network & core system configurations for apan sg medical session koji okamura kyushu university
TRANSCRIPT
Network & Core System Configurations for APAN SG Medical Session
Koji OKAMURA
Kyushu University
PCDVTS(S)
Quatre
NTSCBi-Directional
e3
e4
e1
e2
vlan11192.168.1.1/24
vlan12192.168.2.1/24
eth0202.231.16.178/29
eth1202.231.16.186/29
AR550S-A
1,2
3,4
0
1
vlan13192.168.3.1/24
vlan14192.168.4.1/24
eth0202.231.16.179/29
eth1202.231.16.187/29
AR550S-B
1,2
3,4
0
1
Reflector
NTSCUni-Directional
e1
e2
vlan101172.16.1.1/24
vlan102172.16.2.1/24
eth0202.231.16.180/29
eth1202.231.16.188/29
AR550S-C
1,2
3,4
0
1
vlan105172.16.5.1/24
vlan15192.168.5.1/24
eth0133.5.211.85/24
eth1133.5.210.231/24
Kyushu Univ. Hospital / Japan
1,2
3,4DV
CAM.
0
1
PCDVTS(S)
PCDVTS(S/R)
DVCAM.
MONITOR
Tokyo Venue / Japan
AR550S#13
vlan106172.16.6.1/24
vlan16192.168.6.1/24
eth061.252.48.195/29
NCC / Korea
1,2
3,4DV
CAM.
0
1
PCDVTS(R)
PCDVTS(S/R)
MONITOR
MONITOR
AR550S#14
SECURITYIPsec
APAN Tokyo (25-Jan-2006)Last up date 23-Jan-2006 20:45f
vlan107172.16.7.1/24
vlan17192.168.7.1/24
eth0140.112.124.92/29
National Taiwan Univ. / Taiwan
1,2
3,4DV
CAM.
0
1
PCDVTS(R)
PCDVTS(S/R)
MONITOR
MONITOR
AR550S#15
vlan108172.16.8.1/24
vlan18192.168.8.1/24
eth0202.231.16.196/29
eth1202.231.16.204/29
AKIHABARA Convention Center / Japan
1,2
3,4DV
CAM.
0
1PC
DVTS(S/R)
DVCAM.
MONITOR
AR550S#16
Quatre
DVCommCPYVPN Router
Previous Tokyo Meeting
Allied TetesisVPN Router AR550S
Quatre
DVCommCPY
Previous Tokyo Meeting
VPN Router: allied-telesis(syn)
New Model: AR570S 1G $20 available: 2006/06
Major Model: AR550S 100M $100
VPN Throughput
100Mbps
VPN Throughput
900Mbps
IP-Sec Throughput: very low than VPN
100Mbps
VPN Throughput
???Mbps
Quatre for Demo-1
Xeon 3.0GHz x 2
Quatre for Demo-1
Xeon 3.0GHz x 2
Quatre for Demo-2
Xeon 2.8GHz x 2
Quatre for Demo-2
Xeon 2.8GHz x 2
VPN RouterAR550S
VPN RouterAR550S
Network room in Computer and Communications Center,Kyushu University(it is not my office :)
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.4.0/24
192.168.10.0/24
192.168.11.0/24
192.168.12.0/24
192.168.13.0/24
Shanghai
Hong Kong
Taichung
InternetSINET,APAN,TEIN2,JGN2,CERNET,CSTNET,ASNET,HERNET,SingAREN,TWAREN,QGPOP,KITE
VPNVPN
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.4.0/24
192.168.10.0/24
192.168.11.0/24
192.168.12.0/24
192.168.13.0/24
VPNVPN
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.4.0/24
192.168.10.0/24
192.168.11.0/24
192.168.12.0/24
192.168.13.0/24
Issues for Preparation
• Making perfect Configuration files for AR5xxS is a little bit difficult.
• Allied Telesis helps to make them with actual testing.– Allied Telesis sends the final version after local testing
with actual environment to me.– I load the file to all router and install IP-SEC setting.
• IP address for each site is necessary to make configuration file and set-up.
# system Configurationset system name="KyuUniv#1"
# USER Configurationset user securedelay=600set user minpwdlen=3add user=secoff password=secoff privilege=securityofficerenable user rsoadd user rso ip=192.168.1.0 mask=255.255.255.0add user rso ip=192.168.2.0 mask=255.255.255.0add user rso ip=192.168.3.0 mask=255.255.255.0add user rso ip=192.168.4.0 mask=255.255.255.0add user rso ip=192.168.10.0 mask=255.255.255.0add user rso ip=192.168.11.0 mask=255.255.255.0add user rso ip=192.168.12.0 mask=255.255.255.0add user rso ip=192.168.13.0 mask=255.255.255.0add user rso ip=133.69.0.0 mask=255.255.0.0
# VLAN Defaine Configurationcreate vlan=vlan11 vid=11create vlan=vlan12 vid=12add vlan=vlan11 po=1-2add vlan=vlan12 po=3-5
# IP Configurationenable ipadd ip int=eth0 ip=133.69.128.5 mask=255.255.255.240add ip int=vlan11 ip=192.168.1.1 mask=255.255.255.0add ip int=vlan12 ip=192.168.2.1 mask=255.255.255.0
add ip rou=0.0.0.0 mask=0.0.0.0 int=eth0 next=133.69.128.1set ping sipa=192.168.1.1
# SNMP Configurationena snmpcreate snmp community=public open=yes
# DHCP_SERVER Configrationenable dhcpcreate dhcp policy=dhcp_pol1 lease=7200add dhcp policy=dhcp_pol1 subnet=255.255.255.0 router=192.168.1.1create dhcp range=dhcp_ran1 policy=dhcp_pol1 ip=192.168.1.100 num=10
create dhcp policy=dhcp_pol2 lease=7200add dhcp policy=dhcp_pol2 subnet=255.255.255.0 router=192.168.2.1create dhcp range=dhcp_ran2 policy=dhcp_pol2 ip=192.168.2.100 num=10
# ISAKMP Configrationenable isakmpcreate isakmp pol=ISA_NUS pe=137.132.57.87 key=1 sendn=true sendd=true hear=BOTHcreate isakmp pol=ISA_VGHTC pe=140.128.153.199 key=1 sendn=true sendd=true hear=BOTHcreate isakmp pol=ISA_CHHK pe=137.189.140.239 key=1 sendn=true sendd=true hear=BOTHcreate isakmp pol=ISA_SJTU pe=202.38.100.253 key=1 sendn=true sendd=true hear=BOTH
# IPSEC Configrationenable ipseccreate ipsec sas=1 key=isakmp prot=esp enc=des hasha=shacreate ipsec bund=1 key=isakmp string=1
# IPsec Policy [ISAKMP_MESSAGE]create ipsec pol=isakmp_mes0 int=eth0 ac=permit lp=500 rp=500 tra=udp
# IPsec Policy [IPSEC_NUS]create ipsec pol=IPSEC_NUS int=eth0 ac=ipsec key=isakmp bund=1 peer=137.132.57.87set ipsec pol=IPSEC_NUS lad=192.168.0.0 lma=255.255.0.0 rad=192.168.10.0 rma=255.255.255.0
# IPsec Policy [IPSEC_VGHTC]create ipsec pol=IPSEC_VGHTC int=eth0 ac=ipsec key=isakmp bund=1 peer=140.128.153.199set ipsec pol=IPSEC_VGHTC lad=192.168.0.0 lma=255.255.0.0 rad=192.168.11.0 rma=255.255.255.0
# IPsec Policy [IPSEC_CHHK]create ipsec pol=IPSEC_CHHK int=eth0 ac=ipsec key=isakmp bund=1 peer=137.189.140.239set ipsec pol=IPSEC_CHHK lad=192.168.0.0 lma=255.255.0.0 rad=192.168.12.0 rma=255.255.255.0
# IPsec Policy [IPSEC_SJTU]create ipsec pol=IPSEC_SJTU int=eth0 ac=ipsec key=isakmp bund=1 peer=202.38.100.253set ipsec pol=IPSEC_SJTU lad=192.168.0.0 lma=255.255.0.0 rad=192.168.13.0 rma=255.255.255.0
# IPsec Policy [INTERNET]create ipsec pol=internet1 int=eth0 ac=permit