Scribd
Upload
168 views14 pages

History of VPN, Technology: Marc Debaerdemaeker BELNET, Network Engineer

VPN technology allows for private networks to be constructed over shared public infrastructure like the internet. Early VPNs used leased lines and frame relay networks to connect customer sites, but these did not scale well. The increasing popularity of the internet led to the development of VPNs to allow remote access and connect distant offices more cost effectively. VPNs can be either customer-premises solutions where customers manage tunnels, or provider-provisioned where the provider manages tunnels using MPLS. Provider-provisioned VPNs can operate at layer 2 or layer 3.

Uploaded by

eabhishek222
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
168 views14 pages

History of VPN, Technology: Marc Debaerdemaeker BELNET, Network Engineer

VPN technology allows for private networks to be constructed over shared public infrastructure like the internet. Early VPNs used leased lines and frame relay networks to connect customer sites, but these did not scale well. The increasing popularity of the internet led to the development of VPNs to allow remote access and connect distant offices more cost effectively. VPNs can be either customer-premises solutions where customers manage tunnels, or provider-provisioned where the provider manages tunnels using MPLS. Provider-provisioned VPNs can operate at layer 2 or layer 3.

Uploaded by

eabhishek222
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

History of VPN, Technology Overview

Marc Debaerdemaeker BELNET, Network Engineer

History of VPN (1/3)


Virtual Private Network (VPN) = ?
A private network constructed over a shared infrastructure Virtual: not a separate physical network Private: separate addressing and routing Network: collection of devices that communicate Restricted connectivity is the goal

History of VPN (2/3)


Customer facilities across the country or around
the world Maintain fast, secure and reliable communications
WAN Leased

Lines (64kbps -> 155 Mbps) Frame Relay Network from Provider Use of PVC Layer 2 circuits interconnecting customer sites Fully meshed network scalability issue Routing needs to be done by customer

History of VPN (3/3)


Increasing popularity of Internet:
Became

part of everyday life Means of extending customer networks Intranet (for company employees) VPNs (remote employees + distant offices) Increasing importance of IP/MPLS (not ATM/Frame Relay)

VPN Benefits
lower operational expenses (vs. WAN):
single network (internet) connection => multiple services

extend geographic connectivity provide global networking opportunities improve security simplify network topology

VPN Technology Overview


Classification of VPNs:
1) Customer Premises VPN Solutions (CPE-VPN) Tunneling methods 2) Provider-Provisioned VPN Solutions (PP-VPN) Layer2 <-> Layer 3

Classification of VPNs
1) CPE-VPN Creation and management of tunnels: customers equipment ISP treats packets from customer as normal IP packets Tunneling requires 3 different protocols:
Carrier IP Encapsulating GRE L2TP PPTP IPSec SSL Passenger

protocol: used by the network protocol: wrapped around original data:

Protocol: original data IPX, IP, NetBEUI,

Example of CPE-VPN: IPSec


Routing performed at CPE Secure tunnels terminate on customers premises Only CPE must support IPSec Security services: access control, data origin authentication, replay protection, data integrity, data encryption, key management

Classification of VPNs
2) PP-VPN Creation and management of tunnels: providers equipment Typical use of MPLS on providers network Layer 3 versus Layer 2:
Layer

3: Providers routers participate in customers L3 routing CE routers advertise their networks to provider Providers routers manage VPN-specific routing tables Providers routers distribute routes to remote sites Layer 2: Customer maps L3 routing to circuit mesh Provider delivers L2 circuits to customer Customer networks are transparent to provider

MPLS
Multi Protocol Label Switching Goal:
bring speed of L2 switching to L3 Traffic engineering VPN

Definitions:
Label:

short, fixed length, locally significant identifier located after the Layer 2 header and before any other network layer header Label Switched Path (LSP): a specific traffic path through an MPLS network, provisioned using Label Distribution Protocols (e.g. RSVP, LDP) LSR: Label Switch Router (or P router): routers in the middle

MPLS

PP-VPNs: Layer 3
Application: RFC2547bis Advantages:
Customer: Offload routing complexity to provider Focus on core competencies Provider: Value-added services

Disadvantages:
Customer: Less flexibility No control over L3 routing Provider: Increasing load on providers infrastructure if number of L3 VPN customers increases

PP-VPNs: Layer 2
Circuit Cross-Connect (CCC)
Foundation for MPLS-based L2 VPNs Supports variety of L2 protocols Manually map local identifiers to LSPs Configure 1 LSP per direction/PVC

Draft-Kompella:
L2 VPN created using bidirectional MPLS LSPs LSPs automatically mapped to L2 circuits BGP between PE routers to exchange information about VPN member sites

Draft-Martini:
LDP as signaling protocol

PP-VPNs: Layer 3 vs Layer 2


L3 advantages:
Customer Offload routing complexity Focus on core competencies Provider: value-added services

L2 advantages:
Customer: Outsource L2 circuits Maintains routing control Use any L3 protocol Provider: easy to add, remove or change L2 circuits

L3 drawbacks:
Customer Less flexibility No control over L3 routing Provider: complex management if # L3VPN customers increases

L2 drawbacks:
Customer: routing expertise necessary Uniform circuit type

You might also like