SlideShare a Scribd company logo

Unbreakable VPN using Vyatta/VyOS - HOW TO -

Naoto MATSUMOTO
Naoto MATSUMOTO

Unbreakable VPN using Vyatta/VyOS - HOW TO - 13 May, 2014 SAKURA Internet Research Center Senior Researcher / Naoto MATSUMOTO

Technology
1 of 18
13 May, 2014 SAKURA Internet Research Center Senior Researcher / Naoto MATSUMOTO
Basic idea for inter-cloud LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch MASTER BACKUP
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Configure Clustering group 1/2 VR-1 VR-2 VR-3 VR-4 LANLAN Private Cloud A Private Cloud B VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ vSwitchvSwitch Secondary Node Secondary Node VIP: Shared Virtual IP Address VIP VIP Primary Node Primary Node
Configure Clustering group 2/2 VR-1 VR-2 VR-3 VR-4 vSwitch LANvSwitchLAN Private Cloud A Private Cloud B VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ Corss Monitoring Cross Monitoring
Configure Dual IPSec Tunneling VR-1 VR-2 VR-3 VR-4 vSwitch LANvSwitchLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/
Logical IP Network view (MASTER) LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch VIP: Shared Virtual IP Address VIP VIP Primary Node Primary Node
Logical IP Network view (BACKUP) LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch VIP: Shared Virtual IP Address VIP VIP Monitoring failure
Unbreakable VPN using Vyatta/VyOS - Sample Configuration TIPS-
Configure Clustering group 1/3 VR-1 VR-2 LAN vSwitch Primary Node Secondary Node 10.10.10.100/24 VIP Sample Configuration for VR-1 and VR-2 $ configure # set system host-name VR-1 (or VR-2) # set cluster dead-interval 1000 # set cluster group CLUSTER auto-failback true # set cluster interface eth0 # set cluster interface eth1 # set cluster keepalive-interval 200 # set cluster pre-shared-secret SeCrEt # set cluster group CLUSTER primary VR-1 # set cluster group CLUSTER secondary VR-2 # set cluster group CLUSTER service 10.10.10.100/24/eth1 # set cluster mcast-group 239.10.10.100
Configure Clustering group 2/3 Sample Configuration for VR-3 and VR-4 $ configure # set system host-name VR-3 (or VR-4) # set cluster dead-interval 1000 # set cluster group CLUSTER auto-failback true # set cluster interface eth0 # set cluster interface eth1 # set cluster keepalive-interval 200 # set cluster pre-shared-secret SeCrEt # set cluster group CLUSTER primary VR-3 # set cluster group CLUSTER secondary VR-4 # set cluster group CLUSTER service 10.20.20.100/24/eth1 # set cluster mcast-group 239.20.20.100 VR-3 VR-4 LANvSwitchSecondary Node VIP 10.20.20.100/24 Primary Node
Configure Clustering group 3/3 VR-1 VR-3 vSwitch LANvSwitchLAN Monitoring VR-1# set cluster monitor-dead-interval 1000 VR-1# set cluster group CLUSTER monitor 133.242.YYY.3 VR-1# commit VR-1# save VR-3# set cluster monitor-dead-interval 1000 VR-3# set cluster group CLUSTER monitor 133.242.XXX.1 VR-3# commit VR-3# save 133.242.YYY.3133.242.XXX.1
Configure Dual IPSec Tunneling 1/3 VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel Sample Configuration for VR-1 and VR-3 # set vpn ipsec esp-group ESP lifetime 1800 # set vpn ipsec esp-group ESP mode tunnel # set vpn ipsec esp-group ESP pfs enable # set vpn ipsec esp-group ESP proposal 1 encryption aes256 # set vpn ipsec esp-group ESP proposal 1 hash sha1 # set vpn ipsec ike-group IKE lifetime 3600 # set vpn ipsec ike-group IKE proposal 1 encryption aes256 # set vpn ipsec ike-group IKE proposal 1 hash sha1 # set vpn ipsec ipsec-interfaces interface eth0
Configure Dual IPSec Tunneling 2/3 VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 local-address 133.242.XXX.1 VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 authentication mode pre-shared-secret VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 authentication pre-shared-secret SeCrEt VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 connection-type initiate VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 default-esp-group ESP VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 ike-group IKE VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 local prefix 10.10.10.0/24 VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 remote prefix 10.20.20.0/24 VR-1# commit VR-1# save 133.242.YYY.3133.242.XXX.1 10.10.10.0/24 10.20.20.0/24
Configure Dual IPSec Tunneling 3/3 VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 local-address 133.242.YYY.3 VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 authentication mode pre-shared-secret VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 authentication pre-shared-secret SeCrEt VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 connection-type initiate VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 default-esp-group ESP VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 ike-group IKE VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 tunnel 0 local prefix 10.20.20.0/24 VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 tunnel 0 remote prefix 10.10.10.0/24 VR-3# commit VR-3# save 133.242.YYY.3133.242.XXX.1 10.10.10.0/24 10.20.20.0/24
Configure TCP-MSS modify for VPN VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel VR-1# set policy route TCP-MSS1386-ETH0 rule 1 destination address 10.20.20.0/24 VR-1# set policy route TCP-MSS1386-ETH0 rule 1 protocol tcp VR-1# set policy route TCP-MSS1386-ETH0 rule 1 set tcp-mss 1386 VR-1# set policy route TCP-MSS1386-ETH0 rule 1 tcp flags SYN TCP VR-1# set interfaces ethernet eth0 policy route TCP-MSS1386-ETH0 VR-1# commit 10.10.10.0/24 10.20.20.0/24 VR-3# set policy route TCP-MSS1386-ETH0 rule 1 destination address 10.10.10.0/24 VR-3# set policy route TCP-MSS1386-ETH0 rule 1 protocol tcp VR-3# set policy route TCP-MSS1386-ETH0 rule 1 set tcp-mss 1386 VR-3# set policy route TCP-MSS1386-ETH0 rule 1 tcp flags SYN TCP VR-3# set interfaces ethernet eth0 policy route TCP-MSS1386-ETH0 VR-3# commit
Unbreakable VPN Architecure LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch MASTER BACKUP
Thanks for your interest. SAKURA Internet Research Center.

Recommended

How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on LinuxEtsuji Nakai
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDocker, Inc.
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Turning Virtual Machines Cloud-Native using KubeVirt
Turning Virtual Machines Cloud-Native using KubeVirtTurning Virtual Machines Cloud-Native using KubeVirt
Turning Virtual Machines Cloud-Native using KubeVirtSuman Chakraborty
 
Packet Walk(s) In Kubernetes
Packet Walk(s) In KubernetesPacket Walk(s) In Kubernetes
Packet Walk(s) In KubernetesDon Jayakody
 
Kubernetes in 30 minutes (2017/03/10)
Kubernetes in 30 minutes (2017/03/10)Kubernetes in 30 minutes (2017/03/10)
Kubernetes in 30 minutes (2017/03/10)lestrrat
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 

Recommended

How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on LinuxEtsuji Nakai
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDocker, Inc.
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Turning Virtual Machines Cloud-Native using KubeVirt
Turning Virtual Machines Cloud-Native using KubeVirtTurning Virtual Machines Cloud-Native using KubeVirt
Turning Virtual Machines Cloud-Native using KubeVirtSuman Chakraborty
 
Packet Walk(s) In Kubernetes
Packet Walk(s) In KubernetesPacket Walk(s) In Kubernetes
Packet Walk(s) In KubernetesDon Jayakody
 
Kubernetes in 30 minutes (2017/03/10)
Kubernetes in 30 minutes (2017/03/10)Kubernetes in 30 minutes (2017/03/10)
Kubernetes in 30 minutes (2017/03/10)lestrrat
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Weaveworks
 
KubeVirt (Kubernetes and Cloud Native Toronto)
KubeVirt (Kubernetes and Cloud Native Toronto)KubeVirt (Kubernetes and Cloud Native Toronto)
KubeVirt (Kubernetes and Cloud Native Toronto)Stephen Gordon
 
Kubernetes networking: Introduction to overlay networks, communication models...
Kubernetes networking: Introduction to overlay networks, communication models...Kubernetes networking: Introduction to overlay networks, communication models...
Kubernetes networking: Introduction to overlay networks, communication models...Murat Mukhtarov
 
OSPF v3
OSPF v3OSPF v3
OSPF v3Irsandi Hasan
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes IstioAraf Karsh Hamid
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101LorisPack Project
 
Deep dive in container service discovery
Deep dive in container service discoveryDeep dive in container service discovery
Deep dive in container service discoveryDocker, Inc.
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networkingLorenzo Fontana
 
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsecGireesh Hariharasubramony
 
Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenTrang Nguyen
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)DongHyeon Kim
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101Weaveworks
 
Kubernetes a comprehensive overview
Kubernetes a comprehensive overviewKubernetes a comprehensive overview
Kubernetes a comprehensive overviewGabriel Carro
 
[FR] Présentatation d'Ansible
[FR] Présentatation d'Ansible [FR] Présentatation d'Ansible
[FR] Présentatation d'Ansible Armand Guio
 
Writing the Container Network Interface(CNI) plugin in golang
Writing the Container Network Interface(CNI) plugin in golangWriting the Container Network Interface(CNI) plugin in golang
Writing the Container Network Interface(CNI) plugin in golangHungWei Chiu
 
Intro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingIntro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingPacket
 
Final terraform
Final terraformFinal terraform
Final terraformGourav Varma
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX ContainerAraf Karsh Hamid
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRoutingFaisal Reza
 
Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Naoto MATSUMOTO
 
さくらのクラウドでVyOS使ってみた
さくらのクラウドでVyOS使ってみたさくらのクラウドでVyOS使ってみた
さくらのクラウドでVyOS使ってみたSAKURA Internet Inc.
 

More Related Content

What's hot

Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Weaveworks
 
KubeVirt (Kubernetes and Cloud Native Toronto)
KubeVirt (Kubernetes and Cloud Native Toronto)KubeVirt (Kubernetes and Cloud Native Toronto)
KubeVirt (Kubernetes and Cloud Native Toronto)Stephen Gordon
 
Kubernetes networking: Introduction to overlay networks, communication models...
Kubernetes networking: Introduction to overlay networks, communication models...Kubernetes networking: Introduction to overlay networks, communication models...
Kubernetes networking: Introduction to overlay networks, communication models...Murat Mukhtarov
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101LorisPack Project
 
Deep dive in container service discovery
Deep dive in container service discoveryDeep dive in container service discovery
Deep dive in container service discoveryDocker, Inc.
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networkingLorenzo Fontana
 
Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenTrang Nguyen
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)DongHyeon Kim
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101Weaveworks
 
Kubernetes a comprehensive overview
Kubernetes a comprehensive overviewKubernetes a comprehensive overview
Kubernetes a comprehensive overviewGabriel Carro
 
[FR] Présentatation d'Ansible
[FR] Présentatation d'Ansible [FR] Présentatation d'Ansible
[FR] Présentatation d'Ansible Armand Guio
 
Writing the Container Network Interface(CNI) plugin in golang
Writing the Container Network Interface(CNI) plugin in golangWriting the Container Network Interface(CNI) plugin in golang
Writing the Container Network Interface(CNI) plugin in golangHungWei Chiu
 
Intro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingIntro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingPacket
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRoutingFaisal Reza
 

What's hot (20)

Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)
 
KubeVirt (Kubernetes and Cloud Native Toronto)
KubeVirt (Kubernetes and Cloud Native Toronto)KubeVirt (Kubernetes and Cloud Native Toronto)
KubeVirt (Kubernetes and Cloud Native Toronto)
 
Kubernetes networking: Introduction to overlay networks, communication models...
Kubernetes networking: Introduction to overlay networks, communication models...Kubernetes networking: Introduction to overlay networks, communication models...
Kubernetes networking: Introduction to overlay networks, communication models...
 
OSPF v3
OSPF v3OSPF v3
OSPF v3
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101
 
Deep dive in container service discovery
Deep dive in container service discoveryDeep dive in container service discovery
Deep dive in container service discovery
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networking
 
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsec
 
Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang Nguyen
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
 
Kubernetes a comprehensive overview
Kubernetes a comprehensive overviewKubernetes a comprehensive overview
Kubernetes a comprehensive overview
 
[FR] Présentatation d'Ansible
[FR] Présentatation d'Ansible [FR] Présentatation d'Ansible
[FR] Présentatation d'Ansible
 
Writing the Container Network Interface(CNI) plugin in golang
Writing the Container Network Interface(CNI) plugin in golangWriting the Container Network Interface(CNI) plugin in golang
Writing the Container Network Interface(CNI) plugin in golang
 
Intro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingIntro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networking
 
Final terraform
Final terraformFinal terraform
Final terraform
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRouting
 

Viewers also liked

Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Naoto MATSUMOTO
 
さくらのクラウドでVyOS使ってみた
さくらのクラウドでVyOS使ってみたさくらのクラウドでVyOS使ってみた
さくらのクラウドでVyOS使ってみたSAKURA Internet Inc.
 
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)Naoto MATSUMOTO
 
VVyatta Core 6.5R1 Policy Base Routing mechanism MEMO
VVyatta Core 6.5R1 Policy Base Routing mechanism MEMOVVyatta Core 6.5R1 Policy Base Routing mechanism MEMO
VVyatta Core 6.5R1 Policy Base Routing mechanism MEMONaoto MATSUMOTO
 
Unfolding - A Library for Interactive Maps and Geovisualizations
Unfolding - A Library for Interactive Maps and GeovisualizationsUnfolding - A Library for Interactive Maps and Geovisualizations
Unfolding - A Library for Interactive Maps and GeovisualizationsTill Nagel
 
Japan Vyatta Users Group Introduction
Japan Vyatta Users Group IntroductionJapan Vyatta Users Group Introduction
Japan Vyatta Users Group IntroductionNaoto MATSUMOTO
 
Software-Based Networking & Security for the Cloud
Software-Based Networking & Security for the CloudSoftware-Based Networking & Security for the Cloud
Software-Based Networking & Security for the CloudMatt Wolpin
 
Vyatta open cloudcampus 2011/08/02
Vyatta open cloudcampus 2011/08/02Vyatta open cloudcampus 2011/08/02
Vyatta open cloudcampus 2011/08/02Kentaro Ebisawa
 
Zimbra Collaboration Suite And Google Apps
Zimbra Collaboration Suite And Google AppsZimbra Collaboration Suite And Google Apps
Zimbra Collaboration Suite And Google Appsagileware
 
Sinatra Pattern 20130415
Sinatra Pattern 20130415Sinatra Pattern 20130415
Sinatra Pattern 20130415Naotoshi Seo
 
Vyatta Ip Services Ref Vc5 V03
Vyatta Ip Services Ref Vc5 V03Vyatta Ip Services Ref Vc5 V03
Vyatta Ip Services Ref Vc5 V03Kittanun Nuaon
 
Vyatta lan interfaces-6.5_r1_v01
Vyatta lan interfaces-6.5_r1_v01Vyatta lan interfaces-6.5_r1_v01
Vyatta lan interfaces-6.5_r1_v01Nguyen Van Duy
 
VYATTA USERS MEETING Spring 2014 イントロダクション
VYATTA USERS MEETING Spring 2014 イントロダクションVYATTA USERS MEETING Spring 2014 イントロダクション
VYATTA USERS MEETING Spring 2014 イントロダクションNaoto MATSUMOTO
 
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFVOVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFVNAIM Networks, Inc.
 
Introduction to Cloud B2B Integration
Introduction to Cloud B2B IntegrationIntroduction to Cloud B2B Integration
Introduction to Cloud B2B IntegrationMark Morley, MBA
 
云网锦绣 SDN实战研讨会
云网锦绣 SDN实战研讨会云网锦绣 SDN实战研讨会
云网锦绣 SDN实战研讨会Hardway Hou
 

Viewers also liked (20)

Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)Tiny Server Clustering using Vyatta/VyOS (MEMO)
Tiny Server Clustering using Vyatta/VyOS (MEMO)
 
さくらのクラウドでVyOS使ってみた
さくらのクラウドでVyOS使ってみたさくらのクラウドでVyOS使ってみた
さくらのクラウドでVyOS使ってみた
 
Vyatta 改造入門
Vyatta 改造入門Vyatta 改造入門
Vyatta 改造入門
 
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
Large Scale L2TPv3 Overlay Networking with OSPFv3(DRAFT)
 
VVyatta Core 6.5R1 Policy Base Routing mechanism MEMO
VVyatta Core 6.5R1 Policy Base Routing mechanism MEMOVVyatta Core 6.5R1 Policy Base Routing mechanism MEMO
VVyatta Core 6.5R1 Policy Base Routing mechanism MEMO
 
Unfolding - A Library for Interactive Maps and Geovisualizations
Unfolding - A Library for Interactive Maps and GeovisualizationsUnfolding - A Library for Interactive Maps and Geovisualizations
Unfolding - A Library for Interactive Maps and Geovisualizations
 
Japan Vyatta Users Group Introduction
Japan Vyatta Users Group IntroductionJapan Vyatta Users Group Introduction
Japan Vyatta Users Group Introduction
 
Unite! VYATTA APAC
Unite! VYATTA APACUnite! VYATTA APAC
Unite! VYATTA APAC
 
VyattaCore TIPS2013
VyattaCore TIPS2013VyattaCore TIPS2013
VyattaCore TIPS2013
 
Software-Based Networking & Security for the Cloud
Software-Based Networking & Security for the CloudSoftware-Based Networking & Security for the Cloud
Software-Based Networking & Security for the Cloud
 
Vyatta open cloudcampus 2011/08/02
Vyatta open cloudcampus 2011/08/02Vyatta open cloudcampus 2011/08/02
Vyatta open cloudcampus 2011/08/02
 
Zimbra Collaboration Suite And Google Apps
Zimbra Collaboration Suite And Google AppsZimbra Collaboration Suite And Google Apps
Zimbra Collaboration Suite And Google Apps
 
Sinatra Pattern 20130415
Sinatra Pattern 20130415Sinatra Pattern 20130415
Sinatra Pattern 20130415
 
Vyatta Ip Services Ref Vc5 V03
Vyatta Ip Services Ref Vc5 V03Vyatta Ip Services Ref Vc5 V03
Vyatta Ip Services Ref Vc5 V03
 
Vyatta lan interfaces-6.5_r1_v01
Vyatta lan interfaces-6.5_r1_v01Vyatta lan interfaces-6.5_r1_v01
Vyatta lan interfaces-6.5_r1_v01
 
VYATTA USERS MEETING Spring 2014 イントロダクション
VYATTA USERS MEETING Spring 2014 イントロダクションVYATTA USERS MEETING Spring 2014 イントロダクション
VYATTA USERS MEETING Spring 2014 イントロダクション
 
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFVOVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
 
Introduction to Cloud B2B Integration
Introduction to Cloud B2B IntegrationIntroduction to Cloud B2B Integration
Introduction to Cloud B2B Integration
 
云网锦绣 SDN实战研讨会
云网锦绣 SDN实战研讨会云网锦绣 SDN实战研讨会
云网锦绣 SDN实战研讨会
 
vSRX
vSRXvSRX
vSRX
 

Similar to Unbreakable VPN using Vyatta/VyOS - HOW TO -

UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO) UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO) Naoto MATSUMOTO
 
IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]Naoto MATSUMOTO
 
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld
 
Westermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingWestermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingFabian Vandendyck
 
VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration Eddie Parra
 
Deep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private CloudDeep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private CloudAmazon Web Services
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
Securing the network for VMs or Containers
Securing the network for VMs or ContainersSecuring the network for VMs or Containers
Securing the network for VMs or ContainersMarian Marinov
 
AWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private CloudAWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private CloudAmazon Web Services
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksAPNIC
 
Understanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeUnderstanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeVictor Morales
 
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 TunnelingUNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 TunnelingNaoto MATSUMOTO
 
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Sam Kim
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...LinuxCon ContainerCon CloudOpen China
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 
PLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined NetworkPLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined NetworkPROIDEA
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneYoshikazu Nojima
 

Similar to Unbreakable VPN using Vyatta/VyOS - HOW TO - (20)

UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO) UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
 
IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]IPv4 over IPv6 Tunneling with IPSec [DRAFT]
IPv4 over IPv6 Tunneling with IPSec [DRAFT]
 
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
 
Westermo WeOS Multicast Tunneling
Westermo WeOS Multicast TunnelingWestermo WeOS Multicast Tunneling
Westermo WeOS Multicast Tunneling
 
VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration
 
Deep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private CloudDeep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private Cloud
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)
 
Securing the network for VMs or Containers
Securing the network for VMs or ContainersSecuring the network for VMs or Containers
Securing the network for VMs or Containers
 
AWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private CloudAWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
AWS May Webinar Series - Deep Dive: Amazon Virtual Private Cloud
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
 
Understanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeUnderstanding kube proxy in ipvs mode
Understanding kube proxy in ipvs mode
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
 
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 TunnelingUNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
UNDOCUMENTED Vyatta vRouter: IPv4 over IPv6 Tunneling
 
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 Administration
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...
 
ACI MultiPod 구성
ACI MultiPod 구성ACI MultiPod 구성
ACI MultiPod 구성
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
PLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined NetworkPLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined Network
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced Zone
 

More from Naoto MATSUMOTO

Alder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature MonitoringAlder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature MonitoringNaoto MATSUMOTO
 
CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化Naoto MATSUMOTO
 
2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)Naoto MATSUMOTO
 
防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察Naoto MATSUMOTO
 
旅するパケットの見える化
旅するパケットの見える化旅するパケットの見える化
旅するパケットの見える化Naoto MATSUMOTO
 
LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91Naoto MATSUMOTO
 
災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化Naoto MATSUMOTO
 
BeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveBeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveNaoto MATSUMOTO
 
Network Adapter Deep dive
Network Adapter Deep diveNetwork Adapter Deep dive
Network Adapter Deep diveNaoto MATSUMOTO
 
x86_64 Hardware Deep dive
x86_64 Hardware Deep divex86_64 Hardware Deep dive
x86_64 Hardware Deep diveNaoto MATSUMOTO
 
ADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetNaoto MATSUMOTO
 
3/4G USB modem Cheat Sheet
3/4G USB modem Cheat Sheet3/4G USB modem Cheat Sheet
3/4G USB modem Cheat SheetNaoto MATSUMOTO
 
How To Train Your ARM(SBC)
How To Train Your ARM(SBC)How To Train Your ARM(SBC)
How To Train Your ARM(SBC)Naoto MATSUMOTO
 
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~Naoto MATSUMOTO
 
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)Naoto MATSUMOTO
 
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化Naoto MATSUMOTO
 

More from Naoto MATSUMOTO (20)

Alder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature MonitoringAlder Lake-S CPU Temperature Monitoring
Alder Lake-S CPU Temperature Monitoring
 
CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化CPU製品出荷状況と消費電力の見える化
CPU製品出荷状況と消費電力の見える化
 
5Gの見える化
5Gの見える化5Gの見える化
5Gの見える化
 
2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)2023年以降のサーバークラスタリング設計(メモ)
2023年以降のサーバークラスタリング設計(メモ)
 
防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察防災を考慮した水中調査の一考察
防災を考慮した水中調査の一考察
 
旅するパケットの見える化
旅するパケットの見える化旅するパケットの見える化
旅するパケットの見える化
 
LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91LTE-M/NB IoTを試してみる nRF9160/Thingy:91
LTE-M/NB IoTを試してみる nRF9160/Thingy:91
 
災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化災害時における無線モニタリングによる社会インフラの見える化
災害時における無線モニタリングによる社会インフラの見える化
 
BeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveBeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep dive
 
AMDGPU ROCm Deep dive
AMDGPU ROCm Deep diveAMDGPU ROCm Deep dive
AMDGPU ROCm Deep dive
 
Network Adapter Deep dive
Network Adapter Deep diveNetwork Adapter Deep dive
Network Adapter Deep dive
 
RTL2838 DVB-T Deep dive
RTL2838 DVB-T Deep diveRTL2838 DVB-T Deep dive
RTL2838 DVB-T Deep dive
 
x86_64 Hardware Deep dive
x86_64 Hardware Deep divex86_64 Hardware Deep dive
x86_64 Hardware Deep dive
 
ADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheetADS-B, AIS, APRS cheatsheet
ADS-B, AIS, APRS cheatsheet
 
curl --http3 cheatsheet
curl --http3 cheatsheetcurl --http3 cheatsheet
curl --http3 cheatsheet
 
3/4G USB modem Cheat Sheet
3/4G USB modem Cheat Sheet3/4G USB modem Cheat Sheet
3/4G USB modem Cheat Sheet
 
How To Train Your ARM(SBC)
How To Train Your ARM(SBC)How To Train Your ARM(SBC)
How To Train Your ARM(SBC)
 
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
全国におけるCOVID-19対策の見える化 ~宿泊業の場合~
 
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
我が国の電波の使用状況/携帯電話向け割当 (2019年3月1日現在)
 
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
私たちに訪れる(かもしれない)未来と計算機によるモノコトの見える化
 

Recently uploaded

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Unbreakable VPN using Vyatta/VyOS - HOW TO -

  • 1. 13 May, 2014 SAKURA Internet Research Center Senior Researcher / Naoto MATSUMOTO
  • 2. Basic idea for inter-cloud LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch MASTER BACKUP
  • 3. Unbreakable VPN using Vyatta/VyOS - HOW TO -
  • 4. Configure Clustering group 1/2 VR-1 VR-2 VR-3 VR-4 LANLAN Private Cloud A Private Cloud B VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ vSwitchvSwitch Secondary Node Secondary Node VIP: Shared Virtual IP Address VIP VIP Primary Node Primary Node
  • 5. Configure Clustering group 2/2 VR-1 VR-2 VR-3 VR-4 vSwitch LANvSwitchLAN Private Cloud A Private Cloud B VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ Corss Monitoring Cross Monitoring
  • 6. Configure Dual IPSec Tunneling VR-1 VR-2 VR-3 VR-4 vSwitch LANvSwitchLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/
  • 7. Logical IP Network view (MASTER) LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch VIP: Shared Virtual IP Address VIP VIP Primary Node Primary Node
  • 8. Logical IP Network view (BACKUP) LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch VIP: Shared Virtual IP Address VIP VIP Monitoring failure
  • 9. Unbreakable VPN using Vyatta/VyOS - Sample Configuration TIPS-
  • 10. Configure Clustering group 1/3 VR-1 VR-2 LAN vSwitch Primary Node Secondary Node 10.10.10.100/24 VIP Sample Configuration for VR-1 and VR-2 $ configure # set system host-name VR-1 (or VR-2) # set cluster dead-interval 1000 # set cluster group CLUSTER auto-failback true # set cluster interface eth0 # set cluster interface eth1 # set cluster keepalive-interval 200 # set cluster pre-shared-secret SeCrEt # set cluster group CLUSTER primary VR-1 # set cluster group CLUSTER secondary VR-2 # set cluster group CLUSTER service 10.10.10.100/24/eth1 # set cluster mcast-group 239.10.10.100
  • 11. Configure Clustering group 2/3 Sample Configuration for VR-3 and VR-4 $ configure # set system host-name VR-3 (or VR-4) # set cluster dead-interval 1000 # set cluster group CLUSTER auto-failback true # set cluster interface eth0 # set cluster interface eth1 # set cluster keepalive-interval 200 # set cluster pre-shared-secret SeCrEt # set cluster group CLUSTER primary VR-3 # set cluster group CLUSTER secondary VR-4 # set cluster group CLUSTER service 10.20.20.100/24/eth1 # set cluster mcast-group 239.20.20.100 VR-3 VR-4 LANvSwitchSecondary Node VIP 10.20.20.100/24 Primary Node
  • 12. Configure Clustering group 3/3 VR-1 VR-3 vSwitch LANvSwitchLAN Monitoring VR-1# set cluster monitor-dead-interval 1000 VR-1# set cluster group CLUSTER monitor 133.242.YYY.3 VR-1# commit VR-1# save VR-3# set cluster monitor-dead-interval 1000 VR-3# set cluster group CLUSTER monitor 133.242.XXX.1 VR-3# commit VR-3# save 133.242.YYY.3133.242.XXX.1
  • 13. Configure Dual IPSec Tunneling 1/3 VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel Sample Configuration for VR-1 and VR-3 # set vpn ipsec esp-group ESP lifetime 1800 # set vpn ipsec esp-group ESP mode tunnel # set vpn ipsec esp-group ESP pfs enable # set vpn ipsec esp-group ESP proposal 1 encryption aes256 # set vpn ipsec esp-group ESP proposal 1 hash sha1 # set vpn ipsec ike-group IKE lifetime 3600 # set vpn ipsec ike-group IKE proposal 1 encryption aes256 # set vpn ipsec ike-group IKE proposal 1 hash sha1 # set vpn ipsec ipsec-interfaces interface eth0
  • 14. Configure Dual IPSec Tunneling 2/3 VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 local-address 133.242.XXX.1 VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 authentication mode pre-shared-secret VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 authentication pre-shared-secret SeCrEt VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 connection-type initiate VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 default-esp-group ESP VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 ike-group IKE VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 local prefix 10.10.10.0/24 VR-1# set vpn ipsec site-to-site peer 133.242.YYY.3 tunnel 0 remote prefix 10.20.20.0/24 VR-1# commit VR-1# save 133.242.YYY.3133.242.XXX.1 10.10.10.0/24 10.20.20.0/24
  • 15. Configure Dual IPSec Tunneling 3/3 VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 local-address 133.242.YYY.3 VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 authentication mode pre-shared-secret VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 authentication pre-shared-secret SeCrEt VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 connection-type initiate VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 default-esp-group ESP VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 ike-group IKE VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 tunnel 0 local prefix 10.20.20.0/24 VR-3# set vpn ipsec site-to-site peer 133.242.XXX.1 tunnel 0 remote prefix 10.10.10.0/24 VR-3# commit VR-3# save 133.242.YYY.3133.242.XXX.1 10.10.10.0/24 10.20.20.0/24
  • 16. Configure TCP-MSS modify for VPN VR-1 VR-3 vSwitch LANvSwitchLAN IPSec Tunnel VR-1# set policy route TCP-MSS1386-ETH0 rule 1 destination address 10.20.20.0/24 VR-1# set policy route TCP-MSS1386-ETH0 rule 1 protocol tcp VR-1# set policy route TCP-MSS1386-ETH0 rule 1 set tcp-mss 1386 VR-1# set policy route TCP-MSS1386-ETH0 rule 1 tcp flags SYN TCP VR-1# set interfaces ethernet eth0 policy route TCP-MSS1386-ETH0 VR-1# commit 10.10.10.0/24 10.20.20.0/24 VR-3# set policy route TCP-MSS1386-ETH0 rule 1 destination address 10.10.10.0/24 VR-3# set policy route TCP-MSS1386-ETH0 rule 1 protocol tcp VR-3# set policy route TCP-MSS1386-ETH0 rule 1 set tcp-mss 1386 VR-3# set policy route TCP-MSS1386-ETH0 rule 1 tcp flags SYN TCP VR-3# set interfaces ethernet eth0 policy route TCP-MSS1386-ETH0 VR-3# commit
  • 17. Unbreakable VPN Architecure LANLAN Private Cloud A Private Cloud B IPSec Tunnel IPSec Tunnel VR: Virtual Router (Brocade Vyatta vRouter or VyOS) Brocade Vyatta vRouter 6.6R5: http://brocade.com/5400documentation VyOS 1.0.3 : http://vyos.net/ VR-1 VR-2 VR-3 VR-4 vSwitchvSwitch MASTER BACKUP
  • 18. Thanks for your interest. SAKURA Internet Research Center.