Virtual Private Network

11 IX.. Productivity and Cost Benefit……………………………. Bibliography………………………………………………. The Future of VPN………………………………………. 7 . 9 . 5 .. Types of VPNs…………………………………………….13 X. 1 .. Questions……………………………………………………14 .... Introduction ………………………………………………. Components of VPNs………………………………………... 2 .Table of Contents I. 3 .7 V...9 VI. 9 VII..5 IV...11 VIII. VPN Topology…………………………………………….2 II.12 .. Conclusion………………………………………………….3 III. Quality of Service………………………………………….

there is no third party who can interrupt this communication or receive any data that is exchanged between them. Delta Company has the choice to set up private lines between the two locations. Virtual Private Network. used low-speed switched services. companies supplemented their networks with remote access servers or ISDN. who could not afford dedicated leased lines. In order for both locations to communicate efficiently. The term VPN has been associated in the past with such remote connectivity services as the (PSTN). This would create an affordable small area network for Delta Company. one in Los Angeles. Today’s VPN solutions overcome the security factor using special tunneling protocols and complex encryption procedures. companies began to put their Intranets onto the web and create what are now known as Extranets to link internal and external users. A network consists of two or more devices that can freely and electronically communicate with each other via cables and wire. is defined as a network that uses public network paths but maintains the security and protection of private networks. Virtual means not real or in a different state of being. because these operations occur over a public network. now commonly called Intranets. For example. as cost-effective and quick-to-deploy as the Internet is. A VPN is a network. a VPN. Network. to set up complex private networks. As the Internet became more and more accessible and bandwidth capacities grew. and the new connection produces what seems to be a dedicated point-to point connection. CA (A) and Las Vegas. Public Switched Telephone Network but VPN networks have finally started to be linked with IP-based data networking. it will cost Delta Company a great deal of money since they would have to purchase the communication lines per mile. the communication is virtually but not physically there. Although early VPNs required extensive expertise to implement.Introduction Virtual. connecting the two locations. The more viable option is to implement a VPN. Small to medium-sized companies. Delta Company can hook their communication lines with a local ISP in both cities. Although those two devices are communicating with each other in a public environment. Virtual Simply put. VPNs can cost significantly less to implement than privately owned or leased services. Therefore. technology has matured to a level where deployment can be a simple and affordable solution for businesses of all sizes. and ATM to incorporate remote users. It can transmit information over long distances effectively and efficiently. Private means to keep something a secret from the general public. private communication between two or more devices is achieved through a public network the Internet. In a VPN. Although private lines would restrict public access and extend the use of their bandwidth. Before IP based networking corporations had expended considerable amounts of time and resources. These networks were installed using costly leased line services. For the smaller sites and mobile workers on the remote end. data integrity and privacy is achieved. The ISP would act as a middleman. Delta Company has two locations. However. Nevada (B). And. . Private. Frame Relay. there is one fundamental problem – security.

This ensured the security needed to satisfy corporations. The process of moving the packet using VPN is transparent to both the users. called Multiprotocol Label Switching (MPLS) is used exclusively in layer-3 VPNs. VPN Topology Next we will look at how a VPN works internally: To begin using a VPN. an Internet connection is needed. Layer-2 VPN uses the layer 2 frame such as the Ethernet while layer-3 uses layer 3 packets such as IP. customers. where it discards the incoming layer-2 frame and generates a new layer-2 frame at the destination. Layer-3 VPN starts at layer 3. A specially designed router or switch is then connected to each Internet access circuit to provide access from the origin networks to the VPN. When the packet arrives on the receiving end.a virtual circuit that resembles a leased line because it can be dedicated to a single user) through tunnels allowing senders to encapsulate their data in IP packets that hide the underlying routing and switching infrastructure of the Internet from both the senders and receivers. The VPN device at the sending facility takes the outgoing packet or frame and encapsulates it to move through the VPN tunnel across the Internet to the receiving end. VPNs operate at either layer 2 or layer 3 of the OSI model (Open Systems Interconnection). the Internet connection can be leased from an ISP and range from a dial up connection for home users to faster connections for businesses. A customer controls the secure parts of the VPN while the provider. The VPN devices create PVCs (Permanent Virtual Circuit. and providers. encryption and decryption was used on both ends to safeguard the information passed to and fro. 2) Secure VPN: With security becoming more of an issue for users. Internet Service Providers and the Internet as a whole. 3) Hybrid VPN: A mix of a secure and trusted VPN. The newly emerged protocol. Although it is “trusted” it is not secured. Two of the most widely used protocols for creating layer-2 VPNs over the Internet are: layer-2 tunneling protocol (L2TP) and point-to-point tunneling protocol (PPTP). such as an ISP. See Figure 1 . 4) Provider-provisioned VPN: A VPN that is administered by a service provider. another device will strip off the VPN frame and deliver the original packet to the destination network.VPNs were are broken into 4 categories1) Trusted VPN: A customer “trusted” the leased circuits of a service provider and used it to communicate without interruption. guarantees the trusted aspect.

etc. nationwide toll-free 800 number is no longer needed to connect to the organization’s modems . digital subscriber line (DSL). then establishes the tunnel to the VPN device at the organization’s office and finally begins forwarding packets over the Internet. Remote access VPN allows users to connect to their corporate intranets or extranets wherever or whenever is needed. enables mobile users to establish a connection to an organization server by using the infrastructure provided by an ISP (Internet Services Provider). Remote access VPN offers advantages such as:  Reduced capital costs associated with modem and terminal server equipment  Greater scalability and easy to add new users  Reduced long-distance telecommunications costs. Inc All rights Reserved Types of VPNs There are currently three types of VPN in use: remote access VPN. The VPN device at the ISP accepts the user’s login. Remote access VPNs (see figure 2). Users have access to all the resources on the organization’s network as if they are physically located in organization. Defined VPN Note: From A Primer for implementing a Cisco Virtual Private Network © 1999 Cisco systems. extranet VPN. integrated services digital network (ISDN). intranet VPN.Figure 1. The user connects to a local ISP that supports VPN using plain old telephone services (POTS).

efficient use of WAN bandwidth Flexible topologies Congestion avoidance with the use of bandwidth management traffic shaping Figure 3. They are built using the Internet. An IP WAN infrastructure uses IPSec or GRE to create secure traffic tunnels across the network. Inc All rights Reserved Intranet VPNs. Benefits of an intranet VPN include the following:    Reduced WAN bandwidth costs. Inc All rights Reserved . or ATM networks. Intranet VPNs A Primer for implementing a Cisco Virtual Private Network © 1999 Cisco systems. service provider IP. provides virtual circuits between organization offices over the Internet (see figure 3). Remote Access VPNs A Primer for implementing a Cisco Virtual Private Network © 1999 Cisco systems. Frame Relay.Figure 2.

or different organizations over the Internet. Layer 2 Tunneling Protocol and Multiprotocol Label Switching (MPLS) along with Data Encryption Standard (DES). or hackers. A further description of these technologies is detailed next. PPTP can also handle Internet packet exchange (IPX) and network basic input/output system extended user interface (NetBEUI). See Figure 4 Figure 4. Extranet VPN are built for users such as customers. where connection is . Point-to-Point Tunneling Protocol (PPTP). Extranet VPNs A Primer for implementing a Cisco Virtual Private Network © 1999 Cisco systems. Tunneling allows senders to encapsulate their data in IP packets that hide the routing and switching infrastructure of the Internet from both senders and receivers to ensure data security against unwanted viewers. suppliers. Security – Companies need to keep their VPNs secure from tampering and unauthorized users. PPTP is designed to run on the Network layer of the Open systems interconnection (OSI). The VPN solution also needs to have Platform Scalability – the ability to adapt the VPN to meet increasing requirements ranging from small office configuration to large enterprise implementations. It uses a voluntary tunneling method. Some examples of technologies that VPN’s use are. 1.The concept of setting up extranet VPNs are the same as intranet VPN. Inc All rights Reserved Components of the VPN In order for a VPN to be beneficial a VPN platform needs to be reliable. IP Security (IPSec). manageable across the enterprise and secure from intrusion. PPTP uses Point-to-Point Protocol (PPP) to provide remote access that can be tunneled through the Internet to a desired site. The only difference is the users. A key decision the enterprise should make before starting their implementation is to consider how the VPN will grow to meet the requirement of the enterprise network and if VPN will be compatible with the legacy networks already in place. and others to manage security.

packets are then tunneled through the new connection and the client is now connected to the corporate server virtually. and link-layer circuits and per-flow switching. but not the destinations of the packet and the sources.  In Transport mode IPSec leaves the IP packet header unchanged and only encrypts the IP payload to ease the transmission through the Internet. where a tunnel is created without any action from the user. When the packets enter the MPLS. public-key cryptography to guarantee the identities of the two parties to avoid man-in-the-middle attack. Multiprotocol Label Switching (MPLS) uses a label swapping forwarding structure. it is assigned a local label and an outbound interface based on the local forwarding decision. IPSec is focused on Web applications. (Layer two forwarding was also designed for traffic tunneling from mobile users to their corporate server. MPLS operates by making the inter-switch transport infrastructure visible to routing and it can also be operated as a peer VPN model for switching a variety of link-layer and layer 2 switching environments. IPSec here adds an encapsulating security payload at the start of the IP packet for security through the Internet. the client dials up to the ISP and makes a PPP session. It is a hybrid architecture which attempts to combine the use of network layer routing structures and per-packet switching. and without allowing the user to choose a tunnel. When the IPSec packet arrives at the encryption agent.  In tunnel model. The payload header provides the source and destination addresses and control information. Layer Two Tunneling Protocol (L2TP) exists at the data link layer of the OSI model. to contact with the destination remote access server (RAS). It sits between IP at the network layer and TCP/UDP at the transport layer. The new IP packet only identifies the destination’s encryption agent. A L2TP tunnel is dynamically established to a predetermined end-point based on the Network Access Server (NAS) negotiation with a policy server and the configured profile. After contact is made with the RAS. the client dials again to the same PPP session. but it can be used with a variety of applicationlayer protocols. L2F also uses PPP authentication methods for dial up users. this allows PPTP to use multiple service providers without any explicit configuration.only established when the individual user request to logon to the server. PPTP tunnels are transparent to the service provider and there is no advance configuration required by the Network Access Server. IPSec can operate in either transport mode or tunnel mode. The forwarding decision is based on the incoming label. and digital certificates for validating public keys. the new encrypted packet is stripped and the original packet continues to its destination. L2TP is a combination of the PPTP and Layer two Forwarding (L2F). L2TP also uses IPSec for computer-level encryption and data authentication.) L2TP uses a compulsory tunneling method. For example. IPSec encrypts the whole packet and adds a new IP packet that contains the encrypted packet. Both parties negotiated the encryption technique and the key before data is transferred. Then. and it also allows a tunnel to support more than one connection. IPSec uses data encryption standard (DES) and other algorithms for encrypting data. intruders can only see where the end points of the tunnel are. where it . L2F is able to work with media such as frame relay or asynchronous transfer mode (ATM) because it does not dependent on IP.

concerns over security and manageability overshadowed the benefits of mobility. The MPLS uses a look up table to create end-to-end transmission pathway through the network for each packet. while others might choose to outsource it to service providers. Packet authentication prevents data from being viewed. data retrieved or viewed by the users. Users who want to access the organization’s network must first log in to the application-level firewall and only allow the information they are authorized for. Packet authentication applies header to the IP packet to ensure its integrity. so that it knows where the packet is heading.determines the next interface and next hop label. the user will have to remember extra set of passwords when they try to login through the Internet. Two commonly used types of firewalls are packet-level firewalls and application-level firewalls. Advantages for using application-level firewall are: users access level control. or why they are being transmitted. The organization should design a network that has a firewall in place on every network connection between the organization and the Internet. Smaller organizations had to consider the additional time and cost associated with providing IT support to employees . 2. When the receiving end gets the packet. Packet-level firewall checks the source and destination address of every packet that is trying to passes through the network. The packet is checked individually through their TCP port ID and IP address. In contrast. and grant permission to certain areas of the resources from the enterprise. User authentication also determines the access levels. Productivity and Cost Benefit In terms of productivity VPN’s have come a long way. It is necessary to verify the identity of users that are trying to access resources from the enterprise network before they are given the access. In the past. access allowances. Application-level firewall acts as a host computer between the organization’s network and the Internet. Only resources that are authorized are accessible. User authentication is used to determine authorized users and unauthorized users. and resources that are not disabled are available to all users. or modified by unauthorized users. Packet-level firewall only lets the user in and out of the organization’s network only if the users have an acceptable packet with the correspondent source and destination address. Disadvantage of packet-level firewall is that it does not check the packet contents. 3. Management – managing security policies. and protect enterprises from unauthorized access. intercepted. and resources authorization level. In our next section we will discuss how businesses might benefit from a productive VPN and the cost benefits of implementing a VPN. and traffic management VPN’s need to be flexible to a companies management. it needs to check for the header for matching packet and to see if the packet has any error. some companies chooses to manage all deployment and daily operation of their VPN. Appliances – intrusion detection firewalls Firewalls monitors traffic crossing network parameter.

number of remote users. When a company outsources the service provider usually designs the VPN and manages it on the company’s behalf. making it easier to set up global operations. These costs aren’t standard they vary depending on many factors. Even though VPN’s are a cheaper way of having remote users connect to a company’s network over the Internet there are still costs associated with implementing the VPN.Some companies would rather have a service provider install the VPN but have their IT staff monitor the specifics such as . Improves Internet Security – An always-on broadband connection to the Internet makes a network vulnerable to hacker attacks. 2. Some of the typical costs include hardware. ISP subscription fees. Therefore. Outsourced Implementation. Also these decision makers must decide whether to develop their VPN solution in house or to outsource to a total service provider. Many VPN solutions include additional security measures. Boosts Employee Productivity. companies are able to add a virtually unlimited amount of capacity without adding significant infrastructure. network upgrading costs and end user support costs.45% (Gallup Organization and Opinion Research) by eliminating time-consuming commutes and by creating uninterrupted time for focused work.on the move. temporary. 3. VPN’s have become increasingly important because they enable companies to create economical.companies decide that for their needs an in-house solution is all they need.A VPN solution enables telecommuters to boost their productivity by 22% . In House Implementation. size or corporation. with good cause. With these advancements in technology comes better productivity. Middle Ground Implementation. 1. about the possibility that providing mobile workers with remote network access would inadvertently provide hackers with a “back door” entry to corporate information resources. secure communications channels across the public Internet so that mobile workers can connect to the corporate LAN. Larger companies worried. type of network systems already in place and Internet Service Provider source. When it comes to decision making time IT managers or Executive officers should take these costs into consideration.companies can choose to outsource if they are large scaled or lack the IT staff to fully implement an in house VPN.a VPN connects remote workers to central resources.     VPN’s Benefit a company in the following ways Extends Geographic Connectivity. Scales Easily – A VPN allows companies to utilize the remote access infrastructure within ISPs. some of which include. But as end-user technologies like personal digital assistants (PDAs) and cell phones have made mobility more compelling for employees. These companies would rather set up individual tunnels and devices one at a time and once this is established the company can have their own IT staff take care of the monitoring and upkeep. technology advances on the networking side have helped address IT concerns as we saw in the previous section. There are a few ways to approach this topic. such as firewalls and anti-virus checks to counteract the different types of network security threats.

That’s where quality of service comes in. expanding their network in the near future and actually seeing the benefits of using the Internet as the backbone to create Virtual Private Networks (VPN). In the real world where bandwidth is limited and diverse applications from videoconferencing to ERP database lookups must all strive for scarce resources. Traffic engineering could even be used to establish LSPs with particular QoS characteristics between particular pairs of sites.tunnel traffic. the business is migrating from a private network environment to a new model in which information is distributed throughout the enterprise network. In MPLS/BGP VPNs. cost-effective environment. such as: “Do I get acceptable response times when I access my mission critical applications from a remote office?” Acceptance levels for delays vary. QoS becomes a vital tool to ensure that all applications can coexist and function at acceptable levels of performance. QoS (Quality of Service) aims to ensure that your mission critical traffic has acceptable performance. While a user would be willing to put up with a few additional seconds for a file transfer to complete. Thus. the need to extend corporate networks to contractors and partners. where ATM is used as the backbone. Multi-vendor interoperability for VPN is crucial in today’s networking environment due to the nature of business successes. the same user would have less tolerance for similar delays when accessing a database or when running voice over an IP data network. The Future of VPN As more and more businesses demand a higher level of network access. This type of implementation is a compromise between a company and the service provider. as appropriate. What they care about is something more fundamental. An SP may apply either intserv or diffserv capabilities to a particular VPN. Quality of Service (QOS) is a key component of any VPN service. if that is desirable. VPN is designed to meet the demands for information access in a secure. Where an MPLS/BGP VPN spans multiple SPs. After Implementation the company must make sure that it has adequate support for its end users. Quality of Service (QOS) Users of a widely scattered VPN do not usually care about the network topology or the high level of security/encryption or firewalls that handle their traffic. existing L3 QoS capabilities can be applied to labeled packets through the use of the “experimental” bits in the header. through the use of ATM QoS capabilities. The Microsoft Windows operating system has integrated VPN technology that . or. the architecture described may be useful. They don’t care if the network implementers have incorporated IPSec tunnels or GRE tunnels. and the diverse equipment within company networks. The traffic engineering work discussed in is also directly applicable to MPLS/BGP VPNs.

have been adopted IP VPN in their companies. Here is a diagram for U. the more products or demands increase for them on the markets. Table 1. February 2002 According to IDC’s 2001 U. it depends on the ability of intranets and extranets to deliver on their promises.S. More companies will adopt IP VPN services and increasing more demand in the U. Currently very a few companies have been using this VPN and a few companies will plan to use it in the future. Companies with VPN Source: IDC’s 2001 U. Therefore. multi-site.S. Therefore. More then 20 percents of companies will plan to have IP VPN services in the future so those in near future more than 70 percents of companies are going to use IP VPN services. It often involves the purchase of very expensive high-density backbone routers or the use of costly frame-relay services. This means that central resources can be accessed from any site in the organization or from any Internet-connected location around the world. The future is in integrated VPNs which depend on how VPNs industry will improve their unique qualities that will enable consumers to communicate effectively with other consumers.S. contrary . First of all VPN companies must consider to cost saving for servicing of VPNs. a VPN creates a large. IDC #26462. Also. companies with IP VPN.S. The companies for servicing VPN will consider meeting consumer’s demands that is voice over IP and other VPN as VOIP VPN. WAN Manager Survey. WAN manager survey as table 1. However. approximately fifty percents of companies in U. they will earn high profit then spend a lot of money for developing much higher quality VPN.S.helps provide secure. These systems are seldom easy to support and often require specialist skills. The technical problems involved in connecting hundreds of remote sites to a central network are extensive. Demand for VPN has been increasing even though economy is going down and especially IT business companies have not succeeded at present. low-cost remote access and branch office connectivity over the internet. company-wide data network which allows for every device to be uniquely addressed from anywhere on the network. Also many companies have been using IP VPN for remote access as LAN. Generally speaking the more the companies supply cheaper cost of services.

Most of people will continue to use voice communication by telephone that is successfully improving with low costs. VPNs are the source of future services. service providers drew attention to lower-level transport. With VPN businesses now have alternative benefits to offer to their employees. improve. and packet telephony. videoconferencing. service providers team with business customers to meet their networking requirements through virtual private networks (VPNs). such as leased lines and frame relay. VPN’s technology is still developing. they can simplify network operations while reducing capital expenses. employees can work from home. the starting point is to connect widely separated workgroups in an efficient. and have access work related information at anytime. service providers can influence the main technology as a foundation for offering additional services such as application hosting. Companies that previously managed their own communications requirements are uniting with service providers that can help build up. increased profitability. Conclusion VPN is an emerging technology that has come a long way. moneymaking manner. which need to have technology that is able to scale and grow along with them. and the greatest achievement for both service providers and subscribers. The 21st century invites new ways of viewing the communication networks. For most companies. This indicates an opportunity to capture new customers. From an insecure break off of Public Telephone networks to a powerful business aid that uses the Internet as its gateway. and manage their networks on a global scale. Nowadays. . take care of children while still doing productive. and this is a great advantage to businesses. VPN help service providers build customer loyalties while delivering network services that are valuable to their customers' business operations. more of a their demands. From there. When properly implemented. This opens up opportunities for continued growth. most produces are standing on difficult situation for improving VOIP VPN because the voice is a kind of special requirement of low latency and jitter. In the past. VPN will also help to make the possibility of a business expanding its services over long distances and globally. as companies switch from yesterday's data communications strategies to today's more comprehensive at hand solutions.

Is an integrated VPN in your future? Network World. April).pdf Connolly. E. Crawley. John. What is a VPN? Retrieved September 19.isi. Internet VPN Implementation Calls For A Tunnel Trip. 2002. 2002. (2001. 6.employees.htm Next-Generation Networking: The Future of Greater Performance and June). Introduction to VPN: VPNs utilize special-purpose network P. H.htm Sandick.. ( 2002.computerworld. Virtual Private Networks. Retrieved October 1. 2002. 2002. Computer Networking.att. Retrieved September 28. from http://www. Retrieved September 18. from http://www. Retrieved September 14. Understanding Virtual Private Networking. January 21) Ferguson & Huston. September). 2002. 2002. from http://www. (2002. ( Cisco Systems.checkpoint. Retrieved October April 9).com/products/downloads/vpn-1_remote_access. 2002.. December).about.itworld. Retrieved October 25. ADTRAN. (1999).html Dix. R.pdf Internetworking Technologies Handbook. Retrieved October 1. from http://www. from ftp://ftp. Retrieved September 20. Rajagopalan. from http://www. Retrieved September 22.compnetworking.pdf Remote Access VPN Solutions.adtran. (1998.. 2002. from http://www. Check Point Software Technologies Ltd. August).Bibliography A primer for Implementing a Cisco Virtual Private Network. from http://www.txt .. ( (2002. (1998. Taming the VPN. from http://www. Retrieved October 30.00. 2002. from http://www.pdf Salamone. 2002. Cisco Systems. from http://www. A Technology Guide from ADTRAN.internetwk. July). A Framework for QoS-based Routing in the Internet. IDC Analyze the Future.10801.

Businesses Lock In On VPN Outsourcing Options Providers of virtual private network services put a new spin on the outsourcing spiel. 2002. (2001. from http://www. April 3).com/ntserver/techresources/commnet/PPTP/ Retrieved September 20. InformationWeek. Retrieved October 19. 2002. July). International Engineering Consortium. (2000. T. 2002.asp Virtual Private Networks (VPNs)..htm Using Point-to Point Tunneling Protocol. Microsoft.iec. from http://www. Retrieved October International Engineering Consortium. Retrieved September 20.Sweeney.html . from http://www.informationweek.iec.html VPN Technologies: Definitions and Requirements. from http://www.

What is VPN? 2. What are the benefits of remote access VPNs? . What are the difference between remote access VPNs. and Extranet VPNs? 5.Questions 1. What is tunneling? 3. and middle-ground implementation? 4. Intranet VPNs. What is the difference between outsourcing and in-house development.

Sign up to vote on this title
UsefulNot useful