17 Mark Kadrich ( R A D I U S ) S L I P C S L I P P P P I P I n t e r n e t I n t e r n e t 110 ( / ) 24 7 70 80 56 K ( P S T N ) 17.1 / ( m o - d e m ) P S T N ( 17-1 ) P S T N 17-1 PSTN
176 17.1.1 ISDN ( I S D N ) N T- 1 ( ) I S D N I S D N B (Basic Rate Interface B R I ) D ISDN BRI B R I B 64 K 16 K ( T D M ) 144 K b p s ( 17-2 ) I S D N 6 4 K 1 2 8 K ISDN BRI I S D N I S D N T- 1 I S D N P S T N P S T N 17-2 ISDN BRI I n t e r n e t I n t e r n e t I S D N I S D N 17.1.2 ( 17-3 ) 1 M b p s C AT V 17-3 (Network Address Tr a n s l a t i o n N AT ) RFC 1918 I n t e r n e t ( ) @ H o m e 17.1.3 (DSL) (Digital Subscriber Loop D S L ) D S L
1 7 177 D S L 56 K 50 3 100 17-1 D S L 17-1 D S L 1 4 4 $ 1 2 4. 0 0 $ 9 0. 0 0 1 6 0 $ 1 4 9. 0 0 $ 8 0. 0 0 1 9 2 $ 1 6 9. 0 0 $ 9 0. 0 0 3 8 4 $ 1 9 9. 0 0 $ 1 3 0. 0 0 7 6 8 $ 3 5 9. 0 0 $ 1 8 0. 0 0 1. 1 $ 3 9 9. 0 0 $ 2 0 0. 0 0 1. 5 $ 3 5 9. 0 0 $ 2 9 0. 0 0 D S L D S L ( A D S L ) A D S L We b 10 : 1 D S L I n t e r n e t P S T N 10 ( C O ) 10 % ( C O ) D S L D S I S D N DSL DSL D S L D S L D S I n t e r n e t 17.1.4 R i c o c h e t M e t r i c o m (light pole) R i c o c h e t I n t e r n e t 17.2 (RADIUS) (Remote Authentication Dial-In User Service R A D I U S ) R F C 2138 R A D I U S / L i v i n g s t o n 1992 R A D I U S
178 R A D I U S R A D I U S ( 17-4 ) R A D I U S I n t e r n e t R A D I U S 17-4 RADIUS R A D I U S N I S + 17.2.1 RADIUS R A D I U S R A S (Password Authentication Protocol PA P ) R F C PA P R A D I U S I n t e r n e t 1334 PA P ( C h a l l e n g e Handshake Authentication Protocol C H A P ) RFC 1994 1. (PAP) PA P I D I D R A D I U S 17-5? I D PA P R A D I U S 17-5 PAP
1 7 179 PA P C H A PA 2. ( C H A P ) C H A P C H A C h a l l e n g e c h a l l e n g e h a s h M D 5 C H A P PA P C H A ( R e p l a y ) C h a l l e n g e c h a l l e n g e M D 5 ( s e c r e t ) h a s h ( CHAP RFC P P P PA P 17.2.2 I D U I D R A D I U S 9 5 R A D I U S 17.3 SLIP CSLIP PPP IP 17.3.1 (SLIP) 17-6 ) C h a l l e n g e h a s h 17-6 hashing C H A P S L I P RFC 1055 S L I P S L I P S L I I P
180 80 17-7 S u n ( ) S L I P S L I P S L I P T C P / I P T 1 17-7 SLIP S L I P S L I P R F C 5 S L I P S L I S L I P S L I P S L I S L I P I D H C P S L I S L I P 1006 M TA R F C S L I P 19. 2 K b p s P P P P P P 17.3.2 SLIP(CSLIP) C S L I P Va n J a c o b s e n T C P T C 40 7 Te l n e t T C P T C U D P S N M P 17.3.3 (PPP) S L I P P P RFC 1134 1 989 Drew Perkins P P P I n t e r n e t P P P I U D P / I P I P X / S P X A p p l e t a l k P P P 1. PPP P P P P P P P P P
1 7 181 (1) P P P P P P P P P (2) P P P S L I P slash cutover slash V P 6 (3) P P P ( o u t b o u n d ) ( i n b o u n d P P P NT RAS S u n Solaris PPP PPP 2.3 P P P ECP(RFC 1962 RFC 1968) P P P D E S P P P S L I P P P P 17-8 P P P P P P I P P P P 1 7-9 I P X I P I P P P P
182 T C P / I P I P X I P P P P P P P 17-8 PPP TCP/IP 17-9 IP PPP P P P P P ( M R U ) (Async Control Character Map A C C M ) ( E A P ) FCS 2. ( M R U ) M R U 1500 1500 P P P M R U P P P M R U 1. 44 M b p s T 1 T C P / I P 3. ( A C C M ) A C C M RFC 1662 ( e s c a p e ) 18 I F 3 2 A S C I I C O N T R O L - S C O N T R O L - A ( X O N X O F F ) 4. RFC 1161 ( C o n f i g u r e - N a k ) 17-10
1 7 183-17-10 R F C 1334 PA P RFC 1994 MD5 CHAP MSCHAP E A P S PA P ( C o n f i g u r e - A c k ) C H A P PA P (1) ( E A P ) ( E A P RFC 2284 RFGC 2484) 1 999 ( L C P ) P P P E A P E A ( b a c k - e n d ) P P P R A D I U S (2) Shiva PA P Shiva PA P Shiva PA P Shiva PA P (3) MS CHAP MS CHAP C H A P h a s h i n g MS CHAP M D 5 D E S M D 4 L A N ( D E S ) N T ( M D 4 ) D E S C H A P C H A P M D 5 5. P P P ( Q o S ) Q o S 6. Q o S ( l o o p b a c k ) 7. 16 8 0 8. H D L C 0 x ff 0 x 33
184 o ff ( ) 9. FCS F C S P P P 32 ( C R C ) 16 C R C P P P RFC 1570 RFC 1663 RFC 1976 R F C 1 9 9 0 Nominal M R R U DCE + (Multi-Link-Plus Procedure) LCP 17.4 17-11 D L L I P X U D P I P D L L I P X I P ( I P X ) 17-11 IPX IP I P X I P A p p l e t a l k ( n a t i v e ) Novell Netware I P I P X M S I P X
1 7 185 Vector Networks (www. v e c t o r- n e t w o r k s. c o m ) Traveling Software (www.traveling software.com) P P T P L 2 T P 17.4.1 (PPTP) P P T P A s c e n d E C I 3 c o m US Robotics P P T P P P T P I n t e r n e t I S P I n t e r n e t I n t e r n e t I S P I n t e r n e t ( M A N ) I n t e r n e t 17-12 I S P I n t e r n e t I S P I n t e r n e t I n t e r n e t 17-12 ISP
186 1. PPP P P T P / P P P I P P T P P P T P P P P P P T P I S P ( 17-13 ) ( V P N ) P P T P P P P I n t e r n e t P P P R A S 17-13 PPTP I S P P P T T C P 1723 ( G R E ) G R E T C P U D P I S P P T P (Point of Presence P O P ) I S P I P P P T P P P P P T P P P T P 98 N T L C P P P T P P P P T P P P P I P 2. P P T P T C P 1 7 2 3 P P T P P P T P 1) 2) I P G R E I S P G R E 3. P P T P N e t B E U I I P X A p p l e Ta l k P P T P P P 4. P P T P P P T P P P P P P P P P / P P T P RSA RC4 P P T P C H A P PA P E A P P P P M S - C H A P
1 7 187 5. PPTP P P T P I S P G R E G R E P P T P P P T I S P ( R A S ) (voluntary tunnel) (compulsory tunnel) (1) P P T P P P T P 9 X N T I S P I P ( 17-14 ) P P T P I n t e r n e t RAS PPTP P P T P 17-14 Internet PPTP I S P R A S P P T P P P I S P R A S ( 17-15 ) P P T P P P T P I n t e r n e t P P P P P P I n t e r n e t R A S (2) 17-15 R A S P P T P R A S I n t e r n e t
188 I n t e r n e t ( 17-15 ) R A S R A D I U R A D I U S R A S P P P P P T P R A S I n t e r n e t 17.4.2 (L2TP) L 2 T P P P T P P P T P C i s c o ( L 2 F ) L 2 T P P P T P L 2 F G R E L 2 T P AT M X. 25 L 2 F U D P L 2 F P P T P 1. L2F P P T P L 2 F P P P ( ) P P T P L 2 F ( TA C A C S ) TA C A C S TA C A C S C i s c o TA C A C S L 2 F L 2 F L 2 F P P P L 2 F L 2 T P L 2 F L 2 T P P P P L 2 F L 2 T P AT M 2. P P T P L 2 T P P P P PA P C H A P E A P R A D I U S L 2 T P P P T P L 2 T TA C A C S TA C A C S + I P S e c 3. IPSec I P S e c I P S e c I P S e c P P P 17-16 L 2 T P ( P K I ) L 2 T P L D A P P K I I P S e c P K I P K I P P T P L 2 T P P P P L 2 T P P P P P P L 2 T L 2 T P
1 7 189 R A D I U S I n t e r n e t L D A P P P T P 17-16 L2TP PKI P P T P L 2 T P P P T P U D P L 2 T P P P P I P L 2 T P I U D P 17-17 17-17 P P P L 2 T P 2 X.. 25 AT M P P P L 2 T P L 2 T P ( L A C ) L 2 T P ( L N S ) L A C L N S L A C L N S ( 17-18 ) R A D I U S I n t e r n e t P P P L A C I n t e r n e t L N S P P P 17-18 LAS LNS
190 L 2 T P P P T P P T P L 2 T P L 2 T P L 2 T P I S P ( 17-19 ) L 2 T P I n t e r n e t L2TP LNS P P T P 17-19 L2TP I S P L A C L 2 T P P P P I S P L A C ( 17-20 ) L 2 T P P P P L A C I n t e r n e t L N S P P P 17-20 ISP LAC L A C L A C ( R A D I U S TA C A C S ) I S P
1 7 191 I n t e r n e t ( 17-21 ) L 2 T P L A C I n t e r n e t L N S P P P P P P I n t e r n e t 17-21 Internet L2TP L 2 T P L A S P P P I n t e r n e t P P T P L 2 T P I S P P P T P I S P I S I D ISP LAC I D L N S ( 17-22 ) I S P I S P L N S L N S P P P L N S ISP ACK L N S 17-22 L2TP P P P I P S e c P P P P P P
192 L 2 T P P P P L 2 T P I P S e c 17.4.3 IPSec T C P / I P I E T F I P S e c ( V P N ) L 2 T P I P S e c I P S e I P S e c I P v 6 1995 RFC 1825-1829 I P R F C Internet IPv4 ( A H ) ( E S P ) 17-23 ESP IPv4 I P E S P T C P P a y l o a d E S P E S P ESP IPv6 I P E S P T C P P a y l o a d E S P E S P IPv4 AH I P A H T C P P a y l o a d IPv6 AH I P A H T C P P a y l o ad 1. 17-23 IPSec I P S e c
1 7 193 I P S e c D-H D i ff i e - H e l l m a n n D - H DES MD5 S H A H M A C ( H a s h ) h a s h I P S e c 17-24 A H E S P D O I 2. 17-24 IPSec ( S A ) I P S e c I P S e c ( D D I ) S A S A A H E S P ESP SA SA 3.
194 A H h a s h I P ( 17-23 ) 4. ESP A H A E S P E S P I P ( S P I ) ( 17-25 ) ESP IPv4 E S P I P I P T C P E S P E S P P a y l o a d ESP IPv6 E S P I P I P T C P E S P P a y l o a d E S P 5. 17-25 IPSec I P S e c P P T P L 2 T P I P S e c 17.5 S L I P P P P P P T P L 2 T P P P P S L I P P S L I P S L I P S L I P P P P P P P P P T P I S P I n t e r n e t P P T P PA P C H A P R A D I U S P P T P P P P L 2 T I n t e r n e t I P S e c L 2 T P L 2 T P I P v 6