Details of VNET Plus:
Advantages of VNET Plus:
- - Easy setup to get started.
- - It enables you unconstrained P2P communications even if there exist several NATs (Network Address Translation devices) on the communication routes. This means that you will never face the "NAT traversal problems".
- - A communication route is surely established if you just specify the name of the other party.
- - It is possible to construct a network that does not require global IP addresses.
- - Direct communication between devices connected to IPv4 and IPv6 is possible (Note).
- - Communication can be maintained even if the network used by the device is switched to another network during the communication.
- - The most suitable communication route will be established with the least delay.
- - You can make VNET Plus communications and normal communications at the same time.
- - The network configuration under NAT is hidden in the same manner as that for the actual network.
- - The definition of communication grouping can easily be set without any special knowledge.
- - You can use the existing applications as they are without making any change.
- - There is no need for you to change the existing network configuration.
- - We provide a VNET adapter that takes over the functions of VNET Plus.
- - It has scalability because DC and TS can be distributed (Note).
It must be noted, however, that the communication devices need to be connected to a TCP/IP network and also that it is necessary for you to set a system to pass through UDP port 4330 in the case of the environment with some firewalls.
(Note) This function is currently underdevelopment.
VNET Plus Security:
VNET Plus is extremely secure for the following reasons.
- - All packets related to VNET Plus are encrypted and an authentication code is applied to each of them to prevent from eavesdropping.
- - As the encryption key that encrypts packets between end devices is unknown to the administrator, there is no need for you to worry about information leakage from the administrator.
- - It provides a closed communication group that allows mutual communications strictly within the same group.
- - It has its own DoS attack countermeasures that detect and discard malicious packets at a high speed.
- - Perfect countermeasures against replay attacks are also provided.
- - VNET Plus adopts the encryption algorithm AES CBC mode with a key length of 256 bits and the hash algorithm SHA256, whose security is guaranteed at the present time.
- - An extended password method (multi-factor authentication using a random number) is applied.
1 The VNET Plus application
The following OS's can be used for the VNET Plus application.
- Linux (Ubuntu16.04lts and its later versions)
- Raspberry pi OS (64-bit)
- Windows 10/11
2 VNET Plus Adapter:
In the following cases, you can make executing instead the functions of VNET Plus by using a VNET adapter.
・When the OS does not support VNET.
・For embedded devices such as IoT.
・For business servers that do not allow any changes.
How to give VNET names:
About FQDN (Fully Qualified Domain Name):In order to use VNET Plus, it is necessary to give a name to each applicable communication device.
FQDN is normally the name given to a server to be used on the Internet.
The FQDN rules ensure that every name is unique throughout the world.
The name given to the VNET Plus device ,that is called VNET ID here, conforms to the FQDN, and the name must end with letters ” .ntm200.com”.
For example, the name of your VNET Plus device is given like below.
VNET Plus name: aaa.acompany.ntm200.com
If the device is a web server, it could already have the FQDN like below.
Web server name: aaa.acompany.acompany.co.jp
In that case, you leave the conventional FQDN as it is and simply add a VNET ID for VNET Plus.
If the device is a client, it usually does not have FQDN.
In this case, a VNET ID needs to be given to the client.
When the client enters the VNET ID (aaa.acompany.ntm200.com) and the file name in the URL field of the browser, the contents of the server can be browsed.
In the case where you have been accessing your server by inputting the name reading
in the case of VNET Plus accessing the same file.
VNET user name:The "acompany" part of VNET ID is the subdomain name to identify the VNET user.
The representative person of users has to obtain a subdomain name from the "User Registration" tab.
The representative person has to assign an VNET ID including the acquired subdomain name to each of the end users.
The aaa part is user specific, and can be further layered like aaa.bbb.
Communication group:Communication group names are also required for the VNET Plus networks.
At least one group name needs to be assigned to each unit of the VNET Plus devices.
Only the devices having the same group name can communicate with each other.
No special rules exist concerning the group names.
Devices can belong to a number of different groups.
The figure below shows an example of how to get access to the web server in the company from internal and external PCs securely.
The web server can be accessed using either of the traditional name or the VNET Plus name.
P2P communication security is guaranteed when accessed with the name of VNET Plus.
External PCs such as home PCs can get access to the web server in the company by using the VNET Plus name.
You do not need to be concerned about the existence or non-existence of NATs, and you can access the server with exactly the same way as the PCs in the company.
Development of new communication applications:
You will be able to develop and verify your application on the Internet by taking the following steps.
(1) Build an application on the LAN and verify its operation.
(2) Install the VNET Plus application on each communication device.
Then, it becomes possible for you to migrate to a system with wider areas that straddles over the Internet.
The already proven systems in LAN can also be used as they are.
You should take into account the following matters when developing a new application.
- You keep in mind the fact that VNET Plus will remove all network constraints.
- What you have to do is just to develop a system that runs on a LAN.
- As VNET Plus solves the NAT traversal problem, you can forget about the existence of NATs.
- Although there exist technologies called STUN/TURN as a NAT traversal means, you should not use these technologies together with VNET Plus because they compete with the functions of VNET Plus.
- As VNET Plus hides the real IP address from the application, there exists a possibility that the relationship between the virtual IP address and the real IP address is confused and safe operation cannot be guaranteed as the result, if the application is designated with the real IP address in mind.
- VNET Plus starts operation by the name resolution protocol based on DNS as a trigger. Thus, the name resolution using LAN broadcasting such as Multicast DNS cannot be used.
VNET Plus is equipped with a high communication performance.
In our experiment, the TCP throughput of VNET Plus was measured as follows.
- Linux PC (Core i5, 2.7GHz Ubuntu 20.04LTS): 220Mbps
- Raspberry pi 4 : 120Mbps
- 1000BASE-TX wired direct connection
- PC specifications: Core i5, 2.7GHz Ubuntu20.04LTS
- Measurement tool: iperf
If and when the networks in use are switched during the communication, the time required for the resumption of communication is less than 1 second.
Specifications of VNET Plus:
- Unconstrained mutual communications in IPv4 areas without the necessity of being aware of the existence of NATs are possible.
- Unconstrained mutual communications in the environment of a mixture of the IPv4 / IPv6 networks are possible(under developing).
- Mobility is possible.
- Basically, P2P direct communication route is established. However, communications via TS are established in the following cases.
- - When one device is connected to IPv4 while the other is connected to IPv6.
- - When both end devices are connected under Symmetric NATs.
- - Configuration is based on a special multi-staged NAT.
P2P packet authentication and encryption processes are undertaken.
(AES CBCmode 256 bit, SHA-256)
Countermeasures against DoS attacks and those against replay attacks are adopted.
Communication grouping is realized.
The encryption keys for communications are kept unknown even to the administrator.
An extended password method (multi-factor authentication using a random number) is applied.
Distributed arrangements for DC as well as for TS are adopted(under developing).
You can learn more about VNET Plus by watching videos.
- VNET Plus short video
- Introduction to VNET Plus with English subtitles
- Setting up for VNET Plus with English subtitles.
- Working principle of VNET
- How to use VNET adapter
- VNET plus demo video collection
- VNET Plus and remote access. Difference from existing VPN (with demo video)
- VNET Plus and Remote Desktop (with demo video)
- VNET Plus and streaming distribution (with demo video)
- VNET Plus and web conferencing (with demo video)
3 minutes. First short video for getting to know VNET Plus.
10 minutes. What is VNET Plus? What can I do with it?
10 minutes. User registration, definition of VNET ID and communication group, installation, startup method.
5 minutes. VNET support equipments. Working principle of VNET Plus.
6 minutes. How VNET adapter works, Usage examples, connection method.
33 minutes. A collection of demo videos only.
15 minutes. What is remote access? Demonstration videos (Tereterm, WinSCP, etc.).
13 minutes. What is remote desktop? Demo videos (VNC, MS RDS, Teamviewer).
13 minutes. What is streaming distribution? Demo videos (mjpg-streamer, IP Webcam, network camera)
10 minutes. What is a web conference? Demo videos by jitsi.