Case Study On Social Network For Virtual Private Network

Discuss about a Case Study on Social Network for Virtual Private Network?

It has been seen that VPNs have undergone through some problems while linking the private networks on the internet. It is noticed that VPN does not require the dedicated leased lines which are very expensive. Therefore, VPN makes the companies free from the additional costs incurred in the leased lines. Thus, VPN has proved that it is much more reliable in its usage (Abramson and Sinha 2012). The problems which VPN face are infrequent. Some of the troubleshooting procedures are mentioned below.

The BSLC (Badiepa Solution Limited Company) has appointed me as the consultant to a new project and has assigned me a task to make a proposal for the creation of a Point to Point link. The link has been aimed at the company's new office (Aggarwal et al. 2014). There are two departments of the office located in Manchestor. The departments are Sales and IT respectively.

The project has the aim to develop and design a VPN of remote access. It is a public communication set up where the users can access the network of the organization from a remote place with an optimum level of security. In generally the VPN client of a remote user’s computer connects to the organization's VPN gateway. During the connection, the device looks for its authenticity in the network. After the authentication takes place, the network link gets created so that the remote users can access the internal networks of the organization (Asati et al. 2014). They can access the file servers, intranets and printers as well as local user can do. The remote access VPN requires security which it gets from the SSL or IPsec. SSL or Secure Socket Layers are used for the single application. The concept is not preferred for the entire internal network. The VPNs which provide Layer to Access to the system require protocol other than IP. Those rules are termed as PPTP or L2TP. These are tunneling protocols which run across the IP connections (Baum and Voit 2014). This kind of model is required to be designed for such organizations who prefer wirlesless network for transferring data.

The project objectives include providing IBasis technology for the users. The IBasis technology should be secure, manageable, scalable and redundant. An example is the International Sales Force, who are dedicated to access the corporate resources. It is a dial up solution still existing today. It is built on a Cisco Secure Access Control Server (ACS) authentication server and a Cisco AS5300 utilizing two T-1/PRI circuits. IBasis has aimed to provide more accessibility of internet throughout the globe. It is developed for better utilization of the benefits of the VPN solution. If a VPN solution is implemented, then it becomes an alternative for the dial up connections for the corporate resources (Border et al. 2015). The technology eventually helps the users sitting at a remote location to access the local Internet Service Providers (ISP). The get connected to the network through the use of cable modem or xDSL. In the procedure, they eventually notice a reduction in cost and increase in the throughput. It should be ensured that the VPN solution will be able to support its client at the fullest extent meeting their desires. They should be able to provide support to their each customer of atleast fifty users. They should ensure that each year’s future growth is 100%. IBasis has planned for the creation of dynamic passwords. They have planned to do this work by proper utilization of token password technology initiated by Cisco Secure Authentication Server (Unnimadhavan et al. 2016). Thus, it will be done to complement the security structure of Cisco.

Objectives

The IT departments often face challenges regarding support to the user communities and setting the expectation for the remote users. IBasis also looks for supportive technical documentation for fast adaptation for their users and IT staffs. For support, the project aims to develop a user manual which will guide the user through every step. The project also initiates an interactive Computer Based Training (CBT) for fast adaptability for the users and IT staffs. A user feedback process is also required to carry on the project. REALTECH also has the recommendation for such process (Bragg et al. 2013). It is a very crucial part of the project as it will help to identify the exact needs of the users community.

The most common problems that are detected are in generally of four types. They are:

The VPN connection gets rejected.

The connection without authorization gets accepted.

Certain locations which lie beyond the VPN server are not reached.

A tunnel can not be established.

It is a massive probem if the VPN connection gets rejected. This kind of problem is very much standard. There may be another kind of issues which can also create problems resulting to the rejection of the VPN. If it has been noticed that the VPN connections have turned down for some unknown reasons, the Router and Remote Access Service should be primarily checked whether they are properly functioning (Bragg et al. 2015). The functionalities can be verified by going to the Control Panel of the server and clicking the Administrative Tools icon. After clicking the Administrative Tools, the Services icon should be clicked. As the service gets verified, it is required to keep on pinging the VPN server by IP address from the VPN client in a continuous manner. The pinging procedure is needed to be done initially to check the existence of the basic TCP / IP (Brahim et al. 2012). If the pinging gets successful, then the server is required to be pinged again.

The issue can be related to other problems detected while routing. For an instance, if any user is dealing without any medium in the VPN server, it's recommended to create a path of static nature between the server and the client (Brakerski and Vaikuntanathan 2014). The procedure for configuring a static route is mentioned below.

Go to the Dial-In Tab of the properties sheet of the user in Computers and Active Directory Users.

Description of the Problem

Select the Apply A Static Route check box.

The procedure will lead to displaying the Static Routes Dialogue Box on the Windows screen.

Click the Add Route button and enter the network mask and destination IP address in the given space. Please make sure to leave the metric space at 1.

If the user is using the DHCP server for assignment of the IP addresses to the clients, particular problems can occur which can make the user not able to go beyond VPN server. A problem that can occur is about IP conflict. An IP conflict is nothing but all about duplicate IP addresses. The DHCP server if assigns an IP address to a user which already exists in the network, then the Windows automatically detects the conflict. It eventually blocks the user from accessing the system. Other problems may be that a user is not getting an IP address to access the network (Chen et al. 2014). It is the prime responsibility of the DHCP server for assigning an IP address to the user. If the server is not able to perform the assignment task, then connections will not take place by any means. There is a procedure in case of issues in assigning IP addresses where the users are provided IP address from 169.254.x.x range. In such process, Windows perform the assignment task automatically (Cai et al. 2014). If the IP address does not belong to the range of the system's routing tables, then the user will not be able to access the network.

Difficulties in establishment of a tunnel

If all the functionalities take place as per the standards, but a tunnel is not established between the client and server, it denotes that there may be two main possibilities causing the problem. The first possibility may be like that; IP packet filtering is done by one or more routers. It can hamper the traffic in the IP tunnel. Therefore, it is highly recommended to check the client, the server and all the other machines that lie between IP packet filters (Xiang et al. 2014). The difficulties can be recovered by following the procedures.

Click the Advanced button on each Machine’s TCP / IP Properties sheet.

Select the Options tab from the Advanced TCP / IP Settings Properties sheet.

Select the TCP / IP filtering.

Click the Properties button.

The second possibility can be the existence of proxy server in between the main server and the client. The proxy server is responsible for translating the NAT on all the traffic between the network and its client. It, therefore, implies that the packet has been transmitted from the proxy server. The package does not come with the customer's machine. In some cases, the tunnel can go in a complete deadlock stage. This kind of situation can occur especially if the VPN server asks for an IP address from its client (Das et al. 2016). It should always be remembered that L2TP, IPSec, PPTP protocols used in the VPN networks are often not supported by the NAT firewalls or the low-end proxy servers.

The following project has been developed to initiate a higher level of security in the VPN networks.

This project has been designed to create a model that is based on Virtual Private Network, which will enhance the defense structure of the Badiepa Solution Limited Company. The defense system will protect the company from severe threats and attacks (Dimitri et al. 2016). Those threats and attacks which can destroy or hamper their valuable data.

The remote users who access network are protected by the Virtual Private Networks (VPN). To have a balance in the security structure, the user must be careful in opting the appropriate technologies (Dutta and Kwok 2013). They always require a proper planning for its usability. The sections mentioned below gives us a summary of the Rapid Assessment and its related research. The summarization can also be done on the recommendation of the solution.

The determinants of the IBasis VPN Solution are given below:

Identification of the VPN technologies that are the best fit for the requirements.

Determination of the necessary network elements that are required for the implementation of the solution.

Placing the network elements so that they can be fully active in functionality and security (Dutta et al. 2014).

The below-mentioned requirements have been identified during the discovery process.

The solution is aimed to complement Badiepa Solution Limited Company. The solution is based on the Cisco product line.

Usage of VPN technology can lead the user to access the network

The proper utilization of the system and its associated software can be done by the solution.

The remote users and the sales force who are traveling are located throughout the world.

In the case to avoid theft of the actual VPN client, the technology of user authentication is required (Figueira et al. 2013).

Internally defined resources are needed to be accessed.

The solution must be in that structure so that it can be properly managed. The solution will also aim for minimization of support requirements.

The design which has been produced consists of utilization of the existing Cisco 7120-4T1 VPN router. The addition of an Integrated Service Module (ISM) also leads to an unrestricted, complimentary license for Cisco VPN client software.

A rigorous discussion has been done with the IBasis. The decision taken was that 7120 specifications of 50+ Mbps throughput and 175 Kbps are proper for the current. (in ISM there are 2000 parallel users and 90 Mbps throughput). It has been seen that 7140 specifications can provide better performance (Goldwasser et al. 2013). It can also provide a better redundant supply of power. But the thing is that the time it will take to receive the new router is not acceptable to IBasis. IBasis has many employees who reside overseas. They can have an urgent need for accessing the corporate resources. In such cases, the time for completion of the VPN solution is a critical factor (Gong et al. 2013). In the current era, IBasis is incurring the costs of the international users. They are dialing into AS5300 access server.

The main technologies that are associated with VPN solutions are mentioned here. They are encryption standards, authentication methods, and methods of tunneling.

The above mentioned protocol encapsulates the layer 2 or layers three protocols into the other protocols. It is used to be transported over the internet. A virtual communication path is developed using this protocol. This kind of protocol is mentioned as "tunnels." By the help of this type of technology, a company does not require the expensive leased line structure in its Wide Area Communication. As an alternative, they create “tunnels” across public networks. There are some standard protocols of tunneling (Gorbunov et al. 2015). The Internet Protocol Security or IPSec, Layer 2 Tunneling Protocol or L2TP, Point to Point Tunneling or PPTP are some of the examples of tunneling.

The word “cryptography” comes from the word “kryptos”, that implies hidden. The concept uses the algorithms to ensure the security of information. Cipher is a process where encryption and decryption, both can be done. Encryption is a process of converting data into an unreadable form. The method of encryption consists of Data Encryption Standard (DES), RC4, Blowfish and International Data Encryption Algorithm (IDEA).

Encryption is the techniques which use algorithms. These algorithms are based on keys to encrypt and decrypt information. The main algorithms are of two types, symmetric and asymmetric. The symmetric algorithms based on the secret key and the asymmetric algorithms  based on the public key (Hasan 2014). The secret key algorithm uses the same key for encryption and decryption whereas the public key algorithm uses a different key for decryption and encryption. Cipher programs use a public key to encrypt data. The public key known to any person or user. In the case of decrypting the information, some other key is required, which is the private key. The user can only decrypt the information if he has the knowledge of the private key. The single bit of plain text encrypted by the Secret-Key algorithms. The algorithm can also encode some bits of plain text at one time. The first case is termed as Stream Cipher whereas the second instance termed as the block cipher (Gong et al. 2013). DES, IDEA, RC4, and DES are the examples of the secret key algorithms.

Tunneling

The Point to Point Protocol (PPP) has an extension Point to Point Tunneling Protocol (PPTP). It encapsulates the local traffic into PPP. The Generic Routing Encapsulation (GRE) packets are then required to sent through the IP network. Microsoft has recently implemented a PPTP that uses a protocol. The protocol termed as Challenge Handshake Authentication Protocol (MS-CHAPv1). It utilized for the purpose of authentication. Another usage is for Microsoft's Point to Point Encryption (MPPE). The implemented PPTP of Microsoft did not reach the stage of maturity regarding authentication and encryption. The password of users is often used for hash algorithms. This kind of algorithms used as an alternative to storing key change algorithm like Diffie-Hellman or Internet Key Exchange (IKE). Certain weaknesses are required to fixed. The weaknesses are of MS-CHAPv1 that is needed to set with MS-CHAPv2 (Hasan 2014). The corrected version is available in Dial Up Networking (DUN)’s version 1.3.

Another tunneling protocol that tunnels the PPP traffic is the L2TP or Layer 2 Tunneling Protocol. The features in Layer 2 Forwarding or L2F and PPTP combined in L2TP. The methods of authentication include MS-CHAP, PAP (Password Authentication Protocol) and CHAP.

IPSec provides data confidentiality, integrity, and authentication of transmitted data. It is therefore not a tunneling protocol. This kind of rules used in case of communication between two end points. It is done by hiding one protocol into other. The encapsulation process is applied to protect the original contract during the transmission (Hines et al. 2015). IPSec used for encrypting the original information. It also makes the data undecipherable during transmission. The methods of authentication can only do the decryption of information at the both endpointsuthentication.

The algorithms for encryption are entirely possible for deciphering in the given resources and time. It aims to make the overall process much difficult.

The usage of Data Encryption Standard (DES) is a 64-bit block size. It is a block cipher. It implies that information can take under encryption in blocks of 64 bits.

A regular DES’s extension is Triple-DES (3DES) that uses 128-bit public-key.

Blowfish is a kind of block cipher. It uses a 64-bit block size. It can also use a variable keys of length which can be up to 448 bits (Kamite et al. 2014).

Another kind of block cipher is the International Data Encryption Algorithm (IDEA). It uses the 128 bit key.

RC4 is also a kind of stream cipher. It uses a variable-bit key (40/128).

The encryption solutions are Cisco Encryption Technology (CET) and Microsoft’s Point to Point Encryption (MPPE). There are some fewer features which are required to meet the requirements of IBasis.

To build an inexpensive private network, VPN is an ultimate choice. To avoid the usage of leased private lines which is very much costly, opting the usage of internet is a wise decision due to its cost effectiveness. There are several costs for a company to incur for implementation of the network. One is the hardware cost and the other is for the software used to authenticate the users. The additional cost  required for mechanisms such as authentication tokens or other devices prepared for security. The VPN connections have more flexibility, speed and its easy for implementation. Due to this reason, it has become an ideal option for a corporation which looks for less cost efficient network structure (Khanna et al. 2015). For an instance, it can be said that an organization can adjust the number of sites as per the varying requirements.

Their usage of VPN also has several disadvantages. There may be packet loss and performance issues due to lack of Quality of Service (QOS) in the communication through the internet. If any adverse network effects occur outside of the private network, then the VPN administrator is not able to do anything. As a result, the big corporate houses always pay a high amount for trusted VPNs to ensure Quality of Service. In VPN connections, Vendor Interoperability is again a disadvantage. It is due to the reason that VPN technologies adopted from one vendor may not be compatible with VPN technologies of another supplier (Klein et al. 2012). These advantages were not able to reduce the acceptance and deployment of VPN technology.  

Figure: Virtual Private Network: Posted on June 29, 2014, by Motiur Rahman

The concrete meaning of VPN is, therefore, Virtual Private Network. The system used for security and privacy of personal computer and laptops during usage of internet (Kompella 2012). In generally, the internet user access VPN to change their IP.

The development of the model based on the rewiring of the following resources.

Access points which are secured wireless

Gateways of Application

III. Control Servers

Authentication Servers (Kothari and Fernando 2012)

Mechanisms of security:

VPNs are not able to make the online connections to be completely anonymous. They can enhance the level of privacy and safety. VPNs in generally allow authenticated remote access. It also provides the usage of encryption techniques.

VPNs ensure the security by usage of tunneling protocols (Koushik et al. 2014). They often provide that security through encryption procedures. The security model of VPN provides:

Confidentiality in the case of network traffic sniffed at the level of the packet. If the system gets attacked, then the attacker can notice the data encrypted.

Authentication of the sender regarding prevention from the unauthorized access to VPN.

The integrity of the message for detecting the instances of tampering along with the transmitted messages (Kshirsagar and Thomas 2012).

The VPN-based protocols include the following:

The Internet Engineering Task Force (IETF) initially developed the Internet Protocol or IPSec for IPv6. It required in all standards-compliant implementations. The implementations are of IPv6 before RFC6434 has made a recommendation to it. The protocol mainly used for IPv4 and Tunneling protocol of Layer 2. The design of the protocol meets the requirements given below:

Confidentiality, authentication, and integrity. IPSec mainly used for encryption purpose; it aimed for encapsulation of the IP packet inside the other one. The reverse process, therefore, decryption happens at the tunnel end. The IP packet gets encapsulated and becomes forwarded to its destination.

The SSL or TLS or Transport Layer Security can tunnel the traffic from the network entirely. Such kind of tunneling is done in the case of Open VPN project as well as Soft Ether VPN project. This type of VPN connections is provided by the vendors. The Transport Layer Security or SSL VPN has the capability to connect the networks. It always complies with the rules of firewall and the translation of Network Address (Le Roux et al. 2013). The VPN also connects through SSL in the case of the trouble in IPSec.

Introduction

To check the background, a large number of articles have reviewed. The models and methods regarding VPNs have studied in an extensive manner for understanding the technology (Liu et al. 2014)). The details are given below.

Datagram Transport Layer Security (DTLS) – It used in Cisco. The Open Connect VPN and AnyConnect VPN required for resolution of the issues. It's the tunneling through the UDP of SSL/TLS.

The Point to Point Tunneling Protocol functions with Microsoft Point to Point Encryption (MPPE) in several compatible implementations on other platforms.

The SSTP or Microsoft Secure Socket Tunneling Protocol has a tunneling contact with Layer 2 tunneling protocol through an SSL 3.0 channel. It tunnels with Point to Point protocol. (SSTP came in notice in Windows Server 2008 and Windows Vista Pack 1.)

Multi Path Virtual Private Network (MPVPN) – Its owned by the traditional system development companies (Liyanage and Gurtov 2013).

Secure Shell (SSH) VPN – The SSH, which are open, provides the tunneling of VPN, which can connect the inter-network links. It provides a limited numbered channels of concurrency. This kind of architecture does not support the personal authentication.

Authentication

As the VPNs established, it must be made sure that the authentication of the tunnel endpoints has been done. The remote access VPNs created for access user use various methods including cryptography, biometrics, passwords or two-factor authentication. The tunnel connections often employ the digital certificates or passwords. Here the user's intervention is not at all required (Liyanage et al. 2016). The establishment of tunnel happens automatically by keeping the key in the store.

Routing

In the point to point network topology, the tunneling protocol can be active. But in such case, it can not be treated as the VPN. It can say due to that reason as VPN supports the arbitrary nodes along with the mobile networks. The software-defined interface of the tunnel is mostly compatible with the implemented routers (McDysan 2013). The conventional protocols of routing are in generally followed by the customized VPNs.

VPN building blocks of provider provision

By operation in the Layer 3 or Layer, 2 of the supplier provisioned VPN (PPVPN), it can state that the blocks that have been built are either of L2 or L3 or may be the combined structure of the two. Mostly the combined structure is denoted by the Multiprotocol label switching (MPLS) (Mullick et al. 2013).

RFC4026 frequently follows the L3 and L2 VPNs. In generally they have taken place in RFC2547. Lewis and Cisco Press also provides this kind of information on the device.

Customer (C) devices

This type of device not attached to the service provider's network but with the client's system. This device does not have the knowledge of the VPN.

Edge Device of the Customer (CE)

This kind of device lays at the edge of the client's network. It typically supports the client to access to the PPVPN. In some instances, it becomes a point of demarcation in between the responsibility of the customer and the service provider (Pati et al. 2014). The rest of the service providers provides the power for configuration to the customers.

Edge Device of the Provider (PE)

This kind of devices usually connects the customer networks and gives the view of the provider for the client site. It lays at the edge of the network of the supplier. PEs in generally maintain the state of the VPN. They are usually aware of the VPNs that typically connect to them.

Device of the Provider (P)

There is no such direct interface to any endpoint of the customer with the P device. It operates in the core network of the provider. In some cases for an instance, provider run tunnels that belong to PPVPNs of different customers might provide routing. For the implementation of PPVPNs, P device is the key part. The device does not implement VPN state. The device is is also unaware of the VPN. The principal role of the device is to allow the service provider to scale its PPVPN offerings. For an example, it represents itself as the multiple PE device's points of aggregation (Sahai and Waters 2014). In between the primary locations of the providers, P to P connections are treated as often high capacity optical links.

PPVPN Service of User Visibility

The section particularly deals with the VPN types. The models considered in the IETF.

OSI Layer 2 Services.

Virtual LAN

It is a kind of Layer 2 technique that allows the coexistence of the broadcast domains of multiple LAN; it's interconnected by the trunks through the usage of IEEE802. The protocols of trucking types have become obsolete. The old rules include Link of Inter-Switch (ISL), IEEE 802.0. The IEEE 802.0 is originally protocol made for security. But its basically a subset which has introduced for trucking purpose (Sajassi et al. 2014). Other kinds of old rules are the Emulation of ATM LAN (LANE).

Private LAN Service of Virtuality (VPLS)

This type of LAN service developed by the IEEE. To share common trunking, the VLANs also allow the multiple tagged LANs. The VLANs comprise the facilities that are owned by the customer. In the OSI Layer 1 services, the VPLS typically supports the emulation of both points to point topologies. The VPLS also supports the emulation of topologies of a point to multipoint nature. The discussed methods usually make an extension of Layer 2 technologies. Those techniques categorized as 802.1q and 802.1d (Salaam et al. 2014). This kind of trunking of LAN done over the transports. An example is the Metro Ethernet.

The VPLS is ordinarily a PPVPN of Layer 2 which uses the context. It is not a private line. It has the full functionality of the Local Area Network (LAN) of tradition. It can say from the standpoint of a user that, VPLS can make the interconnection between several LAN segments. It can make the interlinks over an optical, provider core or packet switched segments. The base made of transparency to the user (Shokhor and Shigapov 2013). It can make the LAN segments of small area act like a single LAN.

In the VPLS system, the emulation of a bridge of learning is done by the provider network. It optionally includes the service of VLAN.

Pseudo Wire

The Pseudo Wire or PW is quite same to the VPLS. The Pseudo Wire has the potential to provide different L2 protocols in the ends of both sides. Normally, the interface of such PW is the WAN protocol. The example of such protocol is the Frame Relay or the Asynchronous Mode of Transfer. The Virtual Private LAN service or the IPLS should be made appropriate for aiming to provide the LAN appearance (Si et al. 2014). The LAN will be therefore contiguous between two or more locations.

IP tunneling based Ethernet

An example for an Ethernet which relies on IP tunneling protocol specification is the Ether IP (RFC 3378). The mechanism for packet encapsulation has involved in EtherIP. The EtherIP has no protection for message integrity. It also lacks confidentiality. The Soft Ether program of VPN and the network stack of Free BSD has introduced the Ether IP.

IP-only LAN-like service (IPLS)

The L3 capabilities are already present in the CE devices. The IPLS are nothing but the subset of VPLS. The IPLS service in generally provides packets (Simon et al. 2015). They don’t provide any frames. The IPLS typically supports the IPV6 or the IPV4.

PPVPN architectures of OSI Layer 3

The segment in generally discusses the central structures of the PPVPNs. In this part, the PE makes a disambiguation for a duplicate address in a single routing service. In another case, the PE does have a virtual router in every VPN. In the standard approach, its variants, have got the maximum attention.

The PPVPN frequently involves many challenges. Such challenges include different customers who are using the address space in common. Such joint space includes the IPv4 address space. The provider should have the ability for disambiguating the addresses of overlapping nature (Stokes et al. 2014). Those overlapping addresses will be in the PPVPNs of the multiple customers.

MPLS/BGP PPVPN- RFC 2547 defines this method in which the BGP extensions broadcast the routes present in address group of IPv4 VPN, that are comprises of 12-byte string, which begins from a Route Distinguisher (RD) of 8-byte while ends with an address of 4 byte IPv4. The main purposes of RDs are to authorize the duplicate addresses in the same PE.

The purpose of PEs is to investigate the topology of every VPN, which gets interconnected with the tunnels known as MPLS, in a direct way or with the help of P routers (Sundarrajan et al. 2014). The MPLS consists of Label Switch Routers and P routers beyond VPNs consciousness.

PPVPN Virtual Router- As hostile to BGP/MPLS methods, the Virtual Router architecture do not need any modification in the pre-existing protocols of routing such as BGP. With the help of logically autonomous routing domains, a VPN that the consumer acts is wholly responsible for the space of address. There are several MPLS-tunnels, which comprises of various PPVPNs that are authorized by their label, and they do not need any distinguisher for routing.

Few virtual networks are present which are not using the method of encryption to protect and to bring privacy to their data (Van Der Merwe et al. 2014). The VPNs provides security by with the help of an unencrypted network overlay, which not suitable for the trusted or secured arrangements. For example, using Generic Routing Encapsulation (GRE) for performing a tunnel set up between two hosts may comprise of a virtual private network, which is not secure and trustworthy. 

The method of resident plaintext protocols for tunneling which consists of Layer 2 Tunneling Protocol (L2TP) while performing the construction without including the Microsoft Point-to-Point Encryption (MPPE) or Point-to-Point Tunneling Protocol (PPTP) and IPsec.

The entrusted VPNs are not using the method of cryptographic tunneling and instead of that, they depend on the individual provider's network for protecting the traffic.

Layer 2 Tunneling Protocol (L2TP), known as a principles-oriented substitution, and which involves in captivating the appropriate characteristics from each of the two healing VPN protocols namely as Cisco’s Layer 2 Forwarding (L2F) (which becomes obsolete after 2009) and the Microsoft’s Point-to-Point Tunneling Protocol (PPTP) (Wijnands et al. 2015).

The VPNs are overlaid by the Multi-Protocol Label Switching (MPLS) which consists of quality-of-service control upon a reliable delivery network.

From the security point of view, VPNs either need to enforce the security within the VPN mechanism or trusts the major delivery system. If the trusted delivery systems do not run on the physically secure sites only then both the safe and trusted techniques, require a mechanism for authentication for the users to obtain the right to use the VPN.

Mobile VPNs are set up in such a way that the endpoint of the VPN is not configured to an individual IP address though they move crosswise in different networks comprises of networking data between multiple Wi-Fi access points and also from cellular carriers. The mobile VPNs are used for bringing the public security, in which they offer law prosecution officers the approach to the serious mission operations, including the criminal databases and computer-assisted dispatch during their travel between various subnets present in the mobile network (Van Der Merwe et al. 2014). Mobile VPNs also plays a crucial role in the field of service management and are also used by healthcare organizations and other industries.

Recently, the mobile professionals are also adopting the use of mobile VPNs, as they require some stable connections. The uses of mobile VPNs are increasing as they help the users to roam in a seamless manner through the overall networks available. During the incoming and outgoing from any wireless exposure, mobile VPNs are used which helps in continuation of the application session without any losing or reducing of the secure VPN session. A conservative Virtual Private Network is unable to stay alive on these types of events since the overall tunnel of the network is disturbed, which results in a time out, disconnection, failure of applications, or even results in damage to the computing devices.

As an alternative to logically connecting the physical IP address with the endpoint of the network, each tunnel of the system is connected with a fixed IP address within the appliance. The purpose of software in mobile VPN is to maintain the sessions of the network in a transparent manner between the user and the application and also to handle the basic network authentication (Stokes et al. 2014). From the learning by the Internet Engineering Work Force, it is evident that the Host Identity Protocol (HIP) is prepared for supporting the flexibility of host by differentiating the work of IP address to identify the host from their performance locator available in the network of IP. With the help of HIP, a host of a mobile can maintain their rational connection, which is recognized through the host identification identifier during the connection with various IP addresses while meandering among the right to use the network protocols.

The use of VPN is increasing day by day, and many people are focusing on the implementation of VPN connectivity o their routers for bringing some extra security and for encryption of data communication by different types of cryptographic methods. After fixing the Virtual Private Network services within a router, it will enable the attached device(s) to employ the Virtual Private Network when it gets on. This technique provides ease in setting up of the Virtual Private Networks on the devices, which does not contain any local Virtual Private Network clients including Gaming Consoles, Smart Televisions, and so on (Simon et al. 2015). Implementing the VPNs on the routers also allows in bringing network scalability and enhances the cost savings.

There are many router manufacturers such as Netgear, Asus, and Cisco Linksys those who are supplying routers with inbuilt Virtual Private Network clients. Since the routers are not supporting all the relevant Virtual Private Network protocols including Open Virtual Private Network, many of these manufacturers provide their router with substitute open source firmware, which comprises of Tomato, Open WRT, and DD-WRT, and they support a multiple numbers of VPN protocols including the Open VPN and PPTP.

Limitations: Not all the routers are well matched with open source firmware. They depend on inbuilt flash memory and processor. Firmware such as DD-WRT requires Broadcom chipsets and a minimum of 2MB flash memory. Setting up of VPN services on any router it is necessary to have an in-depth information of network safety and proper fixing. Small disarrangement of any Virtual Private Network connection can make the network vulnerable (Si et al. 2014). The performance depends on the ISP of the VPN connections and their reliability.

Networking Limitations

One of the key drawbacks of conventional VPN is that they do not allow connecting or supporting the transmitting domains and are point-to-point in nature. Hence, the communication and software networking, which are dependable on broadcast packets and layer two, including the NetBIOS that the Windows networking uses. These factors do not entirely support or work accordingly since they would be on a real Local Area Networkv (Shokhor and Shigapov 2013). Modifications to Virtual Private Network including the layer two tunneling protocols and Virtual Private LAN are prepared for overcoming these sort of limitations.

A VPN is usually a virtual version of a safe, secure form of physical network, which comprises of a web of computers that are connected for sharing the files and various resources. VPNs also connect itself with the outside world with the help of Internet and which in turn allows securing the normal Internet traffic in accumulation of corporate assets.

The section is going to discuss the VPN’s Implementation Technique, which allows to track the landmark for this particular project, enhances the easiness of literary creation and generalization of the deployment processes.

Figure: Diagram of Star Topology

In the case of Star topology, all the different networking components are linked with an intermediate device known as "hub." It might be a switch, a hub, and even a router. Every workstations are connected to intermediate device by the help of point-to-point attachment in the star topology. For this reason, every computer is not directly attached to each and every node with the help of "hub".

All the data present the star topology goes through the central-device before getting to the actual destination (Salaam et al. 2013). The centre serves as a connection for connecting the various points available in the Star Network and also controls and manages the overall networking structure. “Hub” acts as an indication booster or repeater taking the help of central device it is using. The intermediate devices also get the opportunity to communicate with the other available hubs of different networks. For connecting the workstations to the central node, it is necessary to use Unshielded Twisted Pair (UTP) Ethernet cable.

Benefits of Star Topology

Bus Topology is not providing a better performance as that of Star topology. The signals do not gets transmitted necessarily through all the workstations. A sent signal reaches the actual destination after going through 2-3 links and 3-4 devices. The basic performance of the network totally depends upon the volume of the central hub (Sahai and Waters 2014).

In a star topology, there is no difficulty while connecting the current devices or nodes. Without affecting the overall network, the new nodes can be added quickly. In the same way, the components can also be removed in a straightforward manner.

The use of centralized management in star topology helps in network monitoring. The inactiveness of any single link or point does not influence the overall networking structure. It is quite easy for troubleshooting and detecting the breakdown at a particular moment.

Demerits of Star Topology

Very much dependency is there in the mid-device, which is one of the drawbacks of a star topology. If it becomes inactive, then the overall network gets a failure.

The using of a switch, a router, or a hub as an intermediate device enhances the regular price of the network structure (Sajassi et al. 2014).

The presentation and the number of nodes that are integrated into these types of topologies are very dependent upon the capability of the fundamental device.

Pre-Implementation

Different steps that are available in this pre-implementation phase will start soon after the acceptance and delivery of this particular project.

Acquisition of the hardware and requiring software are dependent on the suggested solution series present in the suggested Virtual Private Network Software and Elements. Additional components including the hubs and cables are enlisted as the duties of iBasis (Pati et al. 2014). 

The resolution, which is recommended, implements the 168-bit encryption present in the Cisco 7120 router and the listing needed for good encryption IOS software need to be completed while the process of purchasing the software. 

I am going to give the Badiepa Solution Limited Company two separate output for ensuring the suggested solution which is repeatedly experienced and customized to fulfill iBasis’s needs. The deliverables for the Badiepa Solution Limited Company includes:

Test Plan- I am going to develop a test plan for verifying the functionality of the suggested VPN solution. iBasis is going to validate and review the test plan for addressing the expected problems which were not seen before by REALTECH (Mullick et al. 2013). Virtual Private Network test structure typically consists of user structure testing and network structure testing. The overall test arrangement comprises of

The IP connectivity from the network systems to the user systems

Functions of VPN authorization

Connectivity between VPN client and VPN router

VPN users’ system ability for browsing Network Neighborhood

Virtual Private Network Client NT login domain

Virtual Private Network Session expiry on timeout

User response plan- The Badiepa Solution Limited Company’s employee is going to find six test users those who are going to use the VPN solution. The six test users are necessary to be present for ensuring the entire test of this result (McDyson 2013). With the completion of the six criteria, the user installs and configures the Virtual Private Network Client software and then they are asked to fill up a response questionnaire. The total response questionnaire, the distribution and collection techniques will be developed to maintain a partnership with BSLC for maximizing the overall efficiency of this system.

While the implementation process, the sample structure arrangement, and settings is to be done depending on the following fundamentals:

Cisco-Catalyst 6509- It is necessary to reverse a switch-port on both the external and internal Virtual Local Area Networks present within the Catalyst 6509 for replacing the Cisco 7100 router. The tasks of the port are needed to be done by the iBasis IT staffs (Liyanage et al. 2016). These ports are ultimately configured manually by setting up of 100 Mb full duplex also to fast port permit.

Cisco 7120 Router- The configuration of both the internal and external Fast Ethernet need to be interfaced with IP addresses (as given by iBasis) on the router and overall description regarding the interfaces need to be there. The configuration of the router is done for client commenced VPN access. It comprises of the ISAKMP transform map, the client dynamic map with full authentication, the formation of the internal VPN IP address pool, and the IPSec encryption algorithm. The iBasis IT staffs need to provide the network address range, and it shall comprise of a total class C network. The Xauth for authenticating the access required by the user uses TACACS+. A Cisco Safe Server is going to handle these TACACS+ authentication requirements (Liyanage and Gurtov 2013). The Cisco Safe Server is going to perform an investigation with the help of NT domain SAM databases for the justification of request. The routing for the internal interfaces will be handled by the OSPF, which insists the VPN traffic throughout the internal network. A static route is going to perform the routing for the external interfaces. It is going to point to the HSRP address present in the exterior routers.

Cisco Virtual Private Network Client 1.1 security policy- The REALTECH is going to produce a Virtual Private Network client security policy from a pre-existing Virtual Private Network Security Policy Editor. This security policy is going to serve as a standard procedure for every Virtual Private Network clients (Liu et al. 2014). The configuration of safety policy editor comprises of the following:

Addition of new policy for connection

Configuration of Safe Gateway Address

Configuration of customer’s identification

Configuration of pre-shared key

Configuration of authentication request

Shape of key exchange request

Shape of key exchange request

Configuration of SA lifetimes for permitting for timeout session

Configuration of encryption techniques and authentication

Completing the overall setup, the Virtual Private Network policy is going to save safely in a file and the file is going to be conveyed and uploaded into the other Virtual Private Network clients (Le Roux et al. 2013).

‘Sign off’ and Inspecting drafts- The inspecting drafts and ‘sign off’ is the ultimate phase of the procedure of documentation before the allocation to the test users. The document is going to be reviewed by iBasis and accordingly they will offer feedbacks/comments to REALTECH. Later on, the consideration of the comments and implementation of any diversity, the documents is going to be circulated among the test users at the time of deployment of the project. The feedbacks and comments of iBasis are going to be included in the user handbook (Koushik et al. 2014). At the end of the documentation, the final changes are made, both the REALTECH and iBasis are going to ‘sign-off’ based on the available manuscript and make it prepared for delivery.

CBT is going to be developed for providing VPN client training to the IT users. The training department of the organization also to engineers of  Badiepa Solution Limited Company is going to perform intimately with the help of IT for customizing the CBT. Later on, the user handbook is formed, and then the BSLC's Training Department will be creating an active planning of the project depending on the sources that are required for the completion of the task.

For developing the security model, it was necessary to choose a prototype methodology. With the help of that method, a working prototype of the particular model has been designed for checking the functional effectiveness and efficiency of conception, before setting up the actual system (Kothari and Fernando 2012). The working prototype undergoes several changes during the various developmental stages, and ultimately the finalized model is deployed with the final operational system.

While the designing of this prototype model the following tasks are done:

Congregation of requirements

Probability Lessons

System Study

Design of Software

Testing and Coding

Addition as well as Execution

Introduction

Design and analysis play a crucial role in conducting any technological project since the overall ideas produced from some comprehensive survey of the pre-existing fictional works are considered to be of enormous support to develop the model designing that could necessarily serve the project purpose. The extensive ranges of fictional works that have been analyzed in this project were significant in the process of constructing the VPN models (Klein et al. 2012). This VPN model in turn reduce the vulnerabilities of the wireless networks comprising of security attacks and several threats that are always made by the intruders. There is no need to say that the deployment of such a model would be beneficial in hampering the hostile tasks that are done by the invaders.

The discussion regarding the designed prototype is present in the following section which tries to reduce the susceptibilities of the wireless network structures.

Efficient needs

The economic needs of the systems that are prepared by reducing the sensitivity of the wireless networks of several attacks and threats are mentioned in this section:

Management of Conduct: The available system need to check the efficiency of the scheme (Khanna et al. 2012).

Composition Management: The available system need to work properly while doing composition management of the network.

Network usage management and account management: The available system needs to concentrate on the management of account and the management of the usage of the network.

Non-efficient needs

The non-efficient needs of the overall system are discussed in the below unit:

Wrong administration- The available system need to identify each and every problem that are going to occur while experiencing the wireless networks. The proposed system is required to solve the problems by fixing those challenges and need to organize reports regarding those circumstances (Kamite et al. 2014). The proposed system also needs to keep records of the defects that were identified.

Protective administration- the Protective management is also a non-efficient need for designed system. The structural administrator needs to bring changes in the warm settings of the system in such a way that the network resources perform well on the deployed security guidelines by the production institution.

With the help of designed system, the security management needs to recognize those resources which are essential for the good performance of the wireless network. Determination of resources plays a crucial role in helping the management team to allocate the convenience of user resources.

The designed system needs to provide the customers with the power to connect several nodes present in the system (Hines et al. 2015).

Discussion regarding the Investigation with Confirmation

Different types of security models are prepared which fundamentally fulfill the needs of the systems by considering the different efficient and non-effective needs.

The various security models need to provide the core functionalities which includes performance management of the different access nodes for ensuring the protection of the overall wireless network. The tasks that are connected with the overall performance controlling of the network which consists of the dimensions of the average levels of access needs or data requirements that the network user is requested (Hasan 2014). The measurement of the line operation or controlling the active user response times which allows the recognition of different wireless performance.

The functionality of composition management is related to the safeguarding of the overall inventory of network with exact configuration of the wireless network structure. The saved information of this process would be beneficial in the discovery of several issues, which might occur because of the problem of interoperability of the structure (Gorbunov et al. 2014).

The accounts administration is necessary for measuring the amount of information or data that the user of the system uses. It is also a need for keeping the records of the total billable amount required for such reasons. Appropriate administration of the account assures the fact that all the network resources are working effectively as a whole, and no uneven access point is in used within the secured network.

Hence, by the findings described by experienced researchers doing research in this particular field, it is quite evident that the safety structures need to apply the previous performance (Gong et al. 2013).

During the conduction of the literature review, we came to several resources, which illustrated that the use of cloud services could be beneficial in securing the wireless connections. Hence, it is fixed that the formation of data storage by the business association, maintaining the backup of data and calculating the data access would ultimately execute by the Cloud-oriented service provider such as SAS.

Project Designing

Figure: Network related diagram

In the above illustration, a free designing of the network security model is done which would offer protection to the Virtual Private Networks. It was stated earlier that the application servers would not be given the advantage of accessing any sensitive data, and which in turn would allow protection against the hacking. The overall network is confined with the help of a firewall, which would not the outside access to the data that are being gathered and transported through the network (Goldwasser et al. 2013). Double authentication would be implemented for securing the access points to make sure only the authorized users could get the network access.

Chapter 4: Implementation and Development

The second stage comprises of implementation. This particular stage deals with the configuration and installation of the apparatus in integration to the allocation of software for clients to the users of six tests. After the completion of the apparatus arrangement, a testing session will be organized on the trial plan prepared in the first stage. Different types of questionnaires are going to be collected after the completion of screening for review (Figueira et al. 2013). At the end of this point, the CBT, as well as the user manual, will be totally finished and need to be prepared for distribution.

Configuration of Hardware

The essential hardware materials will be installed on the construction network with minimal effect on the system of iBasis. The necessary hardware configuration comprises of escalating of the Cisco apparatus, connecting the router to both the internal and external Fast Ethernet networks (which is in a parallel position to the pre-existing PIX firewall) and insertion of latest ISM module.

Structure arrangement

With the help of the sample configuration document present in the Pre-implementation, all the systems are going to be configured.  The system that requires settings are as follows:

Cisco Secure Server

Cisco 7120 Router

Cisco Catalyst 6509

Configurations of user laptop

Testing

Based on the developed test plan during the pre-implementation, a test will be performed for the client initiated VPN solution. For the validation purpose, the test will be carried out under the guidance of BSLC's staffs. Then I will check the validity of the trial after its completion (Dutta and Kwok 2013). Finally, the personnel of iBasis test will give a signature after the completion of all the tests present in the test plan.

Post-certification

After the conclusion of this project, I am going to submit the certification to iBasis. Then I am going to obtain two paper, which will contain the following:

Synopsis of the project targets and job completed

VPN network solution related logical diagram(s)

Stock of installed hardware components comprising of warranty contracts, part numbers, and serials

Both soft copies and hard copies of router configurations and customized switches

Descriptions and Snapshots of VPN client structure

Details of laptop structures

Details of customized server configurations

User concurrency testing inventory and sign-off (Dimitri et al. 2013)

The engineering staffs of Badiepa Solution Limited Company belong to on-site controlling network presentation and answering to any problems, which is raised by the workers of BSLC. A standard post-rollout maintenance comprises of BSLC engineer for at least two years (4 hours per day) as an on-site after rollout and is going to be dependable to resolve network connectivity related problems and any other increasing problems.

Figure: Operational model of the project present in packet tracer

As WEP encryption separately unable to guarantee the network’s security or the different types of information that are transferred through the network (Das et al. 2016). For this reason only, the intruders need to cross a large number of hurdles for gaining the access towards the information, which is quite useful in different security models. Hence, the same technique has been taken in this particular case. A dual way of authentication security structure has been developed for securing the structure from any hateful behavior of the attackers or invaders. The purpose of the secured application gateway is to allow the authorized users with the access to the nodes present in the wireless security structures. On the other hand, the validation from the side of user assures that the person involved in making requests for promoting the use of the wireless network is a legitimate user (Chen et al. 2014). The next part of the authentication procedure is deployed by using a password system and secured ID. With the proper use of these two pieces of information, the users need to validate themselves in the well-designed security system.

Chapter 5. Testing of the Project Evaluation

The designed system needs to be subjected to the below-mentioned testing procedures for gaining surety about the enhanced security levels of the VPN system. They are as follows:

Risk Designing: Different types of components available in the overall system are taken into account for estimating their different susceptibility to protection threat.

Saturation Testing: The overall network security system is reviewed for ensuring the highest level of safety present in the network, which is termed as saturation network process (Cai et al. 2014). The different types of applications that runs on the wireless networks are known as the application penetration test.

The various kinds of cookies and information are being stocked on the available devices which are directly connected to the wireless network require being tested in an orderly manner for testing the efficiency of system security.

This section comprises of a brief description regarding the schedule that is related to the project progression.

The overall project is going to proceed in the following manner:

Figure: Gantt chart Representation

Features Works and Constraints

Features Works

As this project is not completed at the college, I am compelled to visit the University for a remarkable Grade in the significance of having a remote on the usage of packet tracer plot I was unable to finish as the time given to me at the college was not sufficient (Brakerski and Vaikuntanathan 2014). After the completion of 2 years at this college, I can grasp a sound knowledge, and I have prepared a good base on the Network Telecommunication topic. This knowledge, in turn, will brush up my mind with valuable knowledge regarding the Network Telecommunication and with the help of this important intellectual baggage I can able to get a good job in future. Since my objective is to work with the large bank square like Barclays Bank Plc. and hence, this study will open up better opportunities for me (Brahim et al. 2012). For achieving this goal, I need to work very hard at the University in all the units that the professor will present to me. 

Limitations

While I was doing my project in the college, there was some personal problem occurred and I was submerged later on. The problem was I did not have enough time to focus on the given project, I need to drop my children at school and pick them up after the school, and I have to work at night. This situation occurred due to plenty of workloads and for an attitude. The primary reason for my overflow feeling was much more to work on. While staying at Saint Patrick's College for the two long years, I have excellent knowledge and education in the technological field. Right now I am well concerned about the study of Network Telecommunication (Bragg et al. 2015). The project, which I gave on my own, was not sufficient to reach my expected grade. The stipulated time for the completion of the project was not enough. I was unable to use the Packet Tracer in a correct manner after practicing with my friend and even with my researches. Due to the lack of time, this project cannot be finished in college within time since I need to learn many things to complete this project, which I have not studied during my two years course in college. After the completion of my research activities, I met with lecturer Mr. Alan, who have helped me a lot in focusing on the configuration of packet tracer. I need to finish this project topic within one year in University.

End meeting

The end meeting achieves the phase 1 of the VPN project solution. The primary requirement of this meeting is to make an ending summary of the overall plan, and a post-documentation is presented to the engineers of Badiepa Solution Limited Company.

Conclusion

The organization often requires the necessary versatility to support the unknown future. The equipment that needed is usually of multivendor type. Here IPSec is recommended by I. The IPsec can provide the organization with three components which are essential (Unnimadhavan et al. 2016). They are essential in the VPN connections of security which comprises of tunneling, encryption, and authentication of packets.

The selected protocols of encryption based on the security level that is required. The laws imposed by the government for import and export of the technology also determines the selected protocol. The 128-bit strong encryption either used or not will decided by the sensitivity of the information for transportation. There can be a measurement of performance for the security level. The standard of security should not increase to a point where the security transmission's performance can degrade in a substantial manner (Border et al. 2015).

There is an essential factor which defines the solution in the creation of VPN back again in the United States. Such factors are the International iBasis offices. The United States government initiated relaxations in the regulations of exporting its 128-bit encryption technology. In such cases, Badiepa Solution Limited Company always keeps their eye with the laws governing in other countries. Due to this reason, implementation of minimal bit size key used for encryption and decryption has been decided (Baum and Voit 2012). The 3DES and DES methods of encryption are allowed to the usage of IPSec and the product line of Cisco. 

References

Abramson, S. and Sinha, R., Avaya Inc., 2012. Social network virtual private network. U.S. Patent 8,332,476.

Aggarwal, R., Kamite, Y., Fang, L., Rekhter, Y. and Kodeboniya, C., 2014. Multicast in Virtual Private LAN Service (VPLS). Internet Request for Comments, vol. RFC, 7117.

Asati, R., Khalid, M., Cherukuri, S., Durazzo, K.A. and Murthy, S., Cisco Technology, Inc., 2014. Integrating service insertion architecture and virtual private network. U.S. Patent 8,650,618.

Baum, R.T. and Voit, E.A., Verizon Communications Inc., 2012. Methods, apparatus and data structures for preserving address and service level information in a virtual private network. U.S. Patent 8,243,627.

Border, J., Dillon, D. and Pardee, P., Hughes Network Systems, Llc, 2015.Method and system for communicating over a segmented virtual private network (VPN). U.S. Patent 8,976,798.

Unnimadhavan, S., Bandlamudi, V.K., Adhya, T.K., Vadivelu, J. and Viswanathan, A., ARUBA NETWORKS INC., 2016. DISTRIBUTED VIRTUAL PRIVATE NETWORK. U.S. Patent 20,160,036,700.

Bragg, N.L., Allan, D., Smith, P.A. and Ungehagen, P., Rockstar Consortium Us Lp, 2013. Resilient provider link state bridging (PLSB) virtual private LAN service (VPLS) interworking. U.S. Patent 8,565,244.

Bragg, N.L., Allan, D., Smith, P.A. and Ungehagen, P., Rpx Clearinghouse Llc, 2015. Resilient provider link state bridging (PLSB) virtual private LAN service (VPLS) interworking. U.S. Patent 9,100,316.

Brahim, H.O., Allan, D. and Mohan, D., Rockstar Bideo LP, 2012. Method and apparatus for interworking VPLS and ethernet networks. U.S. Patent 8,144,715.

Brakerski, Z. and Vaikuntanathan, V., 2014. Efficient fully homomorphic encryption from (standard) LWE. SIAM Journal on Computing, 43(2), pp.831-871.

Chen, M., Liu, Z., Paul, M., JOUNAY, F., Kamite, Y., Kunze, R., Key, R. and Jin, L., 2014. Extension to LDP-VPLS for Ethernet Broadcast and Multicast.

Chen, R., Cai, D., Liu, Z., Salam, S. and Jin, L., 2014. Redundancy Mechanism for Inter-domain VPLS Service.

Chen, Z., Thangavelu, A., Xiang, D. and Yanjun, Y.A.N.G., Sonicwall, Inc., 2014. Virtual private network dead peer detection. U.S. Patent Application 14/150,537.

Das, S.K., Samantray, A.K. and Patra, S.K., 2016. Hybrid crosstalk aware Q-factor analysis for selection of optical virtual private network connection.International Journal of Electronics, 103(1), pp.113-129.

Dimitri, P., Belotti, S., Ceccarelli, D., Tochio, Y., Fedyk, D. and Zhang, F., 2013. Applicability Statement for Layer 1 Virtual Private Network (L1VPN) Enhanced Mode.

Dutta, P. and Kwok, P., 2013. MAC Flush Loop Detection in VPLS.

Dutta, P., Balus, F., Stokes, O., Calvignac, G. and Fedyk, D., 2014. LDP Extensions for Optimized MAC Address Withdrawal in a Hierarchical Virtual Private LAN Service (H-VPLS) (No. RFC 7361).

Figueira, N.R., Liaw, F. and Gitlin, R.D., Brixham Solutions Ltd., 2013.Mapping PBT and PBB-TE traffic to VPLS and other services. U.S. Patent 8,619,784.

Figueira, N.R., Liaw, F. and Gitlin, R.D., Brixham Solutions Ltd., 2013.Mapping pbt and pbb-te traffic to vpls and other services. U.S. Patent Application 14/050,067.

Ghosh, K., Juniper Networks, Inc., 2013. Forwarding multicast packets in a VPLS router on the basis of MAC addresses. U.S. Patent 8,576,844.

Gong, L.H., Liu, Y. and Zhou, N.R., 2013. Novel quantum virtual private network scheme for PON via quantum secure direct communication.International Journal of Theoretical Physics, 52(9), pp.3260-3268.

Gorbunov, S., Vaikuntanathan, V. and Wee, H., 2015. Attribute-based encryption for circuits. Journal of the ACM (JACM), 62(6), p.45.

Hasan, S., Juniper Networks, Inc., 2014. Handling switchover of multi-homed connections in VPLS networks. U.S. Patent 8,780,699.

Hasan, S.S., Juniper Networks, Inc., 2014. Extending VPLS support for CE lag multi-homing. U.S. Patent 8,705,526.

Hines, M., Malas, D., Miles, J. and Ratterree, G., Level 3 Communications, Llc, 2015. System and method for providing network services over shared virtual private network (VPN). U.S. Patent 9,077,587.

Kamite, Y., Fang, L., Rekhter, Y. and Aggarwal, R., 2014. Multicast in Virtual Private LAN Service (VPLS).

Khanna, S., Medikonda, R. and Dillon, G.D., Tellabs Operations, Inc., 2015.Method and apparatus for media distribution using VPLS in a ring topology. U.S. Patent 9,083,551.

Klein, D., Pries, R., Scharf, M., Soellner, M. and Menth, M., 2012, June. Modeling and evaluation of address resolution scalability in VPLS. InCommunications (ICC), 2012 IEEE International Conference on (pp. 2741-2746). IEEE.

Kompella, K., Juniper Networks, Inc., 2012. Inter-autonomous system (AS) virtual private local area network service (VPLS). U.S. Patent 8,125,926.

Kothari, B. and Fernando, R., Juniper Networks, Inc., 2012. Virtual private local area network service (VPLS) flush mechanism for BGP-based VPLS networks. U.S. Patent 8,170,033.

Koushik, A.K., Mediratta, R. and Nadeau, T., 2014. Virtual Private LAN Service (VPLS) Management Information Base.

Kshirsagar, S. and Thomas, C.N., Juniper Networks, Inc., 2012. Application-specific network-layer virtual private network connections. U.S. Patent 8,095,786.

Le Roux, J.L., Decraene, B. and Transy, E., 2013. System for securing the access to a destination in a virtual private network. U.S. Patent 8,379,511.

Liu, Z., Jin, L., Chen, R., Cai, D. and Salam, S., 2014. Redundancy Mechanism for Inter-domain VPLS Service (No. RFC 7309).

Liyanage, M. and Gurtov, A., 2013, April. A scalable and secure VPLS architecture for provider provisioned networks. In Wireless Communications and Networking Conference (WCNC), 2013 IEEE (pp. 1115-1120). IEEE.

Liyanage, M., Gurtov, A. and Ylianttila, M., 2016. Improving the Tunnel Management Performance of Secure VPLS Architectures with SDN. In Proc. of IEEE Consumer Communications and Networking Conference (CCNC), Las Vegas, USA. IEEE.

McDysan, D.E., Verizon Business Global Llc, 2013. System, method and apparatus that isolate virtual private network (VPN) and best effort traffic to resist denial of service attacks. U.S. Patent 8,543,734.

Mullick, A., Nanjundaswamy, S. and Soni, A., Citrix Systems, Inc., 2013.Method and appliance for authenticating, by an appliance, a client to access a virtual private network connection, based on an attribute of a client-side certificate. U.S. Patent 8,413,229.

Pati, M., Salam, S., Patel, K. and Sajassi, A., Cisco Technology, Inc., 2014.Managing active edge devices in VPLS using BGP signaling. U.S. Patent 8,743,886.

Sahai, A. and Waters, B., 2014, May. How to use indistinguishability obfuscation: deniable encryption, and more. In Proceedings of the 46th Annual ACM Symposium on Theory of Computing (pp. 475-484). ACM.

Sajassi, A., Matsushima, S., Salam, S. and Martini, L., 2014. Inter-Chassis Communication Protocol for Layer 2 Virtual Private Network (L2VPN) Provider Edge (PE) Redundancy.

Salam, S.M., Sajassi, A. and Henderson, S., Cisco Technology, Inc., 2013.Connectivity fault management (CFM) auto-provisioning using virtual private LAN service (VPLS) auto-discovery. U.S. Patent 8,385,353.

Shokhor, S. and Shigapov, A., F5 Networks, Inc., 2013. System and method for dynamic policy based access over a virtual private network. U.S. Patent 8,560,709.

Si, X., Cui, T. and Wang, Q., Oracle International Corporation, 2014. System and method for allowing virtual private network users to obtain presence status and/or location of others on demand. U.S. Patent 8,804,928.

Simon, F., Hanika, J. and Dachsbacher, C., 2015, May. Rich‐VPLs for Improving the Versatility of Many‐Light Methods. In Computer Graphics Forum (Vol. 34, No. 2, pp. 575-584).

Stokes, O., Balus, F., Fedyk, D. and Dutta, P., 2014. LDP Extensions for Optimized MAC Address Withdrawal in a Hierarchical Virtual Private LAN Service (H-VPLS).

Sundarrajan, P., He, J., Soni, A., Nanjundaswamy, S. and Kumar, A., Citrix Systems, Inc., 2014. System and method for establishing a virtual private network. U.S. Patent 8,726,006.

Van Der Merwe, J., Gerber, A. and Ramakrishnan, K., At&T Intellectual Property I, LP, 2014. Methods and apparatus to communicatively couple virtual private networks to virtual machines within distributive computing networks. U.S. Patent 8,705,513.

Wijnands, I., Boers, A., Cai, Y. and Rosen, E., 2015. Multicast Virtual Private Network (MVPN): Using Bidirectional P-Tunnels.