diff options
author | Christian Pointner <equinox@anytun.org> | 2015-05-19 02:12:46 +0000 |
---|---|---|
committer | Christian Pointner <equinox@anytun.org> | 2015-05-19 02:12:46 +0000 |
commit | 3656b16c4bcf6e6ea3d240e7810ff71828911cb7 (patch) | |
tree | 2b3f9bd7a5f3ce9663c4009372564c9b9f692d01 | |
parent | ebuild (diff) |
create talks dir and moved old slides in there
added slides for aconet meeating 2015-05-19
-rw-r--r-- | talks/acn/acn.ppt (renamed from papers/acn/acn.ppt) | bin | 752640 -> 752640 bytes | |||
-rw-r--r-- | talks/acn/anycast-dns-lan.dia (renamed from papers/acn/anycast-dns-lan.dia) | bin | 1879 -> 1879 bytes | |||
-rw-r--r-- | talks/acn/app_anycast_rtp_proxy.dia (renamed from papers/acn/app_anycast_rtp_proxy.dia) | bin | 3323 -> 3323 bytes | |||
-rw-r--r-- | talks/acn/app_securing_anycast_services.dia (renamed from papers/acn/app_securing_anycast_services.dia) | bin | 3398 -> 3398 bytes | |||
-rw-r--r-- | talks/acn/app_tunnel_2_networks.dia (renamed from papers/acn/app_tunnel_2_networks.dia) | bin | 2907 -> 2907 bytes | |||
-rw-r--r-- | talks/acn/app_unicast_vpn_concentrator.dia (renamed from papers/acn/app_unicast_vpn_concentrator.dia) | bin | 3320 -> 3320 bytes | |||
-rw-r--r-- | talks/acn/enc4-6ur.dia (renamed from papers/acn/enc4-6ur.dia) | bin | 1172 -> 1172 bytes | |||
-rw-r--r-- | talks/acn/enc6-e.dia (renamed from papers/acn/enc6-e.dia) | bin | 1173 -> 1173 bytes | |||
-rw-r--r-- | talks/acn/header-auth.dia (renamed from papers/acn/header-auth.dia) | bin | 1426 -> 1426 bytes | |||
-rw-r--r-- | talks/acn/header-enc.dia (renamed from papers/acn/header-enc.dia) | bin | 1422 -> 1422 bytes | |||
-rw-r--r-- | talks/acn/header.dia (renamed from papers/acn/header.dia) | bin | 1380 -> 1380 bytes | |||
-rw-r--r-- | talks/acn/kd-auth.dia (renamed from papers/acn/kd-auth.dia) | bin | 1550 -> 1550 bytes | |||
-rw-r--r-- | talks/acn/kd-enc.dia (renamed from papers/acn/kd-enc.dia) | bin | 1619 -> 1619 bytes | |||
-rw-r--r-- | talks/acn/kx-ipsec.dia (renamed from papers/acn/kx-ipsec.dia) | bin | 1469 -> 1469 bytes | |||
-rw-r--r-- | talks/acn/kx-ovpn.dia (renamed from papers/acn/kx-ovpn.dia) | bin | 1102 -> 1102 bytes | |||
-rw-r--r-- | talks/acn/kx-satp.dia (renamed from papers/acn/kx-satp.dia) | bin | 1606 -> 1606 bytes | |||
-rw-r--r-- | talks/aconet-meeting-2015-05-19/anytun-logo.png | bin | 0 -> 6264 bytes | |||
-rw-r--r-- | talks/aconet-meeting-2015-05-19/anytun.pdf | bin | 0 -> 166593 bytes | |||
-rw-r--r-- | talks/aconet-meeting-2015-05-19/anytun.tex | 336 | ||||
-rw-r--r-- | talks/aconet-meeting-2015-05-19/usage-anycast-cluster.png | bin | 0 -> 17181 bytes | |||
-rw-r--r-- | talks/aconet-meeting-2015-05-19/usage-anycast-service.png | bin | 0 -> 21434 bytes | |||
-rw-r--r-- | talks/aconet-meeting-2015-05-19/usage-interconnect.png | bin | 0 -> 19040 bytes | |||
-rw-r--r-- | talks/linuxtage2008.odp (renamed from papers/linuxtage2008.odp) | bin | 102663 -> 102663 bytes | |||
-rw-r--r-- | talks/realraum.odp (renamed from papers/realraum.odp) | bin | 102953 -> 102953 bytes |
24 files changed, 336 insertions, 0 deletions
diff --git a/papers/acn/acn.ppt b/talks/acn/acn.ppt Binary files differindex 126cd5b..126cd5b 100644 --- a/papers/acn/acn.ppt +++ b/talks/acn/acn.ppt diff --git a/papers/acn/anycast-dns-lan.dia b/talks/acn/anycast-dns-lan.dia Binary files differindex c80a07f..c80a07f 100644 --- a/papers/acn/anycast-dns-lan.dia +++ b/talks/acn/anycast-dns-lan.dia diff --git a/papers/acn/app_anycast_rtp_proxy.dia b/talks/acn/app_anycast_rtp_proxy.dia Binary files differindex fea87e9..fea87e9 100644 --- a/papers/acn/app_anycast_rtp_proxy.dia +++ b/talks/acn/app_anycast_rtp_proxy.dia diff --git a/papers/acn/app_securing_anycast_services.dia b/talks/acn/app_securing_anycast_services.dia Binary files differindex ab6b20b..ab6b20b 100644 --- a/papers/acn/app_securing_anycast_services.dia +++ b/talks/acn/app_securing_anycast_services.dia diff --git a/papers/acn/app_tunnel_2_networks.dia b/talks/acn/app_tunnel_2_networks.dia Binary files differindex 0d9f20c..0d9f20c 100644 --- a/papers/acn/app_tunnel_2_networks.dia +++ b/talks/acn/app_tunnel_2_networks.dia diff --git a/papers/acn/app_unicast_vpn_concentrator.dia b/talks/acn/app_unicast_vpn_concentrator.dia Binary files differindex fa61c2c..fa61c2c 100644 --- a/papers/acn/app_unicast_vpn_concentrator.dia +++ b/talks/acn/app_unicast_vpn_concentrator.dia diff --git a/papers/acn/enc4-6ur.dia b/talks/acn/enc4-6ur.dia Binary files differindex 25756d9..25756d9 100644 --- a/papers/acn/enc4-6ur.dia +++ b/talks/acn/enc4-6ur.dia diff --git a/papers/acn/enc6-e.dia b/talks/acn/enc6-e.dia Binary files differindex c394a68..c394a68 100644 --- a/papers/acn/enc6-e.dia +++ b/talks/acn/enc6-e.dia diff --git a/papers/acn/header-auth.dia b/talks/acn/header-auth.dia Binary files differindex 4522feb..4522feb 100644 --- a/papers/acn/header-auth.dia +++ b/talks/acn/header-auth.dia diff --git a/papers/acn/header-enc.dia b/talks/acn/header-enc.dia Binary files differindex 9083401..9083401 100644 --- a/papers/acn/header-enc.dia +++ b/talks/acn/header-enc.dia diff --git a/papers/acn/header.dia b/talks/acn/header.dia Binary files differindex d69be0f..d69be0f 100644 --- a/papers/acn/header.dia +++ b/talks/acn/header.dia diff --git a/papers/acn/kd-auth.dia b/talks/acn/kd-auth.dia Binary files differindex c7506ae..c7506ae 100644 --- a/papers/acn/kd-auth.dia +++ b/talks/acn/kd-auth.dia diff --git a/papers/acn/kd-enc.dia b/talks/acn/kd-enc.dia Binary files differindex bfb7644..bfb7644 100644 --- a/papers/acn/kd-enc.dia +++ b/talks/acn/kd-enc.dia diff --git a/papers/acn/kx-ipsec.dia b/talks/acn/kx-ipsec.dia Binary files differindex 296ddce..296ddce 100644 --- a/papers/acn/kx-ipsec.dia +++ b/talks/acn/kx-ipsec.dia diff --git a/papers/acn/kx-ovpn.dia b/talks/acn/kx-ovpn.dia Binary files differindex 2641220..2641220 100644 --- a/papers/acn/kx-ovpn.dia +++ b/talks/acn/kx-ovpn.dia diff --git a/papers/acn/kx-satp.dia b/talks/acn/kx-satp.dia Binary files differindex eb9e47c..eb9e47c 100644 --- a/papers/acn/kx-satp.dia +++ b/talks/acn/kx-satp.dia diff --git a/talks/aconet-meeting-2015-05-19/anytun-logo.png b/talks/aconet-meeting-2015-05-19/anytun-logo.png Binary files differnew file mode 100644 index 0000000..e0b3eda --- /dev/null +++ b/talks/aconet-meeting-2015-05-19/anytun-logo.png diff --git a/talks/aconet-meeting-2015-05-19/anytun.pdf b/talks/aconet-meeting-2015-05-19/anytun.pdf Binary files differnew file mode 100644 index 0000000..ba2a01e --- /dev/null +++ b/talks/aconet-meeting-2015-05-19/anytun.pdf diff --git a/talks/aconet-meeting-2015-05-19/anytun.tex b/talks/aconet-meeting-2015-05-19/anytun.tex new file mode 100644 index 0000000..10830ed --- /dev/null +++ b/talks/aconet-meeting-2015-05-19/anytun.tex @@ -0,0 +1,336 @@ +%%% Beamer Vorlage, (c) Bernhard Tittelbach +\ifx\mode\undefined % only include documentclass if beamer not already included via handout_ + \documentclass{beamer} +\fi +\usepackage{cmap} +\usepackage{ngerman} +\usepackage[utf8]{inputenc} + +\mode<presentation>{ +%%% Layout Themen + \usetheme{Luebeck} + %\usetheme{Boadilla} + %\usetheme{Copenhagen} + %%% Farb Theme + %\usecolortheme{crane} + %\usecolortheme{realraum} + + %\useinnertheme{circles} + %%% Hier Fußzeile und Subsections konfigureren bzw ausschalten + \useoutertheme[footline=authorinstitute,subsection=false]{miniframes} + %\useoutertheme{infolines} + %\useoutertheme{split} + %\useoutertheme{shadow} + %\useoutertheme[hooks]{tree} + %\useoutertheme{smoothtree} + %\useoutertheme[hooks]{sidebar} + +\setbeamertemplate{footline} + {% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}% + \leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}% + \hfill% + {\usebeamerfont{institute in head/foot}\usebeamercolor[fg]{institute in head/foot}\insertshortinstitute}% + \hfill% + \usebeamercolor[fg]{page number in head/foot}% + \usebeamerfont{page number in head/foot}% + \insertframenumber\,/\,\inserttotalframenumber%\kern1em\vskip2pt% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} + } + + +%%% Schriftgröe von Float Captions (Bildunterschriften, Tabellenunterschriften) +\setbeamerfont{caption}{size=\scriptsize} + + %%% Textpos erlaubt die "absolute" positionierung von Elementen + \usepackage[overlay,absolute]{textpos} + \TPGrid{ 40 }{ 30 } + + %% Hier die Transparenz von \uncover Elementen einstellen (siehe Beamer Doku) +%\setbeamercovered{transparent=4} +%\setbeamercovered{invisible} +%\setbeamercovered{dynamic} +%\setbeamercovered{highly dynamic} +\setbeamercovered{transparent} + +%% Hier auskommentieren um die Navigationsleiste unten auszublenden +\setbeamertemplate{navigation symbols}{} + +%%% 16:10 Folien +%\usepackage[orientation=landscape,size=custom,width=16,height=10,scale=0.5]{beamerposter} + +\usepackage{multimedia} +} + +\mode<article>{ + \usepackage{fullpage} + \usepackage{hyperref} + \usepackage{pgf} + \hypersetup{colorlinks=true,% + urlcolor=blue,% + pdftex} +% WARNING this command requires beamer v3.07 (2007) +% it makes subsections from frametitle sin article mode + \setbeamertemplate{frametitle}{\subsection{\insertframetitle}} +% \setbeamertemplate{frametitle}{} +} + +% Needed for PS Tricks Images +%\usepackage{tikz} + +%\usepackage{fancyvrb} +\definecolor{Brown}{cmyk}{0,0.81,1,0.60} +\definecolor{OliveGreen}{cmyk}{0.64,0,0.95,0.40} +\definecolor{CadetBlue}{cmyk}{0.62,0.57,0.23,0} +%% Das Listings Package eignet sich zum Anzeigen von Code +%\usepackage{listings} +%\lstset{language=sh} +%\lstset{tabsize=2} +%\lstset{basicstyle=\small, +% keywordstyle=\ttfamily\color{OliveGreen}, +% identifierstyle=\ttfamily\color{CadetBlue}\bfseries, +% commentstyle=\color{Brown}, +% stringstyle=\ttfamily, +% showstringspaces=false} + +\title{ Anytun - Secure Anycast Tunneling } +\author{Christian Pointner} +\date{\today} +%\institute{sat.mur.at} +%\logo{\pgfimage[height=0.6cm]{logo}} +%\logo{\pgfimage[height=0.6cm]{logo}\hspace{1mm}\pgfimage[height=0.6cm]{mur-logo-dark}} +% \logo{\pgfimage{MURsat-logo}\hspace{1mm}\pgfimage[height=0.6cm]{mur-logo-dark}} +% \logo{\includegraphics[clip=true,trim=0 12.0cm 0 10.0cm,scale=0.1]{MURsat-logo}} +\logo{\includegraphics[height=1cm]{anytun-logo}\hspace{0.2cm}} + +\begin{document} +\frame{ +\titlepage +} +%----------------------------------------------- +% \frame{ +% \frametitle{Outline} +% \tableofcontents +% } + +\AtBeginSection[] +{ + \begin{frame} + \frametitle{Überblick} + \small + \tableofcontents[currentsection,hideothersubsections] + \normalsize + \end{frame} +} + +%=============================================== +\section{Open Source VPN} + +% welche open source VPN Lösungen gibt es +% openvpn: viele features, große community, firma mit support, +% leider ssl +% tinc: ähnlich openvpn, meshing, leider ssl +% IPSec: +% ipsec-tools: setkey, racoon -> use linux kernel ipsec implementation +% strongSwan: auf linux, ikev1, ikev2! +% libreSwan: formerly openswan, ikev1 +% anytun: !!! + + +%----------------------------------------------- +\begin{frame} + \frametitle{OpenVPN} + \begin{itemize} + \item<1-> eines der ältesten SSL basierten VPNs + \item<2-> viele Features + \item<3-> Multi-Platform + \item<4-> große Community + \item<5-> wird von Coverity regelmäßig geprüft + \item<6-> Firma die Support bietet + \end{itemize} +\end{frame} +%----------------------------------------------- +\begin{frame} + \frametitle{tinc} + \begin{itemize} + \item<1-> neueres Projekt - weniger Legacy Code + \item<2-> basiert auf SSL + \item<3-> unterstützt automatisches Meshing + \item<4-> kleinere Community + \item<5-> Multi-Platform (weniger als OpenVPN) + \end{itemize} +\end{frame} +%----------------------------------------------- +\begin{frame} + \frametitle{strongSwan} + \begin{itemize} + \item<1-> IPsec Implementierung für Linux + \item<2-> basiert auf freeS/WAN + \item<3-> unterstützt IKEv1 und IKEv2 + \item<4-> kann mit vielen IPSec Implementierungen arbeiten + \end{itemize} +\end{frame} +%----------------------------------------------- +\begin{frame} + \frametitle{ipsec-tools} + \begin{itemize} + \item<1-> Key Exchange Daemons für IPsec im Linux Kernel + \item<2-> raccoon: unterstützt nur IKEv1 + \item<3-> setkey: für statisches keying + \end{itemize} +\end{frame} +%----------------------------------------------- + +%=============================================== +\section{Warum Anytun?} + +% openvpn, tinc etc -> ssl based :( +% ipsec: kein anycast -> replay protection +% satp +% warum anycast: wer mit anycast umgehen kann kann jede adressierungsform +% gratis load balancing + +%----------------------------------------------- +\begin{frame} +\frametitle{Warum Anytun} +\begin{itemize} + \item<1-> OpenVPN und tinc basieren auf SSL + \begin{itemize} + \item<1-> Angriffe gegen SSL treffen eventuell auch das VPN + \item<1-> kein standardisiertes Protokoll + \end{itemize} + \item<2-> IPSec kann nicht mit Anycast umgehen (keine Replay Protection oder hoher Synchronisationsaufwand) + \item<2-> NAT Transversal ist in IPSec umständlich und schwierig + \item<3-> Anycast bietet viele Vorteile bei Load Balancing und Redundanz + \item<3-> ein Protokoll das Anycast unterstüzt kann in vielen Szenarien eingesetzt werden. +\end{itemize} +\end{frame} + +%=============================================== +\section{SATP und (u)Anytun} + +% SATP -> secure anycast tunneling protocol +% adds sender-id -> replay protection +% anytun full-featured implementation C++/Boost +% uanytun small implementation (no sync) C + +%----------------------------------------------- +\begin{frame} +\frametitle{SATP} +\begin{itemize} + \item<1-> Name des Protokolls: Secure Anycast Tunneling Protocol + \item<2-> dokumentiert als Internet Draft + \item<3-> spezifiziert nur die Payload Kommunikation und NAT Transversal + \item<4-> agnostisch gegenüber dem Key Exchange Protokoll +\end{itemize} +\end{frame} +%----------------------------------------------- +\begin{frame} +\frametitle{SATP Details} +\begin{itemize} + \item<1-> Ähnlich zu IPSec ESP und GRE + \item<2-> geringer Overhead (10 Byte + MAC) + \item<3-> über UDP oder direkt auf IP + \item<4-> unterstützt jedes Ethertype Protocol als Payload (Ethernet, IPv4, IPv6, ...) + \item<5-> verschiedene Anycast Sender können identifiziert werden somit funktioniert die Replay Protection auch ohne viel Synchronisationsaufwand + \item<6-> Crypto basiert auf sRTP +\end{itemize} +\end{frame} +%----------------------------------------------- +\begin{frame} +\frametitle{Anytun} +\begin{itemize} + \item<1-> erste Implementierung von SATP + \item<2-> unterstützt Cluster Synchronisation + \item<3-> geschrieben in C++ / Boost (Multi-Threaded) + \item<4-> läuft unter Linux, Windows, FreeBSD +\end{itemize} +\end{frame} +%----------------------------------------------- +\begin{frame} +\frametitle{uAnytun} +\begin{itemize} + \item<1-> kleine Implementierung von SATP + \item<2-> keine Cluster Synchronisation + \item<3-> geschrieben in C mit wenig Library Abhängigkeiten (nur Crypto) + \item<4-> läuft unter Linux, FreeBSD und OpenBSD +\end{itemize} +\end{frame} +%----------------------------------------------- + +%=============================================== +\section{Verwendungs-Szenarien} + +% anytun usage scenarios: +% anycast VPN server cluster +% securing anycast service +% mutli path interconnect + +%----------------------------------------------- +\begin{frame} +\frametitle{Anycast VPN Cluster} +\includegraphics[width=0.9\textwidth]{usage-anycast-cluster}\\ +\end{frame} +%----------------------------------------------- +\begin{frame} +\frametitle{Secure Anycast Service/Application} +\includegraphics[width=0.9\textwidth]{usage-anycast-service}\\ +\end{frame} +%----------------------------------------------- +\begin{frame} +\frametitle{Mulit-Path Interconnect} +\includegraphics[width=0.9\textwidth]{usage-interconnect}\\ +\end{frame} +%----------------------------------------------- + +%=============================================== +\section{Zukunft} + +% anytun future: +% RAIL +% Key Exchange +% ike2, inbound, interface zu key store +% anytun multi threading +% RFC für SATP + +%----------------------------------------------- +\begin{frame} +\frametitle{RAIL} +\begin{itemize} + \item<1-> Redundant Array of Inexpensive Links + \item<2-> SATP Pakete werden mehrmals über verschiedene Pfade gesendet + \item<3-> Empfänger verwirft alle doppelten Pakete + \item<4-> Redudanz und oder gesteigerte Bandbreite + \item<5-> erste Test Implementierung in uAnytun funktioniert + \item<6-> ohne Key Exchange sehr umständlich zu verwenden :( +\end{itemize} +\end{frame} +%----------------------------------------------- +\begin{frame} +\frametitle{Key-Exchange, RFC, ...} +\begin{itemize} + \item<1-> Zurzeit untstützt Anytun und uAnytun nur statische Keys :( + \item<2-> Interface für externes Keyexchange um Inbound Daten schicken zu können + \item<3-> Interface um Keys im Daemon zu installieren + \item<4-> Update der Crypto Primitives in SATP + \item<5-> RFC für SATP + \item<6-> Threading Modell von Anytun +\end{itemize} +\end{frame} +%----------------------------------------------- + +%=============================================== +% \section{Bibliography} +%----------------------------------------------- +% \frame[allowframebreaks]{ +% \mode<presentation>{\frametitle{Bibliography}} +% +% \bibliographystyle{ieeetr} +% \bibliography{} +% } +%----------------------------------------------- +\end{document} diff --git a/talks/aconet-meeting-2015-05-19/usage-anycast-cluster.png b/talks/aconet-meeting-2015-05-19/usage-anycast-cluster.png Binary files differnew file mode 100644 index 0000000..a9182c7 --- /dev/null +++ b/talks/aconet-meeting-2015-05-19/usage-anycast-cluster.png diff --git a/talks/aconet-meeting-2015-05-19/usage-anycast-service.png b/talks/aconet-meeting-2015-05-19/usage-anycast-service.png Binary files differnew file mode 100644 index 0000000..c48339b --- /dev/null +++ b/talks/aconet-meeting-2015-05-19/usage-anycast-service.png diff --git a/talks/aconet-meeting-2015-05-19/usage-interconnect.png b/talks/aconet-meeting-2015-05-19/usage-interconnect.png Binary files differnew file mode 100644 index 0000000..331e776 --- /dev/null +++ b/talks/aconet-meeting-2015-05-19/usage-interconnect.png diff --git a/papers/linuxtage2008.odp b/talks/linuxtage2008.odp Binary files differindex b712dbd..b712dbd 100644 --- a/papers/linuxtage2008.odp +++ b/talks/linuxtage2008.odp diff --git a/papers/realraum.odp b/talks/realraum.odp Binary files differindex 7f41608..7f41608 100644 --- a/papers/realraum.odp +++ b/talks/realraum.odp |