Building VPN Network in Tashkent

fullgorgedcutΔίκτυα και Επικοινωνίες

24 Οκτ 2013 (πριν από 4 χρόνια και 16 μέρες)

189 εμφανίσεις

1

Building VPN
Network in
Tashkent

Taro Iyama


Tashkent Pediatric medical Institute (TashPMI)

Innovation Center

JICA (Japanese International Cooperation Agency)

Volunteer / Network Specialist

2

1. TashPMI Innovation Center


Tashkent Pediatric Medical Institute


Innovation Center


Introducing information technology to
education process


Portal site, Network & IT resource management, E
-
learning, Education program for stuff and students


Cooperate with international organization


Tempus, Erasmus Mundus and JICA

3

-
A scene of English test

1. Where I am working

4

2. The project


The project I have joined


To build computer network between TashPMI
main building and several hospitals
(Kafedrasi).


TashPMI main building has several
information
resources to share for
remote

locations

5

Image

2. The project

TashPMI

Hospital
#1

Hospital
#2

Hospital
#3

Hospital
#x

-
We have 15 and some locations within the city and locations were offline

-
Locations were offline / not yet connected to the main building of TashPMI

6

Image

2. The project

TashPMI

-
The project is to connect locations to main building,

-
With certain computer network

7

3.
Subjects

to be examined


Several
things

to
be
determine
d


i. Topology


ii. WAN Types


iii. Security protocol


ix. Physical access


x. Equipment

8

3
-
1. Comparison of Topologies


We had three type of topology to compare


i. Star Topology


ii. Mesh Topology


iii. Star and Mesh Topology

9

i. Star Topology

3
-
1. Comparison of Topologies

-
Simple, easy to install

-
Less routers, low cost

-
Easy to maintenance

10

ii. Mesh

3
-
1. Comparison of Topologies

-

Fail safe, (It has lot of route)

-

Every location must have a high spec router, costly

-

Maintenance difficulties

11

iii. Star and Mesh

3
-
1. Comparison of Topologies

-

Mix of star and mesh.

-

Pick some location to make it hub location

-

safe, easy to maintain (after building the Mesh part)

12

Cost

Maintain
-
ability

Failsafe

Install
-
ability

Total
Points

Star

A (3)

A (3)

C (1)

A (3)

10
points

Mesh

C (1)

B (2)

A (3)

B (2)

7
points

Star &
mesh

C (1)

C (1)

A (3)

C (1)

6
points

Comparing topologies

3
-
1. Comparison of Topologies

A (3)

:
A

represent grade from A to C,
3

represents 3 points.

13

3
-
2. Comparison of WAN


We had three type of WAN connections to
compare


i.
Leased Line


ii.
IP
-
VPN


iii.
Internet VPN


14

i.
Leased Line

3
-
2. Comparison of WAN

-
Leased Line is provided by ISP

-
Specially installed for a subscriber

-
Safe, but costly

15



IP
-
VPN Network

ii.
IP VPN

-
IP
-
VPN is provided by ISP

-
Network itself build by ISP

-
Safe, middle
-
cost and less maintainability

3
-
2. Comparison of WAN

16

iii.
Internet VPN

Tunnel

Internet

DSL

-
VPN via Internet using tunneling protocols

-
The network build by ourselves

-
Less safe, Easy maintain and low cost

3
-
2. Comparison of WAN

17

Cost

Maintainabi
lity

Security
Level

Install
-
ability

Leased
line

C

A

A

C

IP
-
VPN

B

C

B

B

Internet
VPN

A

A

C

A

Comparing WAN type

3
-
2. Comparison of WAN

18

3
-
3. Comparison of

Physical Access


We had
several

type of
Physical Access or
subscriber line


i. Dial
-
up


ii. DSL


iii. FTTH

19

Cost

Speed

Install
-
ability

Dial
-
up

A

C

A

DSL

A

B

A

FTTH

C

A

C

Comparing
Physical Access

3
-
3.
Physical Access

20

Whole

internet

Tas
-
IX

3
-
3.
Physical Access

The reason we choose Tas
-
IX service

TashPMI Main
Bldg.

Kafedrasi

-

To connect between location and main building, full internet connection
was not necessary

-
Tas
-
IX is good enough for good price

21

3
-
4. Comparison of

Security Protocol


We had
several

type of Security Protocol


i. IPsec tunneling


ii. L2TP tunneling with IPsec


iii. PPTP tunneling with MPPE

22

IPsec

-
Router
-
to
-
Router connection

-
Good at extensibility ( for Local Area Network)

-
Safe with proper setting

3
-
4. Comparison of

Security Protocol

Tunnel

23

L2TP / PPTP

Tunnel

-

Client
-
Server Connection (Client
-
Router)

-

Good solution for a client or a smartphone

-

Also available for router
-
router.

3
-
4. Comparison of

Security Protocol

Tunnel

24

Cost

Security
level

Extensibility

Install
-
ability

IPsec

-

-

A

B

L2TP

-

-

C

A

PPTP

-

-

C

A

Comparing
Security protocol

3
-
4. Comparison of

Security Protocol

25

3
-
5. Equipment

The routers

-
We have candidates of CISCO, Huawei, TP
-
link, Yamaha, etc

-
CISCO, Huawei were little overspec and expensive

-
TP
-
link routers were available and inexpensive

26

4. The Whole Image of Network

27

4. The Whole Image of Network

Whole image of the network

Tunnel

Tunnel

Tunnel

Tunnel

PC

PC

PC

PC

PC

Server

#1

Server

#2

PC

Tas
-
IX
Internet

192.168.0.0/24

192.168.1.0/24

Main router

Sub router

To Internet

Remote
locations

Main Building

28

5. The Private IP addr Issue


We faced an issue to solve.


ISP leased a private IP address for DSL
subscribers


A private IP address and a global IP address
cannot established IPsec connection due to
the IKE

29

To Internet

Dynamic Private IP
address

(10.x.x.x)

XX Telecom

Telecom company

ISP Proxy servers

ISP

Our facility

-
Leasing Dynamic Private IP address was not popular in my country

-
Misplanned about this issue

5. The issue

30

a. Server
-
Server IP
-
sec tunnel

-
Private IPaddr and global IPaddr cannot do the Internet Key Exchange(IKE)

-
IPsec tunnel are not available in this situation with private IPaddr

-
Instead, we decided to start with PPTP tunnel.

Tunnel

Tunnel

b. Client
-
Server PPTP tunnel

5. The issue

31

6. Services, Plans in the future


We are planning to run following services


Portal Site with rich contents


File sharing with center file server


E
-
learning, test


E
-
mail messaging


Also consider
ing

to have global IP address
for each location


To have network with IPsec tunnel

32

6. Services, Plans in the future

-
Access the resources from remote locations

-
Internet connection via TashPMI proxy server

Portal site (Infoportal)

E
-
learning

Test program

File sharing

Messaging

Remote maintenance

And so on..

Main Bldg.

33

-
End of slide
s
-

-
Thank you for listening.