the gap between what users and applications expect from a wired network and the realities of mobile computing.
In this dissertation, MobiVPN, which was built by modifying the widely-used OpenVPN so that the requirements of a mobile VPN were met, was designed and developed. The aim in MobiVPN was for it to be a reliable and efficient VPN for mobile environments. In order to achieve these objectives, MobiVPN introduces the following features: 1) Fast and lightweight VPN session resumption, where MobiVPN is able decrease the time it takes to resume a VPN tunnel after a mobility event by an average of 97.19\% compared to that of OpenVPN. 2) Persistence of TCP sessions of the tunneled applications allowing them to survive VPN tunnel disruptions due to a gap in network coverage no matter how long the coverage gap is. MobiVPN also has mechanisms to suspend and resume TCP flows during and after a network disconnection with a packet buffering option to maintain the TCP sending rate. MobiVPN was able to provide fast resumption of TCP flows after reconnection with improved TCP performance when multiple disconnections occur with an average of 30.08\% increase in throughput in the experiments where buffering was used, and an average of 20.93\% of increased throughput for flows that were not buffered. 3) A fine-grained, flow-based adaptive compression which allows MobiVPN to treat each tunneled flow independently so that compression can be turned on for compressible flows, and turned off for incompressible ones. The experiments showed that the flow-based adaptive compression outperformed OpenVPN's compression options in terms of effective throughput, data reduction, and lesser compression operations. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2017
|
32 |
Omdesign av Intranät : vid Svenska Kyrkan i NorrköpingPersson, Erik January 2017 (has links)
Svenska Kyrkan i Norrköping upplever idag att de har ett virtuellt intranät som skulle kunna fungera bättre. Problematiken tycker de ligger i underliga trafikflöden, utarmning av IP-adresser och hög komplexitet. Därtill undrar de om det inte är hög tid att höja bandbredden ut från flera av byggnaderna. Min målsättning med arbetet är att utifrån de största församlingarna samt Kyrkans Hus – där organisationens IT-kontor och serverfarm är belägna – kunna ge rekommendationer på åtgärder och förändringar som ska kunna avhjälpa denna problematik och förhoppningsvis framtidssäkra några av dessa aspekter. Under mitt arbete har jag tagit ut rudimentära baselinemätningar, IP-adresseringstabeller och sammanställningar av trafikflöden i syfte att skapa en nulägesanalys. Jag har också ämnat illustrera den problematik som låg till grund för arbetets utformning. I min rapport har jag också behandlat moderna IT-trender såsom tunna klienter, virtualiseringsmiljöer och BYOD, Bring Your Own Device. Detta arbete har resulterat i ett generellt designförslag med redundanslänkar, gästnätverk och stöd för Ipv6 med olika alternativ inom samtliga aspekter, vilka kan användas för att skräddarsy implementeringen av de olika teknologierna. För en mer allomfattande, grundlig och slutgiltig design av intranätet som helhet skulle en mer omfattande dokumentation behövas, tillsammans med uppskattning av nätverksanvändning, IP-adressering samt budgetering. / The Church of Sweden in Norrköping are currently faced with a virtual intranet that they feel could be improved. Some of the problems they have identified are unusual traffic forwardin patterns, exhaustion of the IP adress pool and a high level of complexity. In addition, they feel that it might be time to increase the bandwidth that some of the buildings have access to. My goal with this paper – based on the largest parishes and Kyrkan Hus, where the organization’s IT office and server farm lies – is to give recommendations in terms of actions and changes that could mitigate these issues and hopefully provide a more future proof solution. During my work I have taken some rudimentary baseline readings, IP addressing tables and compilations of network flows, in order to create a current situation analysis, which I have used to draw some of my conclusions. I have also aimed to illustrate the problems that have formed the foundation for this work. In my report I have also discussed some modern IT trends, such as thin clients, virtual environments and BYOD, Bring Your Own Device. This assignment has resulted in a general design proposal with redundant links, guest networks and Ipv6 support, with different alternatives withing each aspect, which can be used to further tailor the implementations of the different technologies. For a more all encompassing, thorough design of the intranet as a whole we’d need a more complete documentation, together with approximations and evaluations regarding network usage, IP addressing and budget.
|
33 |
Qualitative analysis about the experience of VPN from people with software expertise in SwedenGerdtsson, Markus, Nielsen, Erik January 2022 (has links)
VPN is primarily used to encrypt your network traffic and identity online securely from a private location. This can be used as a safety measure to prevent theft of personal data. It also allows its user to change the geolocation to wherever they want which unlocks the possibility to use another country's services. Related work has shown that there are also downsides to using VPN services. Some VPN solutions do have security problems that its user could be unaware of. This study explored the experience and beliefs surrounding the usage of VPN while browsing the internet from people with software expertise. Interviews were conducted with people in different areas surrounding usage of VPN services to get a deeper understanding of why VPN is used and to what extent they believe VPN is providing anonymity and security of their data. The findings from this study is that the main reason to use a VPN is to access unavailable services. These services can vary from content online that is not available in the region from where you access the internet to services that are work related and locked to specific networks. Another finding was also that among these people the belief that the use of a VPN was enough to make a user anonymous by itself is controversial.
|
34 |
IPv6-adresshantering och prefixdelegering i MPLS VPN-nät / IPv6 adress management and prefix delegation in MPLS VPN networkDahlberg, Axel, Francén, Jonas January 2013 (has links)
För full migrering till IPv6 behöver utbudet av datakommuniktionsstjänster anpassas för den nyagenerationens IP-protokoll med bevarad eller utökad funktionalitet. Detta examensarbetes mål äratt ta fram en eller flera lösningar som möter krav och tekniska förutsättningar för att utöka företagetDGC:s tjänst IP-VPN för IPv6. Detta innefattar adresstilldelningstekniker som prefixdelegeringoch automatisk adresskonfigurering i befintlig nätinfrastruktur.Lösningarna presenteras i sex framtagna scenarier som har undersökts utifrån tester, analys ocherfarna problem som uppstått. Undersökningen formade kriterierna skalbarhet, konfigurationenskomplexitet, kompatibilitet, RFC-stöd och krav från DGC som tas hänsyn till i utvärderingen avden bäst lämpade lösningen.Utvärderingen har gett ett resultat i form av ett rekommenderat scenario som är implementerbartenligt uppsatta mål.Tekniker som skulle kunna påverka valet av bäst lämpade lösning, men som inte är tillgängliga,diskuteras och presenteras för att poängtera vad som kan behövas tas i beaktande för framtiden. / Full migration to IPv6 brings the need to adjust datacommunication services for the new generationof IP protocols with maintained or expanded functionality. This thesis’ goals is to submitone or more solutions that meets requirements and the technical conditions that enables thecompany DGC:s to expand the service IP-VPN for IPv6. This includes address assignmenttechniques like prefix delegation and automatic address configuration in existing network infrastructure.Solutions are presented in six scenarios that have been investigated considering tests, analysis andexperienced problems. The investigation formed the criteria scalability, configuration complexity,compatibility, support by RFC:s and requirements stated by DGC that adds to the evaluationof the most suitable solution.The evaluation has resulted in a recommended scenario that is implementable according to givengoals.Techniques that may influence the choice of most suitable solution, but that is not yet available,are discussed and presented to point out what may needed to be considered in the future.
|
35 |
Creating Digital Twin Distributed Networks Using Switches With Programmable Data Plane / Skapande av digitala tvillingar till distribuerade nätverk genom användning av switchar med programmerbart dataplanLarsson, Rasmus January 2021 (has links)
The domain specific language P4 is a novel initiative which extends the Software-Defined Networking (SDN) paradigm by allowing for data plane programmability. Network virtualisation is a class of network technologies which can be used to abstract the addressing in a network, allowing multiple tenants to utilise the network resources while being agnostic to the underlying network and the other tenants. In other words, twins of tenants using the same addresses can co-exist on the same underlying network. If a twin is a distributed network, it may even be spread out across multiple sites which are connected to a common backbone. In this study, network virtualisation using P4 is evaluated with emphasis on scalability in terms of number of twins and sites. A set of potential network virtualisation technologies are identified and categorised. Based on this categorisation, two variations of network virtualisation are implemented on the P4 capable software switch BMv2 and the performance of both variations are evaluated against the non-P4 solution Linux bridge. Linux bridge was found to yield 451 times more useful bandwidth than the best performing P4 implementation on BMv2, while also learning MAC addresses faster and generating less traffic on the backbone. It is concluded that the performance of network virtualisation implemented and running on BMv2 is worse compared to the non-P4 solution Linux bridge.
|
36 |
Multipath transport for virtual private networksLukaszewski, Daniel 03 1900 (has links)
Approved for public release; distribution is unlimited / Virtual Private Networks (VPNs) are designed to use the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) to establish secure communication tunnels over public Internet. Multipath TCP (MPTCP) extends TCP to allow data to be delivered over multiple network paths simultaneously. This thesis first builds a testbed and investigates the potential of using MPTCP tunnels to increase the goodput of VPN communications and support seamless mobility. Based on the empirical results and an analysis of the MPTCP design in Linux kernels, we further introduce a full-multipath kernel, implementing a basic Multipath UDP (MPUDP) protocol into an existing Linux MPTCP kernel.We demonstrate the MPUDP protocol provides performance improvements over single path UDP tunnels and in some cases MPTCP tunnels. The MPUDP kernel should be further developed to include more efficient scheduling algorithms and path managers to allow better performance and mobility benefits seen with MPTCP. / Outstanding Thesis / Lieutenant, United States Navy
|
37 |
Extern Web-service-lösning vid SSAB Tunnplåt i Borlänge- för kommunikation med sina distributions lagerDotzky, Jesper, Wiklund, Jon January 2004 (has links)
Detta examensarbete har utförts på SSAB- Tunnplåt i Borlänge under vårterminen 2004 och omfattar 10 veckors arbete.SSAB sköter idag sin kommunikation med distributionslagren via fax, telefon eller e-post. Eftersom detta är ett ganska tidskrävande kommunikationssätt, vill SSAB ha en smidigare och snabbare kommunikationslösning. Den lösning som SSAB vill ha är en extern Web-service-lösning för att upprätta en säker kommunikation med sina distributionslager.Parallellt med byggandet av Web-service-lösningen arbetades en förvaltningsmodell fram. Den beskriver hur förvaltningsorganisationen med dess rutiner kan se ut vid implementering av lösningen.För att skapa en säker förbindelse med Web-servicen skall en webbklient användas som i sin tur anropar en COM+ komponent. Detta för att kunna skicka med certifikatet ifrån webbklienten till webbservern där Web-servicen ligger. COM+ komponenten måste få tillgång till en användarprofil när den kommunicerar med Web-servicen. Detta för att kunna upprätta en SSL-förbindelse i det inledande skedet. SSL-förbindelsen skall läggas i den VPN-tunnel som mVPN tillhandahåller via WSSAL.
|
38 |
Návrh IT architektury firmy / company IT architecture designDrozd, Martin January 2016 (has links)
This diploma thesis deals with the design of the new IT architecture of small businesses. The aim of this work is to propose the new network structure, hardware, software and to compare the different solutions. It also contains the proposal of bussines processes which use the Information System of the company. Finally, the work considers the possibility of using the CMS and proposes the design of web presentation.
In the first part, the basic concepts are defined. They are important for processing the practical part of the work. The second part describes the practical proposal of the new IT architecture based on the theoretical data from the first part.
|
39 |
Algoritmos para aprovisionamento de Redes Privadas Virtuais baseadas em QoS usando o modelo HoseMariz Timóteo de Sousa, Denio January 2004 (has links)
Made available in DSpace on 2014-06-12T15:52:46Z (GMT). No. of bitstreams: 2
arquivo4713_1.pdf: 4490241 bytes, checksum: 43c09e5e8bf876499ee8c3ff91a473bf (MD5)
license.txt: 1748 bytes, checksum: 8a4605be74aa9ea9d79846c1fba20a33 (MD5)
Previous issue date: 2004 / Uma Rede Privada Virtual, ou Virtual Private Network (VPN) é uma rede privada
construída sobre uma infra-estrutura de rede pública, tal como a Internet, que emula uma WAN
com grande economia de custos. Por usarem conceitos e tecnologias de tunelamento,
criptografia e autenticação, as VPNs eram tradicionalmente implantadas como solução de
conectividade para redes em que os requisitos de segurança são elevados. Atualmente, as VPNs
são também alvo de clientes que buscam redes dimensionadas sob demanda para as
necessidades de Qualidade de Serviço (QoS) das suas aplicações. Do ponto de vista dos
provedores de serviços de comunicação, a oferta do serviço de VPN é um negócio atraente
porque além de rentável por si só, impulsiona a venda de outros serviços de alto valor agregado,
tais como consultoria, suporte, gerenciamento de segurança e outros serviços avançados.
Neste trabalho, consideramos o problema de aprovisionar a VPN, ou seja, encontrar uma
rota que conecte os pontos terminais da VPN, alocando nos enlaces utilizados uma de largura de
banda suficiente para o tráfego entre os pontos terminais de maneira que os requisitos de QoS
solicitados sejam atendidos e que a soma das larguras de banda alocadas nos enlaces seja a
menor possível.
O aprovisionamento de VPNs para atendimento de contratos de nível de serviço (Service
Level Agreements - SLAs) que envolvam requisitos de QoS, entretanto, é um problema NPcompleto.
Para encontrar soluções viáveis, analisamos algoritmos baseados em heurísticas já
utilizadas em outras áreas de conhecimento, com as devidas adaptações para lidar com VPNs e
com as restrições de QoS impostas. Propomos e avaliamos também novas heurísticas para o
problema. Além disso, baseados no modelo teórico conhecido como Hose, propomos e
avaliamos o modelo Hose Seletivo, que permite a especificação de VPNs com requisitos
adicionais de QoS e demandas diferenciadas de tráfego entre os pontos.
Para dar suporte à análise dos algoritmos e do modelo Hose Seletivo, duas ferramentas são
desenvolvidas: uma Linguagem de Descrição de VPNs (VPN-DL) e uma ferramenta com
interface gráfica (VPNViewer) que computa as rotas e o custo das VPNs usando os algoritmos
selecionados. Usando essas ferramentas, comparamos os algoritmos e os modelos Hose e Hose
Seletivo para cenários diferentes através de simulações baseadas em topologias reais e
aleatórias. Os resultados desta comparação mostram que o Hose Seletivo reduz o custo de
aprovisionamento das VPNs em relação ao Hose quando as demandas de tráfego são
especificadas com maior precisão
|
40 |
Konfiguration av VPN med Netconf/Yang och PythonJeppsson, Fredrik January 2017 (has links)
Rapporten behandlar en fiktiv internetleverantör som vill undersöka om protokollet Netconf kan användas för konfiguration av VPN-tjänster. Netconf används tillsammans med datamodelleringsspråket Yang som beskriver vad som kan konfigureras på en viss nätverksenhet. Netconf/Yang utvärderas genom att en lösning för konfiguration av MPLS Layer 3 VPN tas fram. Traditionella metoder för konfiguration av nätverksenheter är CLI och expect-baserade skript. Syftet är att undersöka om Netconf kan ersätta dessa metoder. För att öka trovärdigheten i lösningen har en nätverksarkitekt med erfarenhet av denna typ av lösningar involverats som kravställare. Internetleverantörens nätverk består av routrar från både Cisco och Juniper och projektets lösning tar hänsyn till detta. Utvecklingsarbetet har skett mot en labbmiljö bestående av de virtuella routrarna Juniper vMX 17.1R1.8 och Cisco IOS XRv 6.1.2. Projektets lösning består av indata som beskriver vilka parametrar som ska gälla för en L3VPN. Denna indata är oberoende av routertyp. Indatan valideras mot en egenutvecklad yangmodell, vilket är nödvändigt för att försäkra sig om att den är korrekt formaterad. Därefter skickas indatan till tre olika pythonskript som kan testa, lägga till eller ta bort en L3VPN. Projektets huvudsakliga slutsats är att Netconf/Yang kan ersätta CLI, givet att den önskade funktionaliteten är implementerad i nätverksenheternas yangmodeller. / This report discusses a fictitious Internet Service Provider (ISP) that wants to evaluate whether the Netconf protocol can be used to configure VPN services. Netconf is used in conjunction with Yang, a data modeling language that is used to describe the features that can be configured on a particular network device. Netconf/Yang is evaluated by developing a solution focused on the configuration of MPLS Layer 3 VPNs. Traditional methods for network device configuration are using the CLI and expect based scripts. One purpose of the evaluation is to determine if Netconf/Yang can be used instead. To increase the credibility of the results, a network architect with industry experience has been involved by setting requirements for the Netconf/Yang solution. The ISP in question uses routers from both Juniper and Cisco, something that the proposed solution takes into account. Development has been done against the virtual routers Juniper vMX 17.1R1.8 and Cisco IOS XRv 6.1.2. The proposed solution involves creating script input data that describes a L3VPN in a vendor neutral way. The input data is validated against a custom yang model to ensure that it follows the expected format. The data is then used as an argument to three different scripts that either tests, adds or deletes a L3VPN based on the input data. The main conclusion is that Netconf/Yang can replace configuration using the CLI, given that the desired features have been implemented in the yang models of the network devices.
|
Page generated in 0.045 seconds