You are on page 1of 14

History of VPN, Technology Overview

Marc Debaerdemaeker BELNET, Network Engineer

History of VPN (1/3) • Virtual Private Network (VPN) = ? • • • • • A private network constructed over a shared infrastructure Virtual: not a separate physical network Private: separate addressing and routing Network: collection of devices that communicate Restricted connectivity is the goal .

secure and reliable communications WAN Leased Lines (64kbps -> 155 Mbps) Frame Relay Network from Provider  Use of PVC  Layer 2 circuits interconnecting customer sites  Fully meshed network  scalability issue  Routing needs to be done by customer .History of VPN (2/3) • Customer facilities across the country or around the world • Maintain fast.

History of VPN (3/3) • Increasing popularity of Internet: Became part of everyday life Means of extending customer networks  Intranet (for company employees)  VPNs (remote employees + distant offices) Increasing importance of IP/MPLS (not ATM/Frame Relay) .

VPN Benefits • lower operational expenses (vs. WAN):  single network (internet) connection => multiple services • extend geographic connectivity • provide global networking opportunities • improve security • simplify network topology .

VPN Technology Overview • Classification of VPNs: 1) Customer Premises VPN Solutions (CPE-VPN)  Tunneling methods 2) Provider-Provisioned VPN Solutions (PP-VPN)  Layer2 <-> Layer 3 .

NetBEUI.Classification of VPNs 1) CPE-VPN • Creation and management of tunnels: customer’s equipment • ISP treats packets from customer as normal IP packets • Tunneling requires 3 different protocols: Carrier  IP Encapsulating  GRE  L2TP  PPTP  IPSec  SSL Passenger protocol: used by the network protocol: wrapped around original data: Protocol: original data  IPX. … . IP.

Example of CPE-VPN: IPSec • Routing performed at CPE • Secure tunnels terminate on customer’s premises • Only CPE must support IPSec • Security services: access control. key management . replay protection. data origin authentication. data encryption. data integrity.

Classification of VPNs 2) PP-VPN • Creation and management of tunnels: provider’s equipment • Typical use of MPLS on provider’s network • Layer 3 versus Layer 2: Layer 3:  Provider’s routers participate in customer’s L3 routing  CE routers advertise their networks to provider  Provider’s routers manage VPN-specific routing tables  Provider’s routers distribute routes to remote sites Layer 2:  Customer maps L3 routing to circuit mesh  Provider delivers L2 circuits to customer  Customer networks are transparent to provider .

LDP) LSR: Label Switch Router (or P router): routers “in the middle” . RSVP. provisioned using Label Distribution Protocols (e.MPLS • Multi Protocol Label Switching • Goal: • bring speed of L2 switching to L3 • Traffic engineering • VPN • Definitions: Label: short. fixed length.g. locally significant identifier located after the Layer 2 header and before any other network layer header Label Switched Path (LSP): a specific traffic path through an MPLS network.

MPLS .

PP-VPNs: Layer 3 • Application: RFC2547bis • Advantages: • Customer: • Offload routing complexity to provider • Focus on core competencies • Provider: • Value-added services • Disadvantages: • Customer: • Less flexibility • No control over L3 routing • Provider: • Increasing load on provider’s infrastructure if number of L3 VPN customers increases .

PP-VPNs: Layer 2 • Circuit Cross-Connect (CCC) • • • • Foundation for MPLS-based L2 VPNs Supports variety of L2 protocols Manually map local identifiers to LSPs Configure 1 LSP per direction/PVC • Draft-Kompella: • L2 VPN created using bidirectional MPLS LSPs • LSPs automatically mapped to L2 circuits • BGP between PE routers to exchange information about VPN member sites • Draft-Martini: • LDP as signaling protocol .

remove or change L2 circuits • L3 drawbacks: • Customer • Less flexibility • No control over L3 routing • Provider: complex management if # L3VPN customers increases • L2 drawbacks: • Customer: routing expertise necessary • Uniform circuit type .PP-VPNs: Layer 3 vs Layer 2 • L3 advantages: • Customer • Offload routing complexity • Focus on core competencies • Provider: value-added services • L2 advantages: • Customer: • Outsource L2 circuits • Maintains routing control • Use any L3 protocol • Provider: easy to add.