“’mm"‘"‘ ‘I’? Building and Managing Virtual Private Networks
`
`by Dave Kosiur
`pg-[nu
`Networks Wiley Computer Publishing, John Wiley & Sons, Inc.
`
`‘ ISBN: 0471295254 Pub Date: O9f01f98
`
`Preface
`
`PART I—The Internet and Business
`
`CHAPTER 1—Business on the Internet
`
`The Changing Business Environment
`
`The Internet
`
`The Internet’s Infrastructure
`
`What the Internet Delivers
`
`Using Internet Technologx
`
`Summarx
`
`CHAPTER 2—Virtual Private Networks
`
`The Evolution of Private Networks
`
`What Is an Internet VPN?
`
`Whv Use an Internet VPN?
`
`Cost Savings
`
`Some Detailed Cost Comgarisons
`
`SCENARIO 1
`
`SCENARIO 2
`
`SCENARIO 3
`
`Flexibilitv
`
`Scalability
`
`Reduced Tech Suggort
`
`Reduced Eguigment Reguirements
`
`Meeting Business Exgectations
`
`Summarx
`
`CHAPTER 3—A Closer Look at Internet VPNS
`
`The Architecture of a VPN
`
`Petitioner Apple Inc. - Ex. 1006, p. 1
`
`

`
`Tunnels: The “Virtual” in VPN
`
`Security Services: The “Private” in VPN
`
`The Protocols behind Internet VPNS
`
`Tunneling and Securitv Protocols
`
`Management Protocols
`
`VPN Building Blocks
`
`The Internet
`
`Security Gateways
`
`Other Securitv Comgonents
`
`Summary
`
`PART II—Securing an Internet VPN
`
`CHAPTER 4—Security: Threats and Solutions
`
`Security Threats on Networks
`
`Sgoofing
`
`Electronic Eavesdromging or Sniffing
`
`The Man-in-the-Middle Attack
`
`Authentication Systems
`
`Traditional Passwords
`
`One-Time Passwords
`
`Other Systems
`
`PASSWORD AUTHENTICATION PROTOCOL QPAP!
`
`CHALLENGE HANDSHAKE AUTHENTICATION PROTOCOL
`
`QCHAPL
`
`TERMINAL ACCESS CONTROLLER ACCESS-CONTROL
`
`SYSTEM ITACACSI
`
`REMOTE AUTHENTICATION DIAL-IN USER SERVICE
`
`I-Iardware—Based Systems
`
`SMART CARDS AND PC CARDS
`
`TOKEN DEVICES
`
`Biometric Systems
`
`Petitioner Apple Inc. - Ex. 1006, p. 2
`
`

`
`An Introduction to Crvgtograghx
`
`What Is Encrmtion?
`
`What Is Public-Key Crxgtograghx?
`
`Two Imgort-ant Public-Keg Methods
`
`THE DIFFIE-HELLMAN TECHNI UE
`
`RSA PU BLIC-KEY CRYPTOGRAPHY
`
`Selecting Encrxgtion Methods
`
`Public-Key Infrastructures
`
`PU BLIC-KEY CERTIFICATES
`
`GENERATING PUBLIC KEYS
`
`CERTIFICATE AND KEY DISTRIBUTION
`
`CERTIFICATE AUTHORITIES
`
`Summarv
`
`CHAPTER 5—Using IPSec to Build a VPN
`What Is lPSec?
`
`The Building Blocks of IPSec
`
`Securitx Associations
`
`The Authentication Header
`
`ESP: The Encagsulating Securitv Payload
`
`A Question of Mode
`
`Key Management
`
`ISAKMP"s Phases and Oaklefs Modes
`
`MAIN MODE
`
`AGGRESSIVE MODE
`
`QUICK MODE
`
`Negotiating the SA
`
`Using lPSec
`
`Securitv Gateways
`
`Wild Card SAS
`
`Remote Hosts
`
`Tving It All Together
`
`Samgle Degloyment
`
`Remaining Problems with IPSec
`
`Petitioner Apple Inc. - Ex. 1006, p. 3
`
`

`
`Summarv
`
`CHAPTER 6—Using PPTP to Build a VPN
`What Is PPTP?
`
`The Building Blocks of PPTP
`
`PPP and PPTP
`
`Tunnels
`
`RADIUS
`
`Authentication and Encrvgtion
`
`LAN-to-LAN Tunneling
`
`Using PPTP
`
`PPTP Servers
`
`PPTP Client Software
`
`Network Access Servers
`
`Samgle Deployment
`
`Agglicabilitx of PPTP
`
`Summarx
`
`CHAPTER 7—Using LZTP to Build a VPN
`What Is LZTP?
`
`The Building Blocks of L2TP
`
`PPP and LZTP
`
`Tunnels
`
`Authentication and Encrt/Etion
`
`LAN-to-LAN Tunneling
`
`Kev Management
`
`Using L2TP
`
`LZTP Network Servers
`
`LZTP Client Software
`
`Network Access Concentrators
`
`Samgle Degloxment
`
`Agglicabilitx of LZTP
`
`Summarv
`
`Petitioner Apple Inc. - Ex. 1006, p. 4
`
`

`
`CHAPTER 8—Designing Your VPN
`
`Determining the Reguirements for Your VPN
`
`Some Design Considerations
`
`Network Issues
`
`Security Issues
`
`ISP Issues
`
`Planning for Deglovment
`
`Summarv
`
`PART III—Building Blocks of a VPN
`
`CHAPTER 9—The ISP Connection
`
`ISP Cagabilities
`
`Tyges of lSPs
`
`What to Exgect from an ISP
`
`Learning an ISP’s Cagabilities
`
`ISP INFRASTRUCTURE
`
`NETWORK PERFORMANCE AND MANAGEMENT
`
`CONNECTIVITY OPTIONS
`
`SECURITY AND VPNS
`
`Service Level Agreements
`
`Pregaring for an SLA
`
`Monitoring ISP Performance
`
`In-House or Outsourced VPNS?
`
`Commercial VPN Providers
`
`ANS VPDN Services
`
`AT&am|:_vT WorldNet VPN
`
`Comguserve IP Link
`
`GTE Internetworking
`
`[nternetMCl VPN
`
`UUNET ExtraLink
`
`Other VPN Providers
`
`Future Trends in ISPs
`
`Petitioner Apple Inc. - Ex. 1006, p. 5
`
`

`
`Summarv
`
`CHAPTER 10—FirewaIIs and Routers
`
`A Brief Primer on Firewalls
`
`Tynes of Firewalls
`
`PACKET FILTERS
`
`APPLICATION AND CIRCUIT PROXIES
`
`STATEF UL INSPECTION
`
`General Points
`
`Firewalls and VPNS
`
`Firewalls and Remote Access
`
`Product Reguirements
`
`COMMON RE UIREMENTS
`
`IPSEC
`
`PPTP AND LZTP
`
`AN OVERVIEW OF THE PRODUCTS
`
`Routers
`
`Product Reguirements
`
`AN OVERVIEW OF THE PRODUCTS
`
`Summarx
`
`CHAPTER 11—VPN Hardware
`
`Tynes of VPN Hardware
`
`The Price of Integration
`
`Different Products for Different VPNS
`
`Product Reguirements
`
`An Overview of the Products
`
`Summarx
`
`CHAPTER 12——VPN Software
`
`Different Products for Different VPNS
`
`Tunneling Software
`
`VPNS and NOS-Based Products
`
`Host-to-Host VPN s
`
`Petitioner Apple Inc. - Ex. 1006, p. 6
`
`

`
`Product Reguirements
`
`An Overview of the Products
`
`Summarv
`
`PART IV—Managing a VPN
`
`CHAPTER 13—Security Management
`
`Corgorate Security Policies
`
`Selecting Encrvgtion Methods
`
`Protocols and Their Algorithms
`
`Keg Lengths
`
`Keg Management for Gateways
`
`Identification of Gateways
`
`Handling Session Keys
`
`Kev Management for Users
`
`Authentication Services
`
`Managing an In-House CA
`
`Controlling Access Rights
`
`Summarv
`
`CHAPTER 14—IP Address Management
`
`Address Allocation and Naming Services
`
`Static and Dynamic Address Allocation
`
`Internal versus External _
`Private Addresses and NAT i,
`
`Multigle Links to the Internet
`
`IPv6
`
`Summary
`
`CHAPTER 15—Performance Management
`
`Network Performance
`
`Reguirements of Real-Time Agglications
`
`Suggorting Differentiated Services
`
`VPN Performance
`
`Petitioner Apple Inc. - Ex. 1006, p. 7
`
`

`
`Policy-Based Management
`
`Monitoring ISP Performance and SLAs
`
`Summarg
`
`PART V—L0oking Ahead
`
`CHAPTER 16—Extending VPNS to Extranets
`Reasons for an Extranet
`
`Turning a VPN into an Extranet
`
`Summary
`
`CHAPTER 17—Future Directions
`
`VPN Deglovment
`
`[SP5 and the Internet
`
`VPN Standards
`
`Security and Digital Certificates
`
`VPN Management
`
`Product Trends
`
`Keeging U|:_n
`
`Aggendix A
`
`Aggendix B
`
`Aggendix C
`
`Glossary
`
`Index
`
`Petitioner Apple Inc. — EX. 1006, p. 8
`
`Petitioner Apple Inc. - Ex. 1006, p. 8
`
`

`
`Building and Managing Virtual Private Networks
`by Dave Kosiur
`Networks Wiley Computer Publishing, John Wiley & Sons, inc.
`
`‘ ISBN: 0471295264 Pub Date: 09i01f98
`
`‘Previous Table of Contents |Next
`
`Preface
`
`The world of virtuaf private networks (VPNS) has exploded in the last year, with more and more vendors
`offering what they call VPN solutions for business customers. Unfortunately, each vendor has his own
`definition of what a VPN is; to add to the confusion, each potential customer has his own idea of what
`comprises a VPN as well. Mix in the usual portion of marketing hype, and you’ve got quite a confusing
`situation indeed.
`
`One of the purposes of this book is to dispel] as much of the confusion surrounding VPNS as possible.
`Our approach has been based on three main ideas: relate the current usage of the term VPN to past
`private networks so that both experienced and new network managers can see how they’re related;
`carefully describe and compare the various protocols so that you, the reader, will see the advantages and
`disadvantages of each; and always keep in mind that more than one kind of VPN fits into the business
`environment. With the wide Variety of technologies available for VPNS, it should be the customer who
`decides what kind of VPN—and, therefore, what protocols and products—meets his business needs best.
`
`To that end, this book aims to provide you with the background on VPN technologies and products that
`you need to make appropriate business decisions about the design of a VPN and expectations for its use.
`
`Who Should Read This Book
`
`This book is aimed at business and IS managers, system administrators, and network managers who are
`looking to understand what Intemet-based VPNS are and how they can be set up for business use. Our
`goal is to provide the reader with enough background to understand the concepts, protocols, and systems
`associated with VPNS so that his company can decide whether it wants to deploy a VPN and what might
`be the best way to do so, in terms of cost, performance, and technology.
`
`How This Book Is Organized
`
`This book has been organized into five parts:
`
`1. The Internet and Business
`
`2. Securing an Internet VPN
`
`. Building Blocks ofa VPN
`
`. Managing a VPN
`
`. Looking Ahead
`
`Petitioner Apple Inc. - Ex. 1006, p. 9
`
`

`
`Part I, The Internet and Business, covers the relationship between business and Internet, including how
`VPNS can provide competitive advantages to businesses. The first three chapters of the book make up
`Part 1.
`
`Chapter 1, “Business on the Internet,” discusses today’s current dynamic business environment, the
`basics of the lntemet, and how Internet technology meshes with business needs using intranets, extranets,
`and VPNS.
`
`Chapter 2, “Virtual Private Networks,” covers the different types of private networks and virtual private
`networks (VPNs) that have been deployed by businesses over the past 30 years and introduces the focus
`of this book, virtual private networks created using the Internet. Here, you’ll find details on cost
`justifications for lntemet—based VPNS, along with other reasons for using VPNS.
`
`Chapter 3, “A Closer Look at Internet VPNS,” delves into the nature of l.ntemet-based VPNS, introducing
`their architecture as well as the components and protocols that can be used to create a VPN over the
`Internet.
`
`Part II, Securing an Internet VPN, focuses on the security threats facing Internet users and how the three
`main VPN protocols—lPSec, PPTP, and L2TP—deal with these security issues so that you can properly
`design a VPN to meet your needs. Chapters 4 through 8 are included in Part II.
`
`Chapter 4, “Security: Threats and Solutions,” describes the major threats to network security and then
`moves on to detail the principles of different systems for authenticating users and how cryptography is
`used to protect your data.
`
`Chapter 5, “Using IPSec to Build a VPN,” is the first of three chapters presenting the details of the main
`protocols used to create VPNS over the Internet. The first of the trio covers the IP Security Protocol
`(IPSec) and the network components you can use with IPSec for a VPN.
`
`Chapter 6, “Using PPTP to Build a VPN,” discusses the details of PPTP, the Point—to-Point Tunneling
`Protocol. Like Chapter 5, it includes a discussion of protocol details and the devices that can be deployed
`to create a VPN.
`
`Chapter 7, “Using LZTP to Build a VPN,” is the last chapter dealing with VPN protocols; it covers
`L2TP, the Layer2 Tunneling Protocol. It shows how LZTP incorporates some of the features of PPTP and
`lPSec and how its VPN devices differ from those of the other two protocols.
`
`Chapter 8, “Designing Your VPN,” focuses on the issues you should deal with in planning your VPN.
`The major considerations you’ll most likely face in VPN design are classified into three main
`groups—network issues, security issues, and [SP issues. This chapter aims to serve as a transition from
`many of the theoretical and protocol-related issues discussed in the first seven chapters of the book to the
`more pragmatic issues of selecting products and deploying and managing the VPN, which is the focus of
`the remainder of the book.
`
`Part III, Building Blocks ofa VPN, moves into the realm of the products that are available for creating
`VPNs, as well as the role the ISP can play in your VPN.
`
`Chapter 9, “The ISP Connection,” focuses on Internet Service Providers, showing how they relate to the
`lnternet’s infrastructure and the service you can expect from them. Because your VPN is likely to
`become mission-critical, the role of the [SP is crucial to the VPN’s success. We, therefore, cover how
`
`Petitioner Apple Inc. - Ex. 1006, p. 10
`
`

`
`service level agreements are used to state expected ISP performance and how they can be monitored. The
`last part of this chapter summarizes some of the current ISPs that offer special VPN services, including
`outsourced VPNS.
`
`Chapter 10, “Firewalls and Routers,” is the first of three chapters that deal with VPN products. This
`chapter discusses how firewalls and routers can be used to create VPNs. For each type of network device,
`we cover the principal VPN-related requirements and summarize many of the products that are currently
`available in the VPN market.
`
`Chapter 1 1, “VPN Hardware,” continues the product coverage, focusing on VPN hardware. One main
`issue covered in the chapter is the network services that should be integrated in the hardware and the
`resulting effects on network performance and management.
`
`Chapter 12, “VPN Software,” deals with VPN software, mainly the products that can be used with
`existing servers or as adjuncts to Network Operating Systems. As in the previous two chapters, this
`chapter includes a list of requirements and a summary of the available products.
`
`Part IV, Managing a VPN, includes three chapters that cover the three main issues of
`management—security, IP addresses, and performance.
`
`Chapter 13, “Security Management,” describes how VPNS have to mesh with corporate security policies
`and the new policies that may have to be formulated, particularly for managing cryptographic keys and
`digital certificates. The chapter includes suggestions on selecting encryption key lengths, deploying
`authentication services, and how to manage a certificate server for digital certificates.
`
`Chapter 14, “IP Address Management,” covers some of the problems network managers face in
`allocating IP addresses and naming services. It describes the solutions using Dynamic Host
`Corgfiguration Protocol (DHCP) and Dynamic Domain Name System (DDN S) and points out some of the
`problems VPNs can cause with private addressing, Network Address Translation (NAT), and DNS.
`
`Chapter 15, “Performance Management,” is concerned with the basics of network performance and how
`the demands of new network applications like interactive multimedia can be met both on networks and
`VPNS. The chapter describes the five major approaches to providing differentiated services and how
`network management can be tied to VPN devices, especially through policy—based network management.
`
`Part V, the last part of the book, is called Looking Ahead and covers likely ways to expand your VPN and
`what the future may hold.
`
`Chapter 16, “Extending VPNS to Extranets,” deals specifically with the issues of extending your VPN to
`become an extranet to link business partners together for electronic commerce. It covers some of the
`main reasons for creating an extranet and points out some of the issues you’ll have to deal with while
`getting all the parts of an extranet to work together.
`
`Chapter 17, “Future Directions,” is our attempt to project where the VPN market is going and what’s
`likely to happen in the next few years, in the development of VPN protocols, the products that support
`them, and the uses businesses will create for VPNs.
`
`lPrevious lTable of Contents [Next
`
`Petitioner Apple Inc. - Ex. 1006, p. 11
`
`

`
`Building and Managing Virtual Private Networks
`by Dave Kosiur
`Networks Wiley Computer Publishing, John Wiley & Sons, Inc.
`ISBN: 0471295264 Pub Date: 09i01l98
`
`!Previous Table of Contents ‘Next
`
`PART I
`
`The Internet and Business
`
`Virtual Private Networks (VPNS) now can provide cost savings of 50 to 75 percent by replacing more
`costly leased lines and remote access servers and reducing equipment and training costs; but they also
`help keep your business network flexible, enabling it to respond faster to changes in business
`partnerships and the marketplace.
`
`As you evaluate your corporate structure for designing a VPN, keep in mind which sites require full-time
`connections and what type of data will cross the VPN, as well as how many telecommuters and mobile
`workers you’ll need to support.
`
`CHAPTER 1
`
`Business on the Internet
`
`Communication is the heart of business. Not only do companies depend on communication to run their
`internal affairs, but they also have to communicate with their suppliers, customers, and markets if they
`expect to stay in business.
`
`In the 90s, the Internet has become the star of communication. It has captured the imaginations of
`individuals and business owners alike as a new medium for communicating with customers as well as
`business partners. But, the lntemet is a great melting pot of many different technologies. Many of the
`technologies necessary for reliable, secure business quality communications are still in the process of
`being rolled out for routine use. The everyday use of the Internet for business communication holds great
`promise, but we’ve yet to achieve the p1ug—and—play stage for many business applications of the Internet.
`
`Today's advances in technology at every level of networking can make it difficult, if not impossible, to
`find a single integrated solution for your business needs. Thus, we find ourselves in the midst of a time in
`which not only are new higher—speed media being introduced for residential and business
`communication, but in which new application environments, such as the Web, not only unify diverse
`services but offer added opportunities such as the new marketing and sales channels found in electronic
`commerce.
`
`The terminology surrounding the Internet seems to change every day as vendors seek to define new
`market niches and offer their versions of “marketectures.” One aim of this book is to address the
`
`Petitioner Apple Inc. - Ex. 1006, p. 12
`
`

`
`confusion surrounding the technologies that fall under the umbrella term Virtual Private Networks
`(VPNS), providing you with a framework for distinguishing between the different types of VPNS and
`selecting the ones that will meet your business needs.
`
`This book focuses on running VPNS over the Internet. Using the Internet for a Virtual Private Network
`enables you to communicate securely among your offices—wherever they may be located—with greater
`flexibility and at a lower cost than using private networks set up with pre-Internet technologies, such as
`leased lines and modem banks.
`
`This chapter serves as a brief introduction to the structure and capabilities of today’s Internet and how
`the lntemet can be used by businesses to improve their operations. Later chapters will cover the details of
`many of the concepts we introduce here.
`
`The Changing Business Environment
`
`Business today isn’t like it was in the good old days, even if old is only 3-5 years ago. Amidst all the
`downsizing, automation, and increasing numbers of small businesses as well as mega-mergers, one trend
`seems self-evident: Flexibility is the order of the day.
`
`A cornerstone of business flexibility is an adaptable communications network. Well—designed networking
`can help your business deal with many of the changes in current-day business environments~—for
`example, improved customer and partner relations, an increasingly mobile workforce, flattened
`organizational structures, virtual teams, etc. (see Figure 1.1).
`
`Businesses are faced not only with quickly changing projects and markets but also with short-term
`associations with suppliers and other business partners as they attempt to compete. Customers demand
`more-—not just more quality and variety in products but also more information about, and support for, the
`products. As customers demand more, they also can offer more to sellers; smart marketers look to
`increased interactivity with customers to learn more of their needs, leaning towards more individuality
`and treating each customer as a market of one rather than a large number of individuals lumped into a
`single group with average tastes and needs.
`
`mana...
`-~
`
`no.
`
`an-.-
`
`FIGU RE l.] Clfimges in today’s business environments.
`
`_
`
`I I
`
`Even as businesses struggle with these sources and sinks of information, they find their own employees
`dispersed across the planet, trying to get their jobs done in markets that have become increasingly global.
`Businesspersons may well hope that phone calls and videoconferences can make the deal or solve a
`problem, but we're still stuck in a physical world in which face—to—face contacts are valued, useful, and
`often a necessity. Thus, we’re faced with an increasingly mobile workforce, and I’m not referring to
`job-switching (although that happens often enough), just to the number of miles the modem-day worker
`travels to meet business obligations. Yet, amidst all this travel across the planet, each employee needs to
`stay in touch with the home office, wherever it is.
`
`One of the common business trends in the past decade has been a flattening of the business organization,
`
`Petitioner Apple Inc. - Ex. 1006, p. 13
`
`

`
`a move from a hierarchical management structure to one including fewer managers and more interacting
`teams. Flatter organizations, however, require more coordination and communication in order to function
`properly, providing yet another reason for the growth of networks.
`
`In these flatter organizations, it’s not uncommon to see an increasing number of teams formed. These
`teams, which are formed quickly to attack a particular problem and then disbanded, consist of members
`scattered throughout the company, often in more than one country. Much of their work and coordination
`is conducted electronically, transmitted across networks at any and all times of the day. In a global
`business, the sun never sets.
`
`As businesses change, so too must the Information Technology (IT) departments helping to maintain the
`communication infrastructure that’s so important to the company’s success. Three major shifts in
`information technology have occurred during the past few years—from personal computing to
`workgroup computing, from islands of isolated systems to integrated systems, and from intra-enterprise
`computing to inter-enterprise computing. To deal with all these changes and help synchronize the
`organization with business, the IT staff have to maintain flexibility so they can respond to the regular
`order of the day——change.
`
`A primary aim of this book is to illustrate how the Internet and Internet Protocol (IP)-based technologies
`can provide your business with new methods for creating a more flexible and less costly private network
`that better meets today’s business needs. Let’s investigate the Internet a bit before we move on to the
`details of these lntemet-based Virtual Private Networks.
`
`]Previous lTable of Contents lNext
`
`Petitioner Apple Inc. — EX. 1006, p. 14
`
`Petitioner Apple Inc. - Ex. 1006, p. 14
`
`

`
`"“'“"'“":§ Building and Managing Virtual Private Networks
`by Dave Kosiur
`Wiley Computer Publishing, John Wiley & Sons, Inc.
`ISBN: 0471295264 Pub Date: 09t'01l98
`
`{Previous Table of Contents |Next
`
`The Internet
`
`In spite of all the hype and heightened expectations surrounding it, the Internet has truly become one of
`the major technological achievements of this century. Starting out as a simple network connecting four
`computers scattered around the United States, the Internet has become the largest public data network,
`crisscrossing the globe and connecting peoples of all ages, nationalities, and ways of life. Even as it’s
`become a common mode of communication among individuals using computers at home and at the
`workplace, the Internet has become more of a commercial network, offering businesses new forms of
`connectivity, both with other business partners and with their customers.
`
`For all its success, the Internet can be difficult for some to fathom. For instance, the Internet has no
`central governing body that can compel its users to follow a particular procedure. A number of
`organizations deal with different aspects of the Internet’s governance. For instance, the Internet Society
`(ISOC) helps promote policies and the global connectivity of the Internet, while the Internet Engineering
`Task Force (IETF) is a standards setting body for many of the technical aspects. The World Wide Web
`Consortium (W3C) focuses on standards for the Web and interacts with the IETF in setting standards.
`Addressing and naming of entities on the Internet is important to the functioning of the Internet, and that
`task currently is shared by Network Solutions Inc. and the Internet Assigned Numbers Authority (IANA),
`although the parties involved in this procedure may change before long.
`
`The Internet is a somewhat loose aggregation of networks that work together by virtue of running
`according to a common set of rules, or protocols, the Transfer Control Protocol/Internet Protocol
`(TCP/IP) protocols. These protocols have proven to be an important cornerstone of the Internet, which
`has evolved in a very open environment guided by a group of selfless, dedicated engineers under the
`guidance of the Internet Architecture Board (IAB), the overseer of the IETF, and a related task force, the
`Internet Research Task Force (IRTF). Despite the proliferation of numerous other networking protocols,
`the TCP/IP protocols have become the preferred means for creating open, extensible networks, both
`within and among businesses as well as for public networking. The seemingly never—ending exponential
`growth of the Internet that started roughly three decades ago is but one proof of the Internet’s popularity
`and flexibility.
`
`The growth of the lntemet has been phenomenal by any measure (see Figure 1.2). The Intemet’s
`predecessor, ARPANET, was started in 1969 and connected only four computers at different locations in
`the United States. During the past few years, the number of computers attached to the Internet has been
`doubling annually. According to the survey of Internet domains that’s been run periodically since 198?
`by Network Wizards, more than 30 million computers were connected to the Internet as of February,
`1998. Depending on whom you ask, 50 million users of the Internet may live in the United States alone.
`
`Petitioner Apple Inc. - Ex. 1006, p. 15
`
`

`
`With this growth has come a change in the direction of the Internet. Although the Internet may have
`started out as a network designed primarily for academic research, it’s now become a commercialized
`network frequented largely by individuals outside universities and populated by a large number of
`business enterprises.
`
`J ‘II:-I-I H----o
`r :.u.'I.--
`
`-an
`um‘!
`Ilr3..Gr-owth of the Internet.
`
`Business usage of the Internet has grown as well. It’s difficult to measure business-related traffic in any
`reliable coherent fashion. But, one sample indicator of phenomenal growth of business use is the increase
`in the number of computers in what are called .com domain names (reserved for businesses only)-the
`number of these business-related computers rose from 774,735 in July, 1994, to 8,201,51 1 in August,
`1997.
`
`The Internet’s Infrastructure
`
`The lntemet is global in scope and strongly decentralized with no single governing body. The physical
`networks comprising the Internet form a hierarchy (see Figure 1.3) whose top level is composed of the
`high—speed backbone network maintained by MCI (now part of Worldcom); the majority of Internet
`traffic is funnelled onto the backbone through the Network Access Points (NAPS), which are maintained
`by Sprint, Worldcom, and others—these are located in strategic metropolitan areas across the United
`States (see Figure 1.4).
`
`Independently-created national networks setup by PSInet and UUNET, among others, mostly tie into the
`NAPS, but some service providers have made their own arrangements for peering points to help relieve
`some of the load at the NAPS. Lower levels are composed of regional networks, then the individual
`networks found on university campuses, at research organizations, and in businesses.
`
`For most users, the internal structure of the Internet is transparent. They connect to the Internet via their
`Internet Service Provider (ISP) and send e-mail, browse the Web, share files, and connect to other host
`computers on the Internet without concern for where those other computers are located or how they're
`connected to the Internet. We'll cover some of the details of tying your internal networks to the Internet
`in the following chapters.
`
`j1-II:1anE
`
`_ ._.....__
`
`L_“.1-I-.2.!‘
`
`|I5ICUIiiE‘I.3T The Internet hierarchy.
`
`What the Internet Delivers
`
`For a moment, put aside any specific business needs that you may have. Instead, just concentrate on what
`the Internet can offer its users.
`
`Petitioner Apple Inc. - Ex. 1006, p. 16
`
`

`
`The Internet offers its users a wide range of connectivity options, many at low cost. These options range
`from a very high-speed (megabits per second) direct link to the Internet backbone to support data
`exchange or multimedia applications between company sites to the low—end option of using a dial—up
`connection through regular phone lines at speeds of 9,600 to 28,800 bits per seconds.
`
`The near-ubiquity of the Internet makes setting up connections much easier than with any other data
`network. These could be either permanent connections for branch offices or on—the—fly links for your
`mobile workers. While Internet coverage isn’t equal throughout the world, the Internet makes it possible
`to achieve global connectivity at a cost lower than if your business created its own global network.
`
`As mentioned before, the lntemet is built on a series of open protocols. This foundation has made it
`much easier for developers to write networked applications for just about any computing platform,
`promoting a great deal of interoperability. It’s not unusual to find a wide range of Internet applications
`that run on all major operating systems, making your job of offering common networked services easier.
`The World Wide Web has gone even farther by offering developers and content designers alike the
`possibility of working within a single user interface that spans multiple operating systems as well.
`
`.1.
`.
`i;_ _.
`
`:
`
`_ -__fi
`. "‘ '
`_
`_
`«.3-_-.. _
`
`.-
`
`.
`
`FIGURE 1.4 Map of U.S. Internet.
`
`The Internet also offers you the opportunity of having a more manageable network. Because you’ve
`outsourced much of the national and global connectivity issues to your Internet Service Provider, you can
`focus more of your attention on other internal network management issues.
`
`Previous [Table of Contents ’Next
`
`Petitioner Apple Inc. — EX. 1006, p. 17
`
`Petitioner Apple Inc. - Ex. 1006, p. 17
`
`

`
`Building and Managing Virtual Private Networks
`by Dave Kosiur
`Networks Wiley Computer Publishing, John Wiley & Sons, Inc.
`
`‘ ISBN: 0471295264 Pub Date: o9ro1r93
`
`{Previous Table of Contents |Next
`
`The Internet is not without its shortcomings, however. In many ways, it’s become a victim of its own
`success. For example, the bandwidth available on the Internet backbone and offered by many ISPS has
`barely been able to keep up with the explosive increase in Internet usage that’s taken place during the
`past few years. That, in tum, has raised some concerns about the reliability of Internet traffic. Brownouts
`and other localized network outages have occurred, but new equipment and policies continue to improve
`the robustness of Internet links.
`
`A related concern has been the Intemet’s capability to handle multimedia traffic, especially real-time
`interactive multimedia. In general, the delays of data transmissions over the Internet make real-time
`multimedia transmissions difficult, but certain ISP networks have been designed with such applications
`in mind, and efforts at improving quality-of-service have started to address the problem. Currently,
`guaranteed performance is restricted by most ISPs to network uptime, but you should expect to see
`minimum delay guarantees offered in the next year or two.
`
`Lastly, and this is an issue we’ll repeatedly address in this book, is the problem of security. Admittedly,
`the majority of data transmitted on the Internet is transmitted in the clear and can be intercepted by
`others. But, methods exist for encrypting data against illegal viewing as well as for preventing
`unauthorized access to private corporate resources, even when they’re linked to the Intemet. Many of the
`reported illegal intrusions into networks are due more to poorly-implemented security policies than to
`any inherent insecurity of the Internet. We’ll see later in this book that robust security is available for
`every aspect of data communications over the Internet.
`
`Using Internet Technology
`
`The lntemet offers business opportunities on what we‘ll call a private level as well as a public level’. The
`public level is where a great deal of attention has been focused over the past few years, as proponents of
`electronic commerce have aimed at the buying and selling of goods and services over the public Internet,
`either to the general public or to other businesses.
`
`But, the private Internet is what this book is all about. Businesses can use the Internet as a means of
`transmitting corporate information privately among their corporate sites, without fear that either hackers
`or the general public will see the informati