| Author |
Message |
Robert
Guest
|
 Posted:
Tue Dec 13, 2005 5:20 pm Post subject:
VLAN |
|
|
I would like to ask if somebody has a good VLAN theme to write about. It has
to be about VLANs, for example, connecting two VLANs through public network,
use of IPsec or something like that...
It is important that it is a pretty wide theme so that it is possible to
write about 50-80 pages of text about that...
Thank you! |
|
| Back to top |
|
 |
Walter Roberson
Guest
|
| Posted:
Tue Dec 13, 2005 5:20 pm Post subject:
Re: VLAN |
|
|
In article <dnmp1e$f5l$1@sunce.iskon.hr>, Robert <robert_abc@net.hr> wrote:
| Quote: | I would like to ask if somebody has a good VLAN theme to write about. It has
to be about VLANs, for example, connecting two VLANs through public network,
use of IPsec or something like that...
It is important that it is a pretty wide theme so that it is possible to
write about 50-80 pages of text about that...
|
50-80 pages sounds very long for a broad topic.
I did some checking around, and the references I find indicate that
50 pages is towards the upper end of a "short" Master's thesis
and 80 pages is in the lower end of a "long" Master's thesis.
A "long" Master's thesis is, in this matter, intended only for
students who will be going on to further postgrad work, and counts as
equivilent to 1/4 of the course-work that the "short" thesis students
would undertake.
http://www.ceu.hu/legal/Information_Booklet.htm
It seems to me that if one is expecting a paper equivilent to the
upper-end of a Master's thesis, that one probably does not want
a broad theme: one probably wants a more narrow theme with sufficient
technical sophistication as to require a noticable amount of research
and explication.
50-80 pages is, roughly speaking, 20000 to 30000 words. It is
difficult for me to think of anything "broad" to say about VLANs
that didn't come down to one of:
- a description of how to configure VLANs, and any special nuances,
for the half-dozen most common model lines (e.g., Cisco, Nortel, Juniper...)
- a solid overview of VLANs and MLPS such as might be written for
an O'Reilly "Topics in Routing" book
- techno-archiology studying the history of VLANs, the competing proposals,
the advantages each would have had, and the politics and financial
manipulations that resulted in what is now 802.1Q being chosen
--
"It is important to remember that when it comes to law, computers
never make copies, only human beings make copies. Computers are given
commands, not permission. Only people can be given permission."
-- Brad Templeton |
|
| Back to top |
|
|
Walter Roberson
Guest
|
| Posted:
Wed Dec 14, 2005 3:36 pm Post subject:
Re: VLAN |
|
|
In article <dnp5dj$e82$1@sunce.iskon.hr>, Robert <robert_abc@net.hr> wrote:
| Quote: | Walter Roberson wrote:
In article <dnmp1e$f5l$1@sunce.iskon.hr>, Robert <robert_abc@net.hr
wrote:
It seems to me that if one is expecting a paper equivilent to the
upper-end of a Master's thesis, that one probably does not want
a broad theme: one probably wants a more narrow theme with sufficient
technical sophistication as to require a noticable amount of research
and explication.
Ok, i could agree with you... Can you give me some advice of a narrow theme
to write about?
|
Could you clarify the context, please?
Are you an instructor / advisor looking for topics to suggest to
Masters level students for their thesis? To suggest for upper-year
undergraduates for essay courses? To suggest for upper-year undergraduates
for "project" courses?
Are you a student who has been assigned the broad topic of VLANs and
is looking for inspiration of what, more specifically, to work on? If
so, at what level and with what kind of target (essay, project, thesis)?
Are you an author or potential author looking for a framework for
a potential journal article or book chapter?
--
"It is important to remember that when it comes to law, computers
never make copies, only human beings make copies. Computers are given
commands, not permission. Only people can be given permission."
-- Brad Templeton |
|
| Back to top |
|
|
Robert
Guest
|
| Posted:
Wed Dec 14, 2005 5:20 pm Post subject:
Re: VLAN |
|
|
Walter Roberson wrote:
| Quote: | In article <dnmp1e$f5l$1@sunce.iskon.hr>, Robert <robert_abc@net.hr
wrote:
It seems to me that if one is expecting a paper equivilent to the
upper-end of a Master's thesis, that one probably does not want
a broad theme: one probably wants a more narrow theme with sufficient
technical sophistication as to require a noticable amount of research
and explication.
|
Ok, i could agree with you... Can you give me some advice of a narrow theme
to write about?
Thanks! |
|
| Back to top |
|
|
Walter Roberson
Guest
|
| Posted:
Wed Dec 14, 2005 9:07 pm Post subject:
Re: VLAN |
|
|
In article <dnpq7r$nv3$1@sunce.iskon.hr>, Robert <robert_abc@net.hr> wrote:
| Quote: | I am student at last year at the university of electrotechnics. I have to
write about 50-80 pages and make an application or something like that to
show my own research at that project, if you understand what I mean. So, as
I sad, it is important to be about VLANs. I thought it would be good to work
on implementation of VLANs through public networks, using of IPsec, etc. But
I need some inspiration to make a clear theme and to concentrate on it.
|
Okay, thanks for the clarification, I believe I understand now.
I suspect you would find it difficult to write that many pages about
VLANs through public networks. VLANs through public networks differs
from Layer 2 Tunnelling only in the slightly larger frame size.
Any of the respectable Layer 2 tunneling protocols already have
to deal with encapsulation overheads, and PPPoE and the possibility
that one of the ISPs along the line is doing some other kind of
encapsulation... so I would suspect that any ipsec etc. done by
anything other than the cheapest consumer devices, will already be
able to cope with the larger frame.
Standard Layer 2 tunneling methods include GRE (IP Protocol 47),
MPLS (not a seperate protocol), L2TP (UDP 1701), and L2TP/IPSec
(L2TP structure embedded in IPSec ESP, so needs UDP 500 and IP Protocol 50)
Most consumer devices do not directly support GRE, but many do support
PPTP, which uses a simple GRE encapsulation around a PPP packet.
I haven't seen any low-end devices that supported MPLS.
L2TP is not uncommon in Microsoft Windows.
L2TP/IPSec requires (if I recall correctly) a specific client
before XP (or was it XP SP1) ?
Beyond that... VLANs over public networks involve encryption,
authentication, and the ability to join physically seperated
broadcast domains... all of which are handled well by existing
protocols. So all you do is take your packet with the VLAN tag and
pass it as a whole over any layer 2 tunneling service, and you
have VLANs over public networks.
Nothing about this gets interesting until you want to start building
VPN endpoint firewalls with multiple interfaces, with the interfaces
distinguished by VLAN instead of by IP address and with the possibility
of having the same IP range in different VLANs, to be treated differently.
For example if 192.168.1.15 in vlan 13 is to be permitted access to
different resources than 192.168.1.15 in vlan 42. The Cisco "virtual
context" might perhaps be designed to address these issues; I haven't
looked at what virtual contexts can do for you.
A couple of resources:
http://www.microsoft.com/technet/community/columns/profwin/pw0201.mspx
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t1/l2tpt.htm
http://www.cisco.com/warp/public/105/mpls_faq_4649.shtml
and the Cisco PIX 7.0 and ASA 5x00 and FWSM documentation for security
context info.
--
All is vanity. -- Ecclesiastes |
|
| Back to top |
|
|
Robert
Guest
|
| Posted:
Thu Dec 15, 2005 1:02 am Post subject:
Re: VLAN |
|
|
Walter Roberson wrote:
| Quote: | In article <dnp5dj$e82$1@sunce.iskon.hr>, Robert <robert_abc@net.hr
wrote:
Walter Roberson wrote:
In article <dnmp1e$f5l$1@sunce.iskon.hr>, Robert <robert_abc@net.hr
wrote:
It seems to me that if one is expecting a paper equivilent to the
upper-end of a Master's thesis, that one probably does not want
a broad theme: one probably wants a more narrow theme with
sufficient technical sophistication as to require a noticable
amount of research and explication.
Ok, i could agree with you... Can you give me some advice of a
narrow theme to write about?
Could you clarify the context, please?
Are you an instructor / advisor looking for topics to suggest to
Masters level students for their thesis? To suggest for upper-year
undergraduates for essay courses? To suggest for upper-year
undergraduates for "project" courses?
Are you a student who has been assigned the broad topic of VLANs and
is looking for inspiration of what, more specifically, to work on? If
so, at what level and with what kind of target (essay, project,
thesis)?
Are you an author or potential author looking for a framework for
a potential journal article or book chapter?
|
I am student at last year at the university of electrotechnics. I have to
write about 50-80 pages and make an application or something like that to
show my own research at that project, if you understand what I mean. So, as
I sad, it is important to be about VLANs. I thought it would be good to work
on implementation of VLANs through public networks, using of IPsec, etc. But
I need some inspiration to make a clear theme and to concentrate on it. |
|
| Back to top |
|
|
Robert
Guest
|
| Posted:
Thu Dec 15, 2005 6:22 am Post subject:
Re: VLAN |
|
|
Walter Roberson wrote:
| Quote: |
Nothing about this gets interesting until you want to start building
VPN endpoint firewalls with multiple interfaces, with the interfaces
distinguished by VLAN instead of by IP address and with the
possibility
of having the same IP range in different VLANs, to be treated
differently. For example if 192.168.1.15 in vlan 13 is to be
permitted access to different resources than 192.168.1.15 in vlan 42.
The Cisco "virtual context" might perhaps be designed to address
these issues; I haven't looked at what virtual contexts can do for
you.
|
Thanks a lot for this! But, could you explain it in more detail for me? I am
not sure what you mean about that VPN endpoint firewalls and that example
you gave. Sorry, but I do not speak English so good so I do not understand
all of that you are saying. |
|
| Back to top |
|
|
Walter Roberson
Guest
|
| Posted:
Thu Dec 15, 2005 7:08 am Post subject:
Re: VLAN |
|
|
In article <dnqd13$v3v$1@sunce.iskon.hr>, Robert <robert_abc@net.hr> wrote:
| Quote: | Walter Roberson wrote:
Nothing about this gets interesting until you want to start building
VPN endpoint firewalls with multiple interfaces, with the interfaces
distinguished by VLAN instead of by IP address and with the
possibility
of having the same IP range in different VLANs, to be treated
differently.
Thanks a lot for this! But, could you explain it in more detail for me? I am
not sure what you mean about that VPN endpoint firewalls and that example
you gave.
|
I was using "VPN endpoint firewalls" to indicate a device that combines
VPN termination and firewall facilities. The Cisco PIX series are
examples of this combination.
The Cisco VPN3000 series is for VPN termination only, and does not have
detailed controls over what can be accessed.
The Cisco FWSM (Firewall Services Module) for the Cisco 6500 & 7600
only does firewalls with no VPN facilities; and the Cisco VPNSM (VPN
Services Module) for the Cisco 6500 & 7600 only does VPN with no
firewall facilities, so if you want a high performance VPN and firewall
on your Cisco 6500 or 7600, you would need to buy a FWSM and a VPNSM
.... at about $US35000 for each of the modules!
.... I have partly written a more detailed explanation of what is needed
and what I was referring to, but it is getting late and I need to head
to bed before I can make the explanation interesting and readable.
Ah, I know: let me turn this around. As this is a learning experience
for you in which you will be required to demonstrate to your
instructor what you learned, then instead of me explaining the
steps, how about if -you- outline the steps involved as far as you
understand them, and we'll comment on your outline.
Suppose you have host A in private subnet X in VLAN 10 at site C
(Client), and you need to get the packet to host B in private subnet Y
in VLAN 10 at site S (Server), and that the two are connected by the
Internet (which only deals with public IP addresses). How would you
safely get the packet from one place to the other?
Assume that, as I described earlier, Layer 2 encapsulation can be
seperated from encryption / VPN, and assume that there are firewalls at
each end. Indicate each step at which a packet changes form or
changes IP address, and describe the logical function that each
of those steps is performing.
Or start with something a bit simpler, such as describing the packet
sequence that would be used for layer 3 traffic in which VLANs were not
involved. There are not really very many steps involved with that.
--
"law -- it's a commodity"
-- Andrew Ryan (The Globe and Mail, 2005/11/26) |
|
| Back to top |
|
|
Walter Roberson
Guest
|
| Posted:
Fri Dec 16, 2005 12:13 am Post subject:
Re: VLAN |
|
|
In article <dnsva8$237$1@sunce.iskon.hr>, Robert <robert_abc@net.hr> wrote:
:Walter Roberson wrote:
:> In article <dnqd13$v3v$1@sunce.iskon.hr>, Robert <robert_abc@net.hr>
:> wrote:
:>> Walter Roberson wrote:
:Can we discuss this by e-mail?.
Certainly. My posting address is functional, and I accept polite email
inquiries.
Please note that much of my knowledge is theoretical, based upon
what I have read.
--
All is vanity. -- Ecclesiastes |
|
| Back to top |
|
|
Robert
Guest
|
| Posted:
Fri Dec 16, 2005 5:29 am Post subject:
Re: VLAN |
|
|
Walter Roberson wrote:
| Quote: | In article <dnqd13$v3v$1@sunce.iskon.hr>, Robert <robert_abc@net.hr
wrote:
Walter Roberson wrote:
|
Can we discuss this by e-mail?. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in