Remote-access Guide

chapter 10 virtual networks and remote access

by Wava Bins Published 3 years ago Updated 2 years ago
image

What is a virtual network?

James Sabovik, in Microsoft Virtualization, 2010 Virtual networks allow the virtual machine to communicate with the rest of your network, the host machine, and other virtual machines. With the Virtual Network Manager, you can create the following types of virtual networks:

How does a hypervisor create virtual networks?

The hypervisor can create a virtual network that allows the guest operating systems to communicate with each other as if they were on a physical network without actually needing to have that network hardware present. For example, a virtual switch can be set up with all of the virtual network cards for multiple guest OSs connected to it.

Do private networks work with virtual machines?

Private Networks do not—they are only used for virtual machine to virtual machine communication. Now that you have a network, you can use it when you create your first virtual machine. The creation of virtual machines is covered in Chapter 7.

How the Internet and corporate virtual networks are transforming the world?

The Internet and corporate virtual networks have transformed the smallest organizations into global entities. On the plus side this means that the marketplace is as widespread as the reach of the communication networks. The organization’s suppliers and other partners can be strategically chosen from the locations with the lowest costs.

image

Which switch manages the VLAN?

B. On the LAN switch, which manages the VLAN

What is a VPN for animation?

A VPN is designed to connect 15 film animators and programmers from around the state of California. At the core of the VPN is a router connected to a high-performance server used for storing the animation files. The server and router are housed in an ISP's data center. The ISP provides two different T3 connections to the Internet backbone. What type of connection must each of the animators and programmers have to access the VPN?

Comparing SSL VPNs to Other Types of Remote Access VPNs

When deciding whether to implement SSL remote access VPNs, it is essential to understand how they compare to other types of remote access VPNs and what their advantages and disadvantages are.

Understanding the Operation of SSL Remote Access VPNs

Before getting into the design and implementation of SSL remote access VPNs, it is a very good idea to take a look at the underlying mechanisms that allow their operation. This section examines the protocols and mechanisms are used to enable SSL remote accessVPNs.

SSL Overview: TCP, the Record Layer, and the Handshake Protocol

SSL sits on top of a reliable protocol, such as TCP. Application data can then be carried on top of SSL.

Establishing an SSL Connection Between a Remote Access VPN User and an SSL VPN Gateway Using an RSA Handshake

As previously described, the function of SSL is to negotiate cryptographic algorithms, authenticate the server (VPN gateway) and optionally the remote access VPN client, and establish cryptographic keys.

What is virtual network?

Virtual networks. Virtual networks allow the virtual machine to communicate with the rest of your network, the host machine, and other virtual machines. With the Virtual Network Manager, you can create the following types of virtual networks: Private network —allows a virtual machine to communicate only with another virtual machine on the host.

How does SDN work with virtual networks?

Supporting multiple virtual networks is now becoming common in many settings, from data centers to service provider networks. In this framework an alternative technology to implement network slicing is the usage of an SDN proxy, typically, controlled by the owner of the physical infrastructure. In this case, the SDN proxy provides an abstraction of the network forwarding path that allows the SDN proxy to slice the network. The proxy employs the SDN protocol to define a hardware abstraction layer that logically sits between control and forwarding paths on a network device to enforce the rules and agreements defining the network slices and to maintain isolation. The resulting architecture is presented in Fig. 3.7.

What is a BBU server?

In ordinary situations, when the network core is reachable, our MEC eNB site runs a software based Base-Band-Unit (BBU), which is a software part of an eNB that provides E-UTRAN and communicates with the operator network core to provide mobile access. The primary purpose of the MEC server is to run MEC applications that improve user quality of experience such as caching, online gaming, augmented reality, etc. Due to MEC, the base station can already actively cooperate in the DTN/ICN information dissemination by instantiating DTN/ICN-based services as Virtual Network Functions (VNFs). The primary purpose of this work is to provide DTN/ICN in a disaster situation, when a bundle of a micro LTE core is provided, to run RAN integrated with DTN/ICN.

How does a zoned federation work?

In the zoned federation model ( Iimura et al., 2004 ), rather than writing data directly to a DHT, the world is partitioned into zones and one peer acts as a zone owner. The zone owner is the central point of communication for that zone; thus every peer can connect with the zone owner in one hop. The zone owner then writes the zone state to the DHT. Any peer can find the current zone owner by accessing the DHT directly: the zone owners are required to identify themselves in the DHT. If the zone owner wants to leave a particular zone, another peer can become owner. Thus the DHT acts both as persistency storage (backup) for the global data and as a rendezvous mechanism. The zone owner is a bottleneck.

What is a controlling bridge?

The controlling bridge configures the port on the fabric extenders as if they were a physical interface on the controlling bridge. To do this, the controlling bridge creates a logical interface for each port in the fabric extender and assigns a tag value. The fabric extender uses this value to add tags to all traffic moving through these ports. Figure 6.9 shows how this concept can be extended to the VMs within a server.

How does VN-Tag work?

So now the controlling bridge has extended its reach not just to the external ports of the fabric extender but also into the ports of the vNICs within the server. While the VEPA standard works by extending traffic flows out to the attached switch, VN-Tag works by extending the functionality of the controlling bridge into the server.

What is a VN tag?

VN-Tag is also a method for providing consistent treatment of all network traffic including VM traffic. This was originally proposed by Cisco and has since been used by the IEEE as a basis for the 802.1qbh Bridge Port Extension standard. Cisco has been a proponent of the fabric extender concept (using their Nexus 2000 product) that we described in Chapter 4. This approach effectively distributes the line cards of an end-of-row switch to each rack as shown in Figure 4.5.

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9