The Illustrated Network- P77

The Illustrated Network- P77:In this chapter, you will learn about the protocol stack used on the global publicInternet and how these protocols have been evolving in today’s world. We’llreview some key basic defi nitions and see the network used to illustrate all of theexamples in this book, as well as the packet content, the role that hosts and routersplay on the network, and how graphic user and command line interfaces (GUIand CLI, respectively) both are used to interact with devices.
Nội dung trích xuất từ tài liệu:
The Illustrated Network- P77 CHAPTER 29 IP Security 729OAKLEY—This extends ISAKMP by describing a specific mechanism for key exchange through different defined “modes.” Most of IKE’s key exchange is directly based on OAKLEY.SKEME—This defines a key exchange process different from that of OAKLEY. IKE uses some SKEME features, such as public key encryption methods and the “fast rekeying” feature. IKE takes ISAKMP and adds the details of OAKLEY and SKEME to perform its magic.IKE has the two ISAKMP phases.Phase 1—The first stage is a “setup” process in which two devices agree on how they will exchange further information securely. This creates an SA for IKE itself, although it’s called an ISAKMP SA. This special bidirectional SA is used for Phase 2.Phase 2—Now the ISAKMP SA is used to create the other SAs for the two devices. This is where the parameters such as secret keys are negotiated and shared. Why two phases? Phase 1 typically uses public key encryption and is slow, buttechnically only has to be done once. Phase 2 is faster and can conjure different butvery secure secret keys every hour or every 10 minutes (or more frequently for verysensitive transactions).This page intentionally left blank 731QUESTIONS FOR READERSFigure 29.10 shows some of the concepts discussed in this chapter and can be used toanswer the following questions. Protocol UDP 17 Hdr UDP Datagram (17) IPv4 Hdr IP Data Original IPv4 Packet Protocol Protocol UDP Next Hdr 50 ESP 17 Hdr UDP Datagram 4 ESP Hdr (17) Auth IPv4 Hdr (50) IP Data Data IPv4 Hdr Original IPv4 Packet ESP Trlr Encrypted Fields Authenticated FieldsFIGURE 29.10IPSec ESP used with an IPv4 packet. 1. Which IPSec ESP mode is used in the figure—transport or tunnel? 2. Which IP protocol is being tunneled? 3. What does the ESP trailer next header value of 4 indicate? 4. Could NAT also be used with IPSec to substitute the IPv4 addresses and encrypt them? 5. Is the SPI field encrypted? Is it authenticated? PARTMedia VIIThe Internet is not just for data anymore. This part of the book examines howvoice communication has transitioned to the Internet. ■ Chapter 30—Voice over Internet Protocol CHAPTERVoice over InternetProtocol 30 What You Will Learn In this chapter, you will learn how VoIP is becoming more and more popular as an alternative to the traditional public switched telephone network (PSTN). We’ll look at one form of “softphone” that lets users make “voice” calls (voice is really many things) over an Internet connection to their PC. You will learn about the protocols used in VoIP, especially for the “data” (RTP and RTCP) and for signaling (H.323 and SIP). We’ll put it all together and look at a complete architecture for carrying media other than data on the Internet.In November 2006, when a person in Cardiff, Wales, made a local telephone call, nopart of the British Telecom (BT) PSTN was involved. Only the “last mile” of the circuitwas the same: No telephone central office, voice switches, or channelized trunks wereused to carry the voice call. Instead, the calls were handled by multiservice accessnodes (MSANs) and carried with IP protocols over the same type of network thathandles BT’s Internet traffic. BT was so happy with the results that by 2011 they say their entire PSTN will bereplaced with an IP network using MPLS to both secure and provide QoS for the calls.Many countries use IP voice on their backbones (such as Telecom Italia), but this isthe first time a national system has decided to spend a huge amount of money (almostUS$20 billion, BT says) to convert everything. It’s old news that many people, both around the world and in the United States, usethe Internet to talk over the telephone. Not many of these customers know it, however,because various factors combine to make the use of voice over IP (VoIP) technologya sensitive subject. There are those who intentionally use the Internet for voice calls,and many software packages (such as those from Vonage and Avaya) are available. Butnot many people know that a percentage of calls (perhaps the majority) made over thePSTN are carried for part of their journey over the Internet using VoIP. The cellular tele-phone network is converging on IP protocols even faster than the landline network.736 PART VII Media bsdclient lnxserver wincli1 winsvr1 em0: 10.10.11.177 eth0: 10.10.11.66 LAN2: 10.10.11.51 LAN2: 10.10.11.111 MAC: 00:0e:0c:3b:8f:94 MAC: 00:d0:b7:1f:fe:e6 MAC: 00:0e:0c:3b:88:3c MAC: 00:0e:0c:3b:87:36 (Intel_3b:8f:94) (Intel_1f:fe:e6) (Intel_3b:88:3c ...