Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Interface<br />
Interface<br />
Customer Site<br />
Service Provider<br />
Customer Site<br />
Figure 20. Interfaces Between Customer and Service Provider <strong>Networks</strong><br />
VPNs are examples of a multilevel network system (see section 5.4.3) where hosts with<strong>in</strong> the<br />
service provider network cannot view, access, or know about hosts with<strong>in</strong> the customer’s<br />
networks, and vice versa. It is called virtual because the service provider forwards the<br />
customer’s packets across its own network <strong>in</strong>frastructure <strong>in</strong> a manner that appears to the<br />
customer as if the service provider’s network were the customer’s own private network. The<br />
service provider can transparently provide VPN services to multiple different customers over<br />
that same physical <strong>in</strong>frastructure with each VPN be<strong>in</strong>g securely partitioned from the other. Each<br />
customer is provided a high degree of confidentiality and <strong>in</strong>tegrity protections from the VPN<br />
service, which protect their users from other VPN users of the same physical network<br />
<strong>in</strong>frastructure. This protection is accomplished either by data l<strong>in</strong>k layer protocol separations (see<br />
first bullet below) or else via tunnel<strong>in</strong>g (i.e., protocol stack encapsulations, expla<strong>in</strong>ed <strong>in</strong> the<br />
second bullet below, which is the approach recommended by this study). 18 These <strong>in</strong>herent<br />
confidentiality and <strong>in</strong>tegrity provisions can be further strengthened by us<strong>in</strong>g IPsec security (see<br />
RFC 4301) <strong>in</strong> tunnel mode for network layer VPNs.<br />
The IETF has def<strong>in</strong>ed two dist<strong>in</strong>ct types of VPNs:<br />
• A Layer 2 Virtual Private Network (L2VPN) provides a VPN logically occurr<strong>in</strong>g at the<br />
customer’s data l<strong>in</strong>k layer by us<strong>in</strong>g the service provider’s physical network <strong>in</strong>frastructure<br />
operat<strong>in</strong>g at the data l<strong>in</strong>k layer. In L2VPN 19 , a network provider offers the customer<br />
access to a VPN via a data l<strong>in</strong>k layer service <strong>in</strong>terface (see figure 20). Consequently, the<br />
18<br />
The mechanism by which physical network partition<strong>in</strong>g is accomplished differs <strong>in</strong> terms of the specific protocol<br />
layer at which the partition<strong>in</strong>g controls occur. The approach recommended by this study does the partition<strong>in</strong>g at<br />
the network layer (layer 3). The specific partition<strong>in</strong>g mechanism recommended by this study relies upon the<br />
controlled <strong>in</strong>sertion (encapsulation) of a redundant IP packet header specific for the service provider network<br />
(i.e., the non-VPN enclave parts of the aircraft's network) with<strong>in</strong> the protocol stack of the customer’s (i.e.,<br />
network enclave) packets (see figure 21) while they are conveyed across the network service provider’s network.<br />
This encapsulation occurs at the <strong>in</strong>terface po<strong>in</strong>t shown <strong>in</strong> figures 20 and 22. The encapsulated packets are<br />
conveyed across the network service provider’s network by means of the encapsulated IP header (i.e., the service<br />
provider’s IP header that was <strong>in</strong>serted <strong>in</strong>to the protocol stack). The orig<strong>in</strong>al IP packet header of the customer’s<br />
packet, together with the entire contents of that orig<strong>in</strong>al packet, is not visible to either the network service<br />
provider or to other VPNs supported by that service provider because they only can see the <strong>in</strong>terface-<strong>in</strong>serted IP<br />
header. Additional assurance is provided by the fact that IP address<strong>in</strong>g of the orig<strong>in</strong>al IP header comes from the<br />
IP address space of the (customer) network enclave, while the IP address<strong>in</strong>g of the redundant (encapsulated) IP<br />
header comes from the service provider’s IP address space. The approach recommended by this study also has a<br />
third assurance mechanism: the customer’s entire orig<strong>in</strong>al IP stack is encrypted us<strong>in</strong>g FIPS-compliant encryption<br />
technology so that all network enclave packet <strong>in</strong>formation is <strong>in</strong> cipher text form while travers<strong>in</strong>g the service<br />
provider’s network. These provisions ensure total network partition between the various VPNs themselves as<br />
well as from the convey<strong>in</strong>g service provider network.<br />
19 See http://www.ietf.org/html.charters/l2vpn-charter.html<br />
67