Computer networks

RST Cloud L2 VPN cloud with additional MSSP services

Greetings!
I decided to describe my project, which is under development. The impetus for this was the situation that has developed on the market, in which the L2 VPN organization mainly uses MPLS technology, less often VPLS.
Technically, MPLS allows you to build point-to-point links, while VPLS actually creates a single virtual switch distributed over different cities. At the same time, MPLS / VPLS do not imply encryption, which requires the use of additional tunneling through the usual IPSec, which is not always possible and justified. In fact, such double encapsulation leads to inefficient use of the already not very wide channels in Russia, an increase in delays and a decrease in data transfer speed. In addition, MPLS services cost some money and not all providers provide them, since the availability of the service depends on their technical equipment. For example, let's take Rostelecom: the cost of accessing "Unlim Corporation 512" (512 Kbps) to the Internet for business is 2500 rubles. per month, and MPLS-connection of one point at the tariff "Business VPN-MPLS Interregional" (512 Kbps) - already 18,920 rubles. per month. Already in 2011, the MPLS market was 11 billion rubles. In fact, the question arises of creating an alternative method that will receive the technological advantages of MPLS VPN, the security and ability to compress IPSec traffic, and the cost comparable to providing regular Internet access for legal entities.

Now imagine that you have the opportunity to combine several offices into a single network without much hassle, as if they were working in the same building. Or, for example, connect computers located in different parts of the world with one virtual switch, as if they were in the same room.

All this is possible thanks to RST Cloud with L2 VPN technology provided as a cloud service:

• connection flexibility;
• convenience;
• performance;
• security;
• ease of installation and maintenance;
• convenience of payment.

The cloud services being developed are being implemented as an information security project aimed at increasing the efficiency of building and maintaining a branch network, reducing companies' costs for maintaining a VPN infrastructure and obtaining new technological capabilities that were previously available only with the purchase of top-end expensive network devices. The objective of the project is to develop software for building a VPN cloud that provides connectivity to everyone at the L2 level with the provision of additional security services.

For the user, the cloud is absolutely transparent and looks the same as a regular local network. In fact, for users, the interaction will be direct with no visible transit devices. At the same time, all interactions between different sites are controlled by the cloud! In addition, the default solution provides traffic compression in the VPN tunnel, which for some types of traffic gives an increase in channel bandwidth by 6-8 times!

And what does it look like from the point of view of a network administrator? But like this!



All network nodes are located in the same subnet of the main site. At the same time, if desired, the administrator can group branches in the cloud web interface in order to connect them to different VLANs of the head office.

Key features of the solution:
– flexibility of connecting to the cloud:

• branded hardware VPN gateways designed for different connection speeds to the cloud;
• virtual appliance for leading virtualization platforms: VMware ESXi, Citrix XenServer and Microsoft Hyper-V;
• VPN agent for connecting to a cloud of workplaces running Windows, Linux and MacOS;
• support for working behind NAT and even through Proxy;
• the ability to work for all members of the VPN network without “white” addresses, since the cloud has a public address!

- convenience:

• no need to configure every router in the branch;
• there is no need to think about routing - all nodes are in the same broadcast domain, which is already terminated at the head office on a regular L3 device;
• almost all higher-level protocols are supported, including those that require broadcast communications between clients;
• agent for remote access: work like from the office.

– performance:

• each router is designed for a certain guaranteed exchange rate with the cloud;
• the cloud provides any resources necessary for traffic processing as part of the services provided;
• data is compressed during transmission over L2 VPN (an increase in channel bandwidth up to 6-8 times).

- security:

• protection of traffic during simultaneous transmission over the L2 channel;
• separate processing of traffic from different companies by dedicated virtual machines;
• firewall service between branches and remote users;
• service of anti-virus scanning of traffic, including web and mail;
• intrusion detection and prevention service;
• secure Internet access service, including web filtering;
• spam mail filtering service.

– ease of installation and maintenance:

• automatic configuration of the VPN device after initialization;
• automatic updating of software and configuration files;
• unified service management using a web interface;
• up-to-date and comprehensive information about the status of the services provided.

– ease of payment:

• personal account provides various payment methods;
• connection using a virtual appliance and agent software is available immediately after payment;
• all solutions are provided to the user by subscription;
• the cost of the subscription is cheaper than the monthly fee for MPLS connection.