You are on page 1of 18

Cc giao thc trn Layer 2

1. ARP Address Resolution Protocol


Mng LAN nh hot ng da trn hai lp mt v hai trong m hnh OSI ( lp physical v datalink). Nhng cc giao thc lin mng ( internet-work ) li da trn a ch lp ba (lp network). Vic phn gii a ch gia lp datalink v lp network nhm gip cho vic truyn d liu c lin tc qua mng. C hai phng php phn gii a ch l : map trc tip v phn gii ng. Vic map trc tip gp nhiu kh khn do a ch MAC (lp datalink) l a ch 48 bit trong khi a ch IP l 32 bit. Bn cnh cc nh pht trin mun to ra mt c ch linh hot trong s dng. Chnh v vy h pht trin ARP ( Address Resolution Protocol ).

1.1 ARP l g
ARP l phng thc phn gii a ch ng gia a ch lp network v a ch lp datalink. Qu trnh thc hin bng cch: mt thit b IP trong mng gi mt gi tin broadcast n ton mng yu cu thit b khc gi tr li a ch phn cng ( a ch lp datalink ) ca mnh. Ban u ARP ch c s dng trong mng Ethernet phn gii a ch IP v a ch MAC. Nhng ngy nay ARP c ng dng rng ri v dng trong cc cng ngh khc da trn lp hai.

1.2 C ch hot ng
Qu trnh thc hin ARP c bt u khi mt thit b ngun trong mt mng IP c nhu cu gi mt gi tin IP. Trc ht thit b phi xc nh xem a ch IP ch ca gi tin c phi nm cng trong mng ni b ca mnh hay khng. Nu ng vy th thit b s gi trc tip gi tin n thit b ch. Nu a ch IP ch nm trn mng khc, th thit b s gi gi tin n mt trong cc router nm cng trn mng ni b router ny lm nhim v forward gi tin. C hai trng hp ta u thy c l thit b phi gi tin IP n mt thit b IP khc trn cng mng ni b. Ta bit rng vic gi gi tin trong cng mng thng qua Switch l da vo a ch MAC hay a ch phn cng ca thit b. Sau khi gi tin oc ng gi th mi bt u c chuyn qua qu trnh phn gii a ch ARP v c chuyn i. ARP v c bn l mt qu trnh 2 chiu request/response gia cc thit b trong cng mng ni b. Thit b ngun request bng cch gi mt bn tin broadcast trn ton mng. Thit b ch response bng mt bn tin unicast n thit b ngun

1.3 Cc loi bn tin ARP


C hai dng bn tin trong ARP : mt c gi t ngun n ch, v mt c gi t ch ti ngun. Request : Khi to qu trnh, gi tin c gi t thit b ngun ti thit b ch Reply : L qu trnh p tr gi tin ARP request, c gi t my ch n my ngun

1.4 C 4 loi a ch trong mt bn tin ARP :


1. Sender Hardware Address : a ch lp hai ca thit b gi bn tin 2. Sender Protocol Address : a ch lp ba ( hay a ch logic ) ca thit b gi bn tin 3. Target Hardware Address : a ch lp hai ( a ch phn cng ) ca thit b ch ca bn tin 4. Target Protocol Address : a ch lp ba ( hay a ch logic ) ca thit b ch ca bn tin.

1.5 Cc bc hot ng ca ARP :

1. Source Device Checks Cache : Trong bc ny, thit b s kim tra cache ( b m ) ca mnh. Nu c a ch IP ch tng ng vi MAC no ri th lp tc chuyn ln bc 9 2. Source Device Generates ARP Request Message : Bt u khi to gi tin ARP Request vi cc trng a ch nh trn 3. Source Device Broadcasts ARP Request Message : Thit b ngun qung b gi tin ARP Request trn ton mng 4. Local Devices Process ARP Request Message : Cc thit b trong mng u nhn c gi tin ARP Request. Gi tin c x l bng cch cc thit b u nhn vo trng a ch Target Protocol Address. Nu trng vi a ch ca mnh th tip tc x l, nu khng th hy gi tin 5. Destination Device Generates ARP Reply Message : Thit b vi IP trng vi IP trong trng Target Protocol Address s bt u qu trnh khi to gi tin ARP Reply bng cch ly cc trng Sender Hardware Address v Sender Protocol Address trong gi tin ARP nhn c a vo lm Target trong gi tin gi i. ng thi thit b s ly a ch datalink ca mnh a vo trng Sender Hardware Address 6. Destination Device Updates ARP Cache : Thit b ch ( thit b khi to gi tin ARP Reply ) ng thi cp nht bng nh x a ch IP v MAC ca thit b ngun vo bng ARP cache ca mnh gim bt thi gian x l cho cc ln sau 7. Destination Device Sends ARP Reply Message : Thit b ch bt u gi gi tin Reply c khi to n thit b ngun. Gi tin reply l gi tin gi unicast 8. Source Device Processes ARP Reply Message : Thit b ngun nhn c gi tin reply v x l bng cch lu trng Sender Hardware Address trong gi reply nh a ch phn cng ca thit b ch 9. Source Device Updates ARP Cache : Thit b ngun update vo ARP cache ca mnh gi tr tng ng gia a ch network v a ch datalink ca thit b ch. Ln sau s khng cn cn ti request.

1.6. ARP Caching


ARP l mt giao thc phn gii a ch ng. Qu trnh gi gi tin Request v Reply s tiu tn bng thng mng. Chnh v vy cng hn ch ti a vic gi gi tin Request v Reply s cng gp phn lm tng kh nng hat ng ca mng.T sinh ra nhu cu ca ARP Caching

1.6.1 Static and Dynamic ARP Cache Entries ARP Cache c dng ging nh mt bng tng ng gia a ch hardware v a ch IP. C hai cch a cc thnh phn tng ng vo bng ARP : Static ARP Cache Entries: y l cch m cc thnh phn tng ng trong bng ARP c a vo ln lt bi ngi qun tr. Cng vic c tin hnh mt cch th cng Dynamic ARP Cache Entries: y l qu trnh m cc thnh phn a ch hardware/IP c a vo ARP cache mt cch hon ton t ng bng phn mm sau khi hon tt qu trnh phn gii a ch. Chng c lu trong cache trong mt khong thi gian v sau s c xa i Dynamic Cache c s dng rng ri hn v tt c cc qu trnh din ra t ng v khng cn n s tng tc ca ngi qun tr. Tuy nhin static cache vn c phm vi ng dng nht nh ca n. l trng hp m cc workstation nn c static ARP entry n router v file server nm trong mng. iu ny s hn ch vic gi cc gi tin thc hin qu trnh phn gii a ch. Tuy nhin ngoi hn ch ca vic phi nhp bng tay, static cache cn thm hn ch na l khi a ch IP ca cc thit b trong mng thay i th s dn n vic phi thay i ARP cache. 1.6.2 Qu trnh xa thng tin trong cache Ta xt trng hp bng cache ca mt thit b A, trong c cha thng tin v thit b B trong mng. Nu cc thng tin trong cache c lu mi mi, s c mt s vn nh sau xy ra :

a ch phn cng thit v oc thay i : y l trng hp khi thit b B c thay i card mng hay thit b giao tip, lm thay i a ch MAC ca thit b. iu ny lm cho cc thng tin trong cache ca A khng cn ng na a ch IP ca thit b c thay i : Ngi qun tr hay nh cung cp thay i a ch IP ca B, cng lm cho thng tin trong cache ca A b sai lch Thit b c rt ra khi mng : Khi B c rt ra khi mng nhng A khng c bit, v gy lng ph v ti nguyn ca A lu thng tin khng cn thit v tn thi gian tm kim. trnh c nhng vn ny, cc thng tin trong dynamic cache s c t ng xa sau mt khong thi gian nht nh. Qu trnh ny c thc hin mt cch hon ton t ng khi s dng ARP vi khong thi gian thng l 10 hoc 20 pht. Sau mt khong thi gian nht nh c lu trong cache , thng tin s c xa i. Ln s dng sau, thng tin s c update tr li.

1.7 Proxy ARP


ARP c thit k cho cc thit b nm trong ni mng, c tnh cht local. Tuy nhin nu hai thit b A v B b chia ct bi 1 router th chng s c coi nh l khng local vi nhau na. Khi A mun gi thng tin n B, A s khng gi trc tip c n B theo a ch lp hai, m phi gi qua router v c coi l cch nhau 2 hop lp ba. 1.7.1 V sao cn phi c Proxy ARP ? Khc vi cc trng hp thng thng, nhiu trng hp hai thit b A v B nm trn 2 segment vt l khc nhau nhng c kt ni qua mt router v cng nm trong mt mng IP hay mt IP subnet. Lc ny A v B s coi nhau c quan h local. Gi s ta c tnh hung A mun gi thng tin cho B. A ngh B trong cng ni mng v tm trong bng ARP cache. A khng lu a ch MAC ca B v bt u tin hnh qu trnh phn gii a ch. A broadcast gi ARP request trong ni mng tm a ch MAC ca B. S c vn xy ra : B khng cng nm trong mng v s khng nhn c gi tin broadcast cng nh router kt ni s khng forward gi broadcasr t A qua B ( router khng truyn cc gi broadcast lp datalink ) V vy B khng bao gi nhn c request t A cng nh A s khng bao gi c c a ch MAC ca B. 1.7.2 Hot ng ca Proxy ARP Gii php cho tnh hung ny c gi l ARP proxying hay Proxy ARP. Trong cng ngh ny, router nm gia 2 mng local s c cu hnh p ng cc gi tin broadcast gi t A thay cho B. Router s khng gi cho A a ch MAC ca B, v d th no A v B cng nm trn hai mng khc nhau v khng th gi trc tip n nhau c. Thay vo router s gi cho A cc a ch MAC cu chnh router. A sau s gi thng cc gi tin cho router, v router s forward sang cho B. Qu trnh cng hon ton din ra tng t khi B mun gi thng tin cho A, hay cho bt c thit b no m ch n ca gi tin l mt thit b mt mng khc. 1.7.3 u im v nhc im ca Proxying u im d nhn thy ca Proxy ARP l cc router hot ng nhng cc thit b khng h cm nhn c s hot ng ca n. Cc hot ng gi nhn gia hai thit b thuc hai LAN khc nhau vn din ra bnh thng Tuy nhin n vn c nhng mt tri v nhng im hn ch ca mnh : Th nht, n lm tng phc tp ca mng Th hai, nu nhiu hn mt router kt ni ti hai LAN cng nm trong mt mng IP, nhiu vn c th pht sinh Th ba, cng ngh ny cng to nn nhng mi nguy c tim n v an ninh v bo mt, khi cc router c cu

hnh proxy, to nguy c v gi mo a ch Do vy, gii php tt nht l thit k li topo mng ch mt router kt ni ti hai LAN nm trong mt mng IP.

2. RARP Reverse Address Resolution Protocol


Giao thc RARP Giao thc phn gii ngc li a ch. Giao thc ny s dng nh dng gi ARP v khng lien quan n Ip, do gi tin ny khng th c nh tuyn. RARP thng s dng trn mng LAN. RARP i hi mt hoc nhiu my ch lu tr duy tr mt c s d liu bn ca a ch lp lien kt n cc a ch giao thc tng ng. Media Access Control (MAC) a ch cn thit c cu hnh ring trn cc my ch ca ngi qun tr. RARP c gii hn ch phc v cc a ch IP. nh ngha: Giao thc RARP hay cn gi l giao thc phn gii ngc li a ch l mt giao thc mng my tnh c s dng bi 1 my ch yu cu giao thc Internet(IPv4) dung xc nh a ch IP (a ch logic) t a ch vt l (MAC) ca thit b. 2.1 Mc ch v ng dng ca giao thc RARP 2.1.1 Mc ch: S dng giao thc RARP tm a ch logic(IP)( Thc cht l vic nh x cho Host 1 a ch IP) khi bit a ch vt l (MAC) ca Host. 2.1.2 ng dng: RARP thng s dng trong mng LAN phm vi nh (chng hn nh 1 subnet) ni m nhng my trm diskless workstation v: Thng thng cc a ch IP ca h thng thng c lu tr trong mt file cu hnh trong cc vng a. Khi h thng bt u khi ng th n xc nh IP ca n t tp tin ny. Trong trng hp my trm diskless workstation, a ch IP khng th lu tr trong h thng c. Trong trng hp ny RARP c th c s dng c c a ch IP t my ch RARP (RARP Server) RARP s dng nh dng ging gi trong giao thc ARP v khng lin quan n IP, do vy gi tin RARP (RARP packet) khng th nh tuyn do nu vic truyn cc gi tin trong 1 subnet khi khng cn phi s dng cc b nh tuyn phc tp. V d minh ha!

2.2 c im cu trc giao thc RARP. 2.2.1 Cu trc ca RARP RARP nm trn lp th hai ca m hnh OSI (Data Link) Mt gi tin RARP c dng nh sau:

Trong : Hardware type: Dng phn cng l loi no ( V d Ethernet th c gi tr l 1) Protocol type: Dng phng thc mng s dng l loi no ( y l IPv4 nn c gi tr l 0x0800) Hardware address length: Kch thc a ch phn cng Ethernet c gi tr l 6. Protocol address length: rng ca a ch IPv4 c gi tr l 4. Source hardware address (Sender hardware address): a ch phn cng ni gi gi tin ( V d Ethernet chim 6 bytes).

Source protocol address (Sender protocol address): a ch ca loi giao thc ti ni gi. (V d vi IP chim 4 bytes). Destination hardware address( Target hardware address): a ch phn cng ca ni cn gi gi tin (V d Ethernet chim 6 bytes). Destination protocol address ( Target protocol address): a ch ca loi giao thc ti ni gi gi tin n. Opcode: Trng thi ang hot ng ca gi tin RARP. RARP request tr v gi tr 3, RARP reply tr v gi tr 4. Di y l v d v RARP ( Encapsulation of RARP packet)

2.2.2 c im ca RARP Giao thc ny xut hin u tin trong vic gii quyt nhim v nh x t a ch vt l sang a ch logic. S dng trong cc h thng Diskless workstation. S dng nhiu trong cc mng LAN qui m nh, c bit trong mng Ethernet. Hin ti RARP khng cn s dng na m thay th bng giao thc khc l BOOTP v DHCP. RARP cng vi ARP nm trn lp lin kt d liu ca m hnh OSI 2.2.3 Hot ng k thut ca RARP

Qu trnh thc hin RARP c bt u khi mt gi tin mun gi i n mt my khc, lm c iu ny trc tin l gi tin phi xc nh a ch IP ca mng m my ang tn ti trong . Nh chng ta bit vic gi gi tin trong cng 1 mng thong qua Switch l da vo a ch MAC tuye nhin bit c chng c cng trong 1 mng hay khng th cn xc nh IP ca mng , RARP lm nhim v ny. Khi mt my trng mng cc b gi yu cu xc nh a ch IP t cng ca my ch ARP th chng s kim tra ti cc bng hoc b nh m (Cache) ti . Mt ngi qun tr mng ( Network Administrator) c trch nhim to ra bng ti cng nh hng ca mng cc b ny. Bng ny s nh x a ch MAC ca my sang a ch IP tng ng.

Khi nim RARP Server: Tt c nh x gia a ch vt l (MAC) vi a ch logic (IP) ca cc host th u c lu tr vo tp cu hnh ca 1 host no trong mng. Host ny c gi l RARP Server. Host ny p ng tt c cc yu cu ca RARP Request. Cn tp cu hnh ny nm trn vng a cng ca RARP Server. RARP Client: L mt h thng my tnh (Host), ni pht ra cc yu cu xc nh IP ca Host vi u v l MAC. Hot ng: Xy ra hai qu trnh chnh RARP Client pht i yu cu nm trong gi RARP vi a ch MAC ca n. RARP Server tr li li yu cu t gi tin RARP ca RARP Client gi ti Khi mt h thng Diskless workstation khi ng, n pht i mt gi yu cu RARP vi a ch MAC ca n. Gi tin ny c nhn bi tt c cc Host trong mng v c gi l gi Broadcast. Khi RARP Server nhn c gi tin

ny n nhn ln a ch MAC trong tp cu hnh v xc inh IP tng ng. Sau n gi a ch IP trong gi tr li tin RARP (RARP Reply) v ch gi t mt host ch cn ti v vy gi l gi Unicast. H thng Diskless workstation bn u nhn c gi tin ny v a ch IP. Mt gi tin RARP Request thng c to ra trong qu trnh khi ng ca Host. Khi RARP Server nhn c gi RARP Request, n thc hin cc bc sau: a ch MAC trong gi tin yu cu c tm kim trong tp cu hnh, v c nh x sang a ch IP tng ng. Nu vic nh x khng tm thy th gi tin s b loi Nu vic nh x c tm thy, mt gi tin RARP Request c to ra vi a ch MAC v IP. Sau gi ny c gi tr li Host m a ra gi RARP Request. Lc ny Host nhn c RARP Reply, n nhn c a ch IP t gi tin RARP ban u v hon tt qu trnh khi ng (boot), a ch IP c s dng giao tip vi cc Host khc trong mng cho n khi n khi ng li.

Kch thc ca mt gi tin RARP l 28 bytes. c im ca gi RARP Requuest v RARP Reply l cng mt s trng hp xy ra qu trnh gi v nhn: Trong Ethernet: i vi gi RARP Request, a ch ngun l a ch MAC ca Host m n gi gi tin RARP Request, a ch ch l a ch MAC ca Broadcast Ethernet (FF:FF:FF:FF:FF:FF) v ng gi trong trng 0x8035 i vi RARP Reply, a ch ngun ca gi l a ch MAC ca RARP Server, a ch ch l a ch MAC ca Host m n gi gi RARP Request n v n cng c ng gi trong trng 0x8035. Cc gi tin nh dng RARP Request ging vi nh dng ca gi tin RARP Reply. Cc thao tc trong gi tin RARP thng c s dng phn bit gia RARP Request v RARP Reple.Trong khi gi RARP Reply: a ch IP ngun l a ch IP ca RARP Server, cn a ch ch l a ch IP ca Host m n gi gi RARP Request. Nu c nhiu hn 1 trm phc v RARP Server cho mt yu cu t RARP Request th Host m pht ra RARP request s ch nhn mt gi tin RARP Reply u tin m n nhn c, cc gi RARP Reply n t cc RARP Server no trong mng s b hy. Trong trng hp Host khng nhn c gi RARP Reply no trong mt khong thi gian hp l th Host khng th hon thnh qu trnh t khi ng ca n kt ni vi mng. Tuy nhin thng thng cc Host s c gng gi li mt gi RARP Request thc hin li qu trnh sau mt khong thi gian no , ngi ta gi l Timeout.

Cisco Discovery Protocol (CDP)

Phn I: Tm hiu CDP - CDP l mt giao thc dng khm ph thit b, giao thc ny hot ng layer 2 (Layer Data Link) trn tt c cc thit b ca hng Cisco (nh: router, bridge, access server, v switch) v cho php cc ng dng qun l mng c th tm ra nhng thit b ca Cisco, nhng thit b ny l nhng thit b hng xm bit. Vi CDP, nhng ng dng qun l mng c th hc c cc loi thit b v a ch SNMP agent ca thit hng xm ang chy layer bn di, nhng giao thc truyn d liu. Tnh nng ny cho php nhng ng dng gi cc SNMP queries n cc thit b hng xm. - CDP chy trn tt c cc mi trng mng c h tr Sunetwork Access Protocol (SNAP). Bi v CDP chy trn mt layer duy nht l Layer Data-link, hai h thng c kh nng h tr nhng giao thc khc nhau ca layer network c th hc c thng tin v thit b ca nhau. - Mi mt thit b cu hnh CDP s gi cc thng ip theo chu k di dng a ch multicast, qung b t nht mt a ch m n c th nhn cc SNMP message. Qu trnh qung b cng cha time-to-live (TTL), hoc thng tin holdtime, holdtime l thi gian m mt thit b nhn c mt thng tin CDP v mt thit b khc v lu tr chng trc khi quyt nh hy thng tin i. Mi thit b cng lun lng nghe nhng message c gi bi nhng thit b khc hc thng tin v hng xm ca nhng thit b . - Trn mt switch, CDP enable Network Assistant hin th mt bn v mt mng no . Switch s dng CDP tm kim nhng cluster candidate v duy tr nhng thng tin v cc thnh vin ca cluster . - Cc switch c kh nng h tr CDP version 2. Phn II: Cu hnh CDP - Phn cu hnh CDP s bao gm nhng ch sau: + Cu hnh CDP mc nh + Cu hnh cc thng s ca CDP + Disable v Enable CDP + Disable v Enable CDP trn mt interface. 1. Cu hnh CDP mc nh - Bng 1.1 hin th cc thng s cu hnh mc nh ca CDP.

2. Cu hnh cc thng s ca CDP. - Bn c th cu hnh li thi gian update cc CDP message, v thi gian lu tr nhng thng tin trc khi quyt nh hy thng tin i. - Bt u cu hnh ch Privileged EXEC trn switch, bn s thc hin cc bc sau cu hnh li CDP timer, holdtime v advertisement type. example: Switch_3560_VNE# configure terminal Switch_3560_VNE(config)# cdp timer 50 Switch_3560_VNE(config)# cdp holdtime 120 Switch_3560_VNE(config)# cdp advertise-v2 Switch_3560_VNE(config)# end Switch_3560_VNE# show cdp Switch_3560_VNE# copy run start - S dng t kha no trc cc cu lnh ca CDP tr v nhng tham s mc nh. 3. Disable v Enable CDP. - CDP c enable theo mc nh. - Cc bn c th thc hin nhng bc sau disable CDP. example: Switch_3560_VNE# configure terminal Switch_3560_VNE(config)# no cdp run Switch_3560_VNE(config)# end - enable CDP tr li hot ng, bn s dng nhng cu lnh di y: example: Switch_3560_VNE# configure terminal Switch_3560_VNE(config)# cdp run Switch_3560_VNE(config)# end 4. Disable v Enable CDP trn mt interface. - CDP c enable mc nh trn tt c cc interface gi v nhn cc thng tin CDP.

- disable CDP trn mt interface no , s dng nhng cu lnh sau: example: Switch_3560_VNE# configure terminal Switch_3560_VNE(config)# interface fastethernet 0/22 Switch_3560_VNE(config-if)# no cdp enable Switch_3560_VNE(config-if)# end Switch_3560_VNE# copy run start - enable CDP hot ng tr li trn mt interface no , th bn c th dng nhng lnh sau: example: Switch_3560_VNE# configure terminal Switch_3560_VNE(config)# interface fastethernet 0/24 Switch_3560_VNE(config-if)# cdp enable Switch_3560_VNE(config-if)# end Switch_3560_VNE# copy run start 5. Gim st v duy tr CDP. - c th gim st v duy tr s hot ng ca CDP trn thit b ca bn, th bn c th thi hnh mt trong nhng cu lnh sau: example: Switch_3560_VNE# clear cdp counters Switch_3560_VNE# clear cdp table Switch_3560_VNE# show cdp Switch_3560_VNE# show cdp entry Switch_3560_VNE# show cdp interface fa/23 Switch_3560_VNE# show cdp neighbors detail Switch_3560_VNE# show cdp traffic.

Layer 2 Forwarding (L2F).


Layer 2 Forwarding (L2F) l giao thc c pht trin bi Cisco System cng lc vi s pht trin PPTP ca Microsoft. y l mt giao thc cho php cc remote host c th truy xut n mng Intranet ca mt t chc thng qua c s h tng mng cng cng vi tnh bo mt v kh nng qun l cht ch. Cng nh vi PPTP, L2F cho php bo mt mng truy xut c nhn thng qua h tng mng cng cng bng vic xy dng mt tunnel thng qua mng cng cng gia client v host. Bi v l mt giao thc lp 2, L2F c th c dng cho cc giao thc khc ngoi IP nh IPX, NetBEUI.

Layer 2 Tunneling Protocol (L2TP)


L2TP l s kt hp ca PPTP v L2F. Giao thc ny so vi PPTP c nhiu c tnh v an ton hn. L2TP s dng UDP nh l mt phng thc ng gi cho c s duy tr tunnel cng nh d liu ngi dng. Trong khi PPTP dng MPPE (Microsoft Point-to-Point Encryption) cho vic m ha, L2TP li da vo mt gii php bo mt hn, l cc gi L2TP c bo v bi IPsecs ESP s dng transport mode. L2TP c th c t vo trong mt gi IPsec, y l vic kt hp cc u im bo mt ca IPsec v cc li ch ca s chng thc user, vic gn a ch tunnel v cu hnh, h tr a giao thc vi PPP. L2TP cung cp s linh hot, mm do, v gii php kinh t ca remote access cng nh d kt ni nhanh chng point-to-point ca PPTP.

Hu ht cc VPN u da vo k thut gi l Tunneling to ra mt mng ring trn nn Internet. V bn cht, y l qu trnh t ton b gi tin vo trong mt lp header (tiu ) cha thng tin nh tuyn c th truyn qua h thng mng trung gian theo nhng "ng ng" ring (tunnel). Khi gi tin c truyn n ch, chng c tch lp header v chuyn n cc my trm cui cng cn nhn d liu. thit lp kt ni Tunnel, my khch v my ch phi s dng chung mt giao thc (tunnel protocol). Giao thc ca gi tin bc ngoi c c mng v hai im u cui nhn bit. Hai im u cui ny c gi l giao din Tunnel (tunnel interface), ni gi tin i vo v i ra trong mng. K thut Tunneling yu cu 3 giao thc khc nhau: - Giao thc truyn ti (Carrier Protocol) l giao thc c s dng bi mng c thng tin ang i qua. - Giao thc m ha d liu (Encapsulating Protocol) l giao thc (nh GRE, IPSec, L2F, PPTP, L2TP) c bc quanh gi d liu gc. - Giao thc gi tin (Passenger Protocol) l giao thc ca d liu gc c truyn i (nh IPX, NetBeui, IP). Ngi dng c th t mt gi tin s dng giao thc khng c h tr trn Internet (nh NetBeui) bn trong mt gi IP v gi n an ton qua Internet. Hoc, h c th t mt gi tin dng a ch IP ring (khng nh tuyn) bn trong mt gi khc dng a ch IP chung (nh tuyn) m rng mt mng ring trn Internet. K thut Tunneling trong mng VPN im-ni im Trong VPN loi ny, giao thc m ha nh tuyn GRE (Generic Routing Encapsulation) cung cp c cu "ng gi" giao thc gi tin (Passenger Protocol) truyn i trn giao thc truyn ti (Carier Protocol). N bao gm thng tin v loi gi tin m bn nag m ha v thng tin v kt ni gia my ch vi my khch. Nhng IPSec trong c ch Tunnel, thay v dng GRE, i khi li ng vai tr l giao thc m ha. IPSec hot ng tt trn c hai loi mng VPN truy cp t xa v im- ni-im. Tt nhin, n phi c h tr c hai giao din Tunnel. Trong m hnh ny, gi tin c chuyn t mt my tnh vn phng chnh qua my ch truy cp, ti router (ti y giao thc m ha GRE din ra), qua Tunnel ti my tnh ca vn phng t xa. K thut Tunneling trong mng VPN truy cp t xa Vi loi VPN ny, Tunneling thng dng giao thc im-ni-im PPP (Point-to-Point Protocol). L mt phn ca TCP/IP, PPP ng vai tr truyn ti cho cc giao thc IP khc khi lin h trn mng gia my ch v my truy cp t xa. Ni tm li, k thut Tunneling cho mng VPN truy cp t xa ph thuc vo PPP. Cc giao thc di y c thit lp da trn cu trc c bn ca PPP v dng trong mng VPN truy cp t xa. L2F (Layer 2 Forwarding) c Cisco pht trin. L2 F dng bt k c ch thm nh quyn truy cp no c PPP h tr. PPTP (Point-to-Point Tunneling Protocol) c tp on PPTP Forum pht trin. Giao thc ny h tr m ha 40 bit v 128 bit, dng bt k c ch thm nh quyn truy cp no c PPP h tr. L2TP (Layer 2 Tunneling Protocol) l sn phm ca s hp tc gia cc thnh vin PPTP Forum, Cisco v IETF. Kt hp cc tnh nng ca c PPTP v L2F, L2TP cng h tr y IPSec. L2TP c th c s dng lm giao thc Tunneling cho mng VPN im-ni-im v VPN truy cp t xa. Trn thc t, L2TP c th to ra mt tunnel

gia my khch v router, NAS v router, router v router. So vi PPTP th L2TP c nhiu c tnh mnh v an ton hn.

Point to Point Protocol (PPP)


PPP c xy dng da trn nn tng giao thc iu khin truyn d liu lp cao (HighLevel Data link Control (HDLC)) n nh ra cc chun cho vic truyn d liu cc giao din DTE v DCE ca mng WAN nh V.35, T1, E1, HSSI, EIA-232-D, EIA-449. PPP c ra i nh mt s thay th giao thc Serial Line Internet Protocol (SLIP), mt dng n gin ca TCP/IP.
PPP cung cp c ch chuyn ti d liu ca nhiu giao thc trn mt ng truyn, c ch sa li nn header, nn d liu v multilink. PPP c hai thnh phn:

Link Control Protocol (LCP): thit lp, iu chnh cu hnh, v hy b mt lin kt. Hn th na LCP cn c c ch Link Quality Monitoring (LQM) c th c cu hnh kt hp vi mt trong hai c ch chng thc Password Authentication Protocol (PAP) hay Challenge Handshake Authentication Protocol (CHAP). Network Control Protocol (NCP): NCP lm nhim v thit lp, iu chnh cu hnh v hy b vic truyn d liu ca cc giao thc ca lp network nh: IP, IPX, AppleTalk and DECnet.

C LCP v NCP u hat ng lp 2. Hin c m rng ca PPP phc v cho vic truyn d liu s dng nhiu links mt lc, l Multilink PPP (MPPP) trong s dng Multilink Protocol (MLP) lin kt cc lp LCP v NCP.

nh dng khung d liu Chi tit v nh dng khung ca PPP nh sau:

C 5 pha trong qu trnh thit lp kt ni PPP:

Dead: kt ni cha hat ng Establish: khi to LCP v sau khi nhn c bn tin Configure ACK lin kt s chuyn sang pha sau: authentication Authenticate: c th la chn mt trong hai c ch PAP hay CHAP. Network: trong pha ny, c ch truyn d liu cho cc giao thc lp Network c h tr s c thit lp v vic truyn d liu s bt u. Terminate: Hy kt ni

C th s dng c ch Piggyback routing cache li cc thng tin nh tuyn v ch truyn khi kt ni thng sut. Trong gi LCP (c cha trong trng Information ca gi tin PPP), trng Code s nh ra cc gi tin Configure Request (1), Configure Ack (2), Configure Nak (3) ngha l khng chp nhn v Configure Reject (4). Mi giao thc lp 3 u c NCP code xc nh cho n, v gi tr m ny c t trong trng protocol ca gi tin NCP, mt s gi tr v d nh sau: Code..............................Protocol 8021..................................... IP 8029 ....................................AT

8025 ......................XNS, Vines 8027 ............................DECnet 8031 ..............................Bridge 8023 .................................OSI

Chng thc Password Authentication Protocol (PAP) Trong pha LCP, khi mt kt ni PPP c yu cu bi client v PAP c chn dng, access server s ra lnh cho client s dng PAP. Client sau s phi gi b username v password ca mnh, cc thng tin ny u c truyn di dng clear text m khng c m ha g c v c ng gi trong cc gi d liu ca PPP. Server sau s quyt nh chp nhn hay t chi vic thit lp kt ni.y l c ch PAP mt chiu gia mt client v mt server. Nu hai router ni chuyn vi nhau th Two-way PAP (PAP hai chiu) s c s dng trong mi router s gi username v password, nh vy mi router s chng thc ln nhau. Challenge Handshake Protocol (CHAP) CHAP c s dng ph bin hn PAP, do n c kh nng m ha mt khu cng nh d liu.

Hai u kt ni chia s b m mt secret CHAP ging nhau v mi u c gn mt local name ring.

Gi s mt user A quay s truy cp vo access server B. Access server s gi qua ng truyn mt gi tin khi to chng thc Type 1 gi l gi tin Challenge. Gi tin Challenge ny cha mt s c sinh ngu nhin, mt s ID sequence number xc nh challenge v tn chng thc ca challenager Bn gi s ly ra chui authentication name, v tm trong d liu ca mnh chui m mt CHAP ng vi user name nhn c. Caller s nhp m mt ca CHAP, s ID sequence number v mt gi tr s c sinh ngu nhin vo thut ton bm Message Digest 5 (MD5). Gi tr kt qu sau khi tnh ton hm bm c gi tr li cho Challenger (Access server) trong mt gi CHAP Response (Type 2) cha chui bm, tn chng thc ca caller v cui cng l ID (Sequence Number) c ly t gi Challenge. Khi nhn c gi Response Type 2, Challenger s s dng ID tm gi Challenge nguyn thy. username ca caller (A) c s dng tm kim m mt CHAP t mt local database, hay mt RADIUS server hoc mt TACACS+ server. ID, gi tr Challande gc c sinh ngn nhin v gi tr CHAP ngu nhin ban u v m mt ca c a vo x l bi hm bm MD5. Chui bm kt qu sau khi tnh ton sau c so snh vi gi tr nhn c trong gi Response. Nu 2 chui l ging nhau th qu trnh chng thc CHAP thnh cng v cc gi Type 3 c gi n caller cha ID. iu ny c ngha l kt ni c chng thc hp l. Nu chng thc CHAP tht bi, mt gi tin Type 4 s c gi n caller trong cha original ID, xc nhn qu trnh chng thc l khng thnh cng.

Vic bm (Hashing) hon ton khc vi vic m ha thng tin bi v thng tin s khng th c khi phc li sau khi thc hin hm bm. Trong cc router ca Nortel Networks Code C223 xc nh hat ng ca CHAP.

PPP Callback

Callback l mt tnh nng ca PPP rt c ch trong vic gim thiu chi ph truyn d liu ng thi cung cp c ch bo mt thng tin. Qu trnh Callback din ra nh sau. 1. 2. 3. 4. 5. 6. 7. Client khi to cuc gi. ng thi client request dch v callback cng vi cc la chn thng s khc ca kt ni trong pha LCP negotiation Callback request c acknowledgement bi server v server sau s kim tra thng s cu hnh ca n xem vic kch hot dch v ny l c c php hay khng. Vic chng thc ngi dng din ra v client username c s dng trong dialer map xc nh dial string s dng trong cuc gi ngc li. Nu chng thc thnh cng nhng la chn dch v callback l khng c php th cuc gi vn tip tc v client s l ngi tr tin cho cuc gi, nu chng thc khng thnh cng server s hy cuc gi. Client c gi bi server bng chui dial string c cu hnh cho cuc gi o chiu. Thc hin chng thc ln na. Kt ni tip tc.

Trong trng hp l tng, m bo c ch bo mt ti a, tin trnh callback nn c thc hin trn mt modem ring pha server c lp vi kt ni modem nhn d liu n. ISDN s dng knh D c lp cho vic thc hin callback. Vic ny khng nhng cho php bo mt tt hn m cn tit kim c chi ph v trong cuc gi dial up, do d liu chng thc v LCP negotiation c truyn chung trn ng truyn d liu nn ngi dng s phi chu c phn chi ph gi i cc thng tin overhead .

Link Quality Monitoring (LQM)


Tnh nng ny ch c thc hin trn cc lin kt synchronous chun. Cht lng ng truyn c gim st da trn phn trm thng tin c truyn v nhn thnh cng trong mt khong thi gian nht nh. Cc Link Quality Reports (LQR) cha cc b m cho php xc nh cht lng d liu inbound v outbound. Echo Requests cng c gi nh k, nu , sau mt s echo requests nht nh, khng nhn c echo replies, phin truyn ca cc NCP s b hy.

Compression
Vic nn d liu c th l nn mm s dng mt s tin ch nh Wellfleet Compression Protocol (WCP) (giao thc ny c s dng trong cc router ca Nortel) v cho hiu qu tt nht trn nhng ng truyn tc chm (128Kb/s or less). Thut ton Lempel-Ziv (LZS) cung cp c ch nn v gii nn nhanh d liu. Thut ton ny c s dng trong c ch nn STAC trong PPP, ISDN v Frame Relay. Cc c ch nn trn ch c p dng cho d liu ca cc giao thc lp 3 (IPCP v IPXCP), m khng nh hng n traffic ca cc giao thc LCP v NCP lp 2. C ch nn theo giao thc WCP ch chy gia 2 router ca Nortel v WCP gn mt gi tr protocol vo trng protocol a protocol value in the protocol field that is proprietory to Nortel Networks. B m d liu history hot ng c 2 u, cc chui data truyn v nhn s c lu . Khi thc hin mt lt truyn mi, cc chui mi s c so snh vi cc chui truyn lu trong b m, nu trng khp ton b hoc mt phn th d liu s khng c gi i ton b m ch phn sai khc c gi i. Bn nhn cng thc hin vic so khp tng t vi b m history ca mnh ly ra c d liu phin trc ghp vi d liu mi to thnh thng tin hon chnh. Nortel cung cp hai ch nn:

Continuous Packet Compression: The history buffer spans multiple packets, which means more memory is used up, but produces greater compression ratio.

Packet-by-Packet Compression: The history buffer is reset with each packet, which means less memory is used but the compression ratio is not as great. Stacker - which examines the data and only sends each data type once and sends information indicating to the other end where each type occurs within the data stream. The other end reassembles the data into the various data types from the data stream. Stacker tends to be more CPU intensive and less memory intensive. Predictor phn tch d liu kim tra xem n c nn cha v ch truyn i cc thng tin c nn, nh vy s khng mt thi gian nn li cc d liu c nn Predictor tn nhiu memory hn v tn t CPU hn.

Cisco, cng c hai ch nn ring:

Vic nn li d liu c nn thng thm vo frame cc overhead do trn thc t, d liu v bn cht li n ra mt cht (mc d y thc hin vic nn). Hn na,vic thc hin nn mt cch khng hp l s chim CPU mt cch khng cn thit.

Multilink PPP Interleaving


C mt s la chn cho LCP, mt trong s l multilink vi interleaving. multilink PPP hot ng, PPP packets c chia ct v nh s sequence numbers cc packets ln c th chia c trn mt s ng PPP links. Cc s liu ca c ch ny c chun ha v a vo phc v cho vic truyn cc lung data thi gian thc nh voice ngay c khi PPP c s dng truyn d liu trn 1 link. Mt frame c chia thnh nhiu mnh nh c cc trng header thu gn v sequence number cho ring n. Cc gi d liu Real time nh th khng c chia na v c nguyn dng PPP. Bn nhn s phi thit lp mt hng i ln lu, x l v sp xp cc mnh nh ti to li cc frame d liu ln. Mt hng i ring s c thit lp dnh ring cho vic x l cc traffic d liu real time. Hng i ny s cn c x l vi tc nhanh hn cc hng i thng thng khc.

Multilink PPP (MPPP or MP)


MPPP cung cp c ch phn ti trn mt s giao din thuc cc loi khc nhau nh synchronous, asychronous v ISDN. Multilink PPP s dng Bandwidth Allocation Protocol (BAP & BACP) thay i ng s knh mang d liu (ca cc loi ng truyn khc nhau) ty thuc vo yu cu truyn. Cc knh ring bit ny c coi nh mt knh logic duy nht hay mt b v cc PDU ca lp trn s c ct v ghp truyn trn ng logic ny. Khung PPP c 4 byte header sequence cho PPP multilink c dng khi cho vic chia v nh th t cho cc datagrams khi truyn trn nhiu link. Trong qu trnh LCP negotiation mt peer mun thit lp multilink, s gi i mt Maximum Received Reconstructed Unit (MRRU) khi thc hin LCP negotiation, nh ra kch thc ca pipe hay bundle multilink. Username s c dng xc nh bundle no thm cc link vo. Multichassis Multilink PPP l mt m rng ca Multilink PPP trong nhiu bearer channels c th n t nhiu thit b ring bit m khng cn thit phi l giao din trn mt thit b nh multilink n gin.

Point-to-Point Tunneling Protocol

Tng t giao thc L2F, PPTP (Point-to-Point Tunneling Protocol - giao thc to ng hm im ni im) ban u c pht trin v c thit k gii quyt vn to v duy tr cc ng hm VPN trn cc mng public da vo TCP/IP bng cch s dng PPP. PPP l kt qu ca s n lc chung ca Microsoft v mt lot cc nh cung cp sn phm bao gm chng hn Ascend Communications, 3Com/Primary Access, ECI Telematics, v U.S. Robotics.

Ban u nhng cng ty ny thnh lp PPP Forum vi thng s k thut PPTP c lm cho c sn cng cng v c gi n IETF Point-to-Point Extensions (PPPEXT) WG xem xt nh l mt tiu chun Internet vo nm 1996. Mt s trin khai in hnh PPTP bt u vi mt h thng t xa hoc dial-up client, chng hn nh mt my tnh laptop phi c lin thng vi mt LNS c t trn mt intranet cng ty bng cch s dng mt LAC. Do , PPTP c th c s dng bao bc cc khung PPP trong cc gi IP truyn trn Internet hoc bt k mng khc TCP/IP c th truy cp cng cng. C th hn, h thng t xa c th kt ni vi LNS theo hai cch: 1. Nu h thng t xa h tr PPTP, n c th s dng trc tip n kt ni LNS. 2. Tuy nhin, nu h thng t xa khng h tr PPTP, n c th s dng PPP ni kt vi LAC ca mt nh cung cp dch v Internet v sau LAC c th s dng PPTP kt ni vi LNS. Trong trng hp th nht, tnh hung tng i n gin. Trc tin h thng t xa thit lp mt kt ni PPP vi LAC ca nh cung cp dch v Internet v sau s dng PPTP gi cc khung PPP c ng gi n LNS. Cc gi IP vn bao bc cc khung PPP c chuyn tip bi LAC. Tuy nhin, trong trng hp th hai, LAC phi s dng PPTP bao bc cc khung PPP trong cc gi IP thay mt cho h thng t xa. Kt qu, LAC phi ng mt vai tr ca mt i tng trung gian hoc proxy server theo cch ny hoc cch khc. Thc t, c hai kt ni. Kt ni th nht s dng PPTP lin thng h thng t xa v LAC trong khi kt ni th hai s dng PPP lin thng LAC v LNS. Cc khung PPP c nhn bi LAC c bao bc trong cc gi IP bng cch s dng PPTP. mt trong hai trng hp, PPTP s dng mt s ng gi tinh vi to ng hm cc khung PPP qua Internet (hoc bt k mng khc da vo TCP/IP vn lin thng LAC v LNS). Thc t, cc n v d liu giao thc lp mng hoc lp Internet (v d nh cc gi IP, cc gi IPX, hoc thng bo NetBEUI) c to khung u tin bng cch s dng PPP. Sau cc khung PPP va to ra c bao bc bng cch s dng mt tiu GRE (Generic Routing Encapsulation) cng nh mt tiu IP c s dng nh tuyn khung qua Internet. Sau cng, cc gi IP c to khung vi vn mt tiu khc dnh ring cho phng tin trc khi chng c th c chuyn tip n giao din c kt ni vi Internet. Ngoi knh d liu vn s dng s bao bc IP chuyn d liu, PPP s dng mt ni kt TCP truyn tn hiu. Cc thng bo tng ng vn c gi hoc c nhn trn kt ni ny c s dng truy vn trng thi v truyn thng tin tn hiu gia LAC (l client PPTP) v LNS (l server PPTP). Knh iu khin lun c khi to bi client PPTP n server PPTP bng cch s dng s cng TCP 1723. Trong hu ht cc trng hp, n l mt knh hai chiu trong client c th gi cc thng bo n server v ngc li. Ch khi nim v mt knh truyn tn hiu ngoi di l mt iu rt ring bit cho PPTP. Hu ht cc giao thc bo mt khc (v d nh: IPSec) s dng s to tn hiu trong di, ngha l thng tin truyn tn c vn chuyn cng vi cc n v d liu c bo v. Thng s k thut PPTP khng bt buc s dng cc thut ton c th xc thc v m ha. Thay vo , n cung cp mt framework thng lng cc thut ton c th. S thng lng ny khng dnh ring cho PPTP, v ph thuc vo cc thng lng ty chn PPP hin c c cha trong giao thc nn PPP (CCP), CHAP (Challenge handshake authentication protocol) v mt s phn m rng v ci tin PPP khc. Cng bn ngoi th gii ca PPTP, cc session PPP c th thng lng cc thut toan nn cng nh cc thut ton xc thc v m ha. Bt k vic thng s s dng PPTP c gi n IETF PPEXT WG xem xt nh l mt tiu chun Internet, n

lc tiu chun ha ca n b hy b. Vic thc thi ca Microsoft i vi PPTP (ngha l MS-PPTP) c s dng rt nhiu trong cc mi trng Windows NT. Tuy nhin, bn ngoi nhng mi trng ny MS-PPTP hoc mt phn thc thi khc ca PPTP khng c trin khai rng ri. Bng cch s dng MS-PPTP, client v server thng xc thc nhau bng cch s dng MS-CHAP, y l phin bn ca Microsoft ca CHAP, v m ha d liu bng cch s dng giao thc MPPE Microsoft Point-to-Point Encryption.

You might also like