Demystifying VPN’s

A white paper

Created by Mohit Madhok

 Virtual Private Networks (VPN)
What is a VPN?

Virtual Private Network (VPN) is the concept of using the internet as transit for private
network traffic, usually in encrypted form. It is also sometimes referred to as a data
network that uses the Internet rather than leased lines for connections. Security is
guaranteed by means of a tunnel connection in which the entire information packet
(content and header) is encrypted and encapsulated. As it is most commonly defined, a
virtual private network (VPN) allows two or more private networks to be connected over
a publicly accessed network. In a sense, VPNs are similar to wide area networks (WAN)
or a securely encrypted tunnel, but the key feature of VPNs is that they are able to use
public networks like the Internet rather than rely on expensive, private leased lines. At
they same time, VPNs have the same security and encryption features as a private
network, while taking the advantage of the economies of scale and remote accessibility of
large public networks.

How Does a VPN Work?

In a VPN, an organization uses the bandwidth of the Internet to establish private, secure
connections between its remote offices and/or employees. Each of the remote users
connects to the local ISP in the same manner that is used for Internet access: dial-up,
cable, DSL, ISDN, T1 or wireless.

A process called “tunneling” is used to carry the data over the Internet. However,
tunneling alone does not ensure privacy. To secure a tunneled transmission against
interception, all traffic over a VPN is encrypted for safety.

Fig 1: Virtual Private Network (VPN) with tunneling over the internet.

Image courtesy multitech.com

What is Tunneling?

Essentially, tunneling is the process of placing an entire data packet within another packet
(which provides the routing information) and sending it over the Internet. The path
through which the packets travel is called a tunnel. For a tunnel to be established, both
the tunnel client and the tunnel server must be using the same tunneling protocol. The
thing that makes a Virtual Private Network “virtually private” is a tunnel. Even though
you access your network via the internet, you are not really “on” the internet; you are
actually “on” your company network. As with any internet traffic, your VPN tunnel data
packets may take different paths between two endpoints. What makes a VPN
transmission a tunnel is the fact that only the recipients at the other end of your
transmission can see inside your protective encryption shell.

Hence Virtual Private Networks (VPN) enables a business to use the Internet as its own
dedicated network. It allows employees, satellite offices, and select customers, to share
information and perform routine administration tasks, confidentially and securely from
any location. The principal advantages of a VPN over traditional computer network
solutions are:

• Security — all data is encrypted, making it extremely secure

• Cost — replacing private circuits (leased lines) can save a considerable amount of
money on an annual basis
• Flexibility — almost all IP (Internet Protocol) traffic and hence applications can
be routed through a VPN

Types of VPN Deployments:

There are basically three types of VPN’s deployments a) Intranet VPN’s deployed
between internal corporate departments and branch offices. b) Remote Access VPN’s are
between a corporate network and remote and/or mobile employees and c) Extranet
VPN’s which are between a corporation and its strategic partners, customers and
suppliers.

Fig-2 Examples of the three types of VPN deployment

Image courtesy Cisco Systems, Inc.
MPLS-IPVPN Technology

IP-VPN, which, in simplistic terms, essentially brings the reach and flexibility of IP
(Internet Protocol) to the VPN equation. However IP can't tell the difference between
mission-critical data packets and data packets that can wait, which makes it difficult for
service providers to prioritize traffic on their own IP networks. However while traditional
IP networks have no means of labeling, categorizing or monitoring the packets that
traverse them, MPLS(multi-protocol label switching) technology works to solve those IP
shortcomings, placing labels on IP packets and providing that labeling function. And
because MPLS is an overlay protocol it can operate over the top of the IP protocol in the
same network without interference. MPLS is not designed to replace IP. Rather, it is
designed to add a set of rules to IP so that traffic can be classified, marked and policed.

MPLS-equipped networks use MPLS-aware devices known as label edge routers (LERs),
positioned at the network’s edges. These devices are designed to inspect IP packets
entering the network and add MPLS headers, as well as removing the headers from
packets leaving the MPLS network. Inside the boundaries of the MPLS network, devices
known as label switch routers (LSRs) look for an MPLS label on each packet that passes
through them, looking up and following the instructions contained in those labels, routing
them based on a list of instructions.

One of the most obvious advantages of MPLS is that it provides network administrators
with a number of tools for traffic engineering. An MPLS network can offer the same sort
of quality of service guarantees that data transport services like Frame Relay or ATM
can, without requiring the use of any dedicated leased lines. An administrator, for
example, can ensure that VoIP traffic will be routed through the most reliable, highest
performing sections of the network while less critical traffic, such as email, is sent across
the slower sections. The reason MPLS technology is contributing to the rapid growth of
the virtual private networking market is that it provides service providers and network
operators with a simpler means of adding VPN technology to their portfolios, and a
simpler means of provisioning VPNs to their customers. MPLS significantly reduces the
cost of implementation, which in turn reduces the overall cost of VPNs. And reduced cost
is possibly the largest motivator in the migration from more infrastructure-heavy private
networking.

Though MPLS is best suited to the needs of large-scale network operators, its
implementation can benefit a range of network users, from service providers themselves,
to enterprises and even small- and medium-sized businesses, with the ever-increasing
functionality and cost-effectiveness of data transport services.
An enabler for Industry

According to a recent NASSCOM analysis on the ITES-BPO Industry, at the core of

India’s great attraction as an outsourcing destination is its unbeatable value proposition –
PQR (Productivity, Quality and Rate) factor. Therefore IP VPN technology becomes a
very attractive option for the BPO, IT enabled services and software services companies
to bring greater efficiencies to their communications needs, keeping costs under control
and keeping them competitive. Technologies such as MPLS offer excellent cost
efficiencies as it drastically reduces one of the basic input costs for these industries
which are Bandwidth costs. Especially at a time when the cost arbitrage in salaries is
rapidly eroding, and they are under pressure to maintain margins while pricing
competitively in the global market. Moreover MPLS IPVPN technology enables an
organization to have a fully managed virtual private network connecting any number of
end points using private circuits connected to a shared core which can carry four classes
of IP traffic - voice, video, mission critical and standard class data - and is secure,
flexible and scalable.

The Indian Scenario

In India MNCs have been the first adopters of VPN technology as they can connect
seamlessly into the networks of their parent organizations for global efficiencies. As
multinational corporations expand their manufacturing, customer service and sales
operations in India, they are also extending their networks, adding bandwidth and running
ERPs and other applications over their IP VPN networks. Indian companies are also
looking to build regional or global networks with the help of IP-VPN technology as they
expand their operations overseas. There is also increasing interest in IP-VPNs from the
most conservative industry sector - the financial industry. Hitherto, their exacting needs
for reliability and security made them reluctant to trust even part of their data networks to
an outside party, much less a technology based on the same protocol used by the public
Internet. However, after years of successful commercial use, IP-VPNs are starting to win
over the financial sector in India with the growth in online banking and e-commerce.
According to the study done by Frost & Sullivan for the Indian IP VPN market in 2004
the FMCG vertical was an early adopter of the technology followed by the healthcare
segment and as Enterprise in India’s booming economy set up fresh networks to connect
their various locations , they are most likely to opt for MPLS based IP VPN. The growth
of call centers, business process outsourcing, software technology parks, and dedicated
software centers is likely to propel demand for data services in India. The booming retail
industry in India is also using the technology very efficiently to connect their various
outlets, suppliers and corporate offices. The fact that government departments are
turning tech savvy, connecting all the regional offices is likely to be another potential
growth area for IP VPN. Such kind of initiatives using IP VPN technology ultimately
benefits the common man making his/her life that much simpler.
Fig -3: IP VPN Market revenue forecasts (India), 2005-2009. Source: 2004 Frost &
Sullivan Report

Year Revenues ($ Million) Revenue

Growth Rate
(%)
2005 86.2 37.6
2006 113.0 31.5
2007 149.4 32.0
2008 198.8 33.1
2009 266.3 33.9

Fig -4: IP VPN Market share Analysis (India). Source: 2004 Frost & Sullivan Report

Company Market Share (%)

Sify 48.7
HCL infonet 12.3
GTL Ltd 11.9
Comsat Max 6.9
Tata Internet 6.4
Bharti 4.0
BSNL 3.4
Others* 6.4
Total 100

* Note: Others companies include VSNL and Pacific internet

Conclusion

If organizations are planning a VPN deployment they must carefully research a VPN
product so as to determine whether it will provide more than one type of VPN
implementation (Intranet/Extranet/Remote access VPN). However, most organizations
may have many remote offices to connect together securely, along with an increasingly
mobile workforce, and a desire to leverage the internet to get closer to clients and
business partners. Hence the bottom-line would be that while an organization may only
plan to implement one of the three types of VPN’s initially , the VPN solution it selects
should provide the ability to add either or both of the remaining two types seamlessly
easily.

VPN networks are robust, secure, scalable, flexible, cost-effective and easier to maintain
in the long run. They represent the march of technology in terms of a communications
solution for business that is future ready. With a VPN , organizations can see immediate
cost-reduction opportunities in their long distance charges, leased line fees, equipment
inventories (like large bank of modems) and network support requirements The move to
IP-VPN networks will only increase as companies become more interested in voice and
video applications over IP networks. So IP VPNs represent the next generation in terms
of communications networks, and will power the future of business and governance with
the convergence of voice, video and data services over IP networks.

Bibliography

1. “How Virtual Private Networks Work” by Jeff Tyson

2. “Indian ITES BPO Industry : NASSCOM Analysis 2004”
3. “Introduction to MPLS” by Find VPN information and services
4. “Introduction to VPN” a whitepaper by SmoothWall Ltd
5. “Multiprotocol Label Switching (MPLS) Traffic Engineering”- 1992--2002 Cisco
Systems
6. Market Engineering Research for the Indian IP VPN market – Frost & Sullivan
2004
7. “Network World ISP News Report” Newsletter, 01/05/05
8. “Understanding Virtual Private Networking” a technology guide from ADTRAN
9. “Virtual Private Networks: The Basics” by CJIN Security.
10. “What is a VPN?” by Paul Ferguson and Geoff Huston

Mohit Madhok is an MBA graduate from Monash Mt Eliza Business School, Melbourne
Australia with 9 year’s global expertise in Marketing, Sales, Business Development, and
Partnerships/Alliances. He has worked previously with organizations like IBM Canada
and British Airways. He is currently the Marketing Manager for Sify Enterprise Solutions
based out of Chennai. He can be contacted at mohit_madhok@sifycorp.com