Professional Documents
Culture Documents
VPNS: Reality Behind The Hype: Steven Taylor
VPNS: Reality Behind The Hype: Steven Taylor
Steven Taylor
Distributed Networking Associates
Summer - 1999
Biographical Information - The seminar will be led by Steven Taylor, President of Distributed Networking
Associates and Publisher/Editor in Chief of Webtorials.Com, a premier source of on-line telecommunications
seminars and market research. An independent consultant, planner, author, and teacher since 1984, Mr.
Taylor is frequently quoted in the trade press and is one of the industry's most published authors on high
bandwidth networking techniques. Distributed Networking Associates may be contacted at 2707 Lake Forest
Drive, Greensboro, NC 27408; (336) 288-3858. E-mail: taylor@webtorials.com.
Copyright, 1999 - Distributed Networking Associates. All portions of this presentation are copyrighted by
Distributed Networking Associates and/or the organization credited as the source of information. All forms of
reproduction and/or recording, including photocopying, tape recording, and video taping are strictly prohibited
without the express prior written permission of Distributed Networking Associates. Clipart used may include
images from Corel, Broderbund, and IMSI.
1
VPNs: Reality Behind the Hype
z Overview
z VPN Reference Architectures
z VPN Application Models
z VPN Business Case
z What to Look For in a VPN
z Summary
èOverview
y Definitions
y Technology assumptions
2
What’s a Virtual Private Network (VPN)?
Private Networks
3
Historical Reasons Enterprises
Implemented Private Networks
4
Broadband Packet Service Types
Trailer (opt.)
are becoming widespread
Delimiter
Delimiter
Header
d
and are more similar than y loa
Pa
different
z Key differences:
y Fixed vs. variable packet
length
y Connection vs.
connectionless
z Variable: Frames
y Efficient use of bandwidth
y “Frame Relay” & IP
5
Generic Packet Format: Payload
6
Generic Packet Format: Header
7
Broadband Packet Types
8
VPNs: Reality Behind the Hype
z Overview
èVPN Reference Architectures
y “VPN” legitimately means many different things to
different communities
y Hot marketing term to use
y Define three reference architectures
x Internet Backbone VPN
x Leased Line Replacement VPN
x Enhanced IP VPN
The Internet
9
Internet Backbone VPN Scorecard
VPN Type Strengths Weaknesses
Internet Backbone Price Requires Tunnelling,
Encryption, and
Authentication
Ubiquity Lack of Security
Connectivity No guaranteed QoS
Leased Line Replacement
Enhanced IP
Frame Relay or
ATM Network
10
Leased Line Replacement VPN Scorecard
Switched IP
over FR/ATM
Infrastructure
*MultiProtocol Label Switching (MPLS): Follow-on successor to tag switching and switched IP.
11
Leased Line Replacement VPN Scorecard
VPN Type Strengths Weaknesses
Internet Backbone Price Requires Tunnelling, Encryption, and
Authentication
Ubiquity Lack of Security
Connectivity No guaranteed QoS
Leased Line Replacement Price vs. Leased Line Predefined endpoints
Inherent security Limited dial-up
Well-defined QoS Not glitzy
Multiprotocol
Enhanced IP Great for IP IP Only (without encapsulation)
Secure on backbone Some static definition required
Transparent addressing Needs gateway services for ubiquity &
connectivity
QoS Emerging technology/service
Has IP "Name"
z Overview
z VPN Reference Architectures
èVPN Application Models
y VPNs can address many different applications
y Four application models for matching applications with reference
architectures
x “Road Warrior”
x Fixed-location Telecommuter
x Corporate Intranetwork Transport
x Remote/Branch Office
12
“Road Warriors”
The Internet
13
Corporate Intranetwork Transport
Frame Relay or
ATM Network
14
Application Models and Reference
Architectures
Model Internet-Based VPN Leased Line Enhanced IP VPN
Replacement VPN
“Road Warrior” Great fit Not mobile OK, with dial capability
Fixed-location Good, if enough Seldom economical Excellent, especially if
Telecommuter bandwidth local
Corporate QoS, security, and Great fit OK, depending on
Intranetwork throughput concerns protocol mix
Transport
Remote/Branch Maybe, depends on Good, especially if Good, especially if IP-
Office protocol and multiprotocol Centric
throughput
15
Technology Interworking
z Overview
z VPN Reference Architectures
z VPN Application Models
èVPN Business Case
y From the Enterprise perspective
y From the Carrier perspective
y For each application model
16
Enterprise Perspective: “Road Warrior”
using Internet VPN
z Advantages: z Caveats:
y Incremental business y Nationwide (or worldwide)
revenue service footprint needed
x May justify a premium x May accelerate inter-ISP
versus “residential” coverage arrangements
y Stable, multiple-account x Inter-ISP “settlement”
customer base opportunity
x Reduced (or consolidated) y Could force issue of
sales and support interworking among VPN
services
x Expands the role of the ISP
17
Enterprise Perspective: Fixed Location
Telecommuter
18
Enterprise Perspective: Corporate
Intranetwork Transport using LLR VPN
19
Enterprise Perspective: Remote / Branch
Office using LLR VPN and EIP VPN
20
Bottom Line on Business Case
z Overview
z VPN Reference Architectures
z VPN Application Models
z VPN Business Case
èWhat to Look For in a VPN
y Top ten features
y Enterprises need these for efficient networks
y Carriers need to offer them to be competitive
21
1. Security
z Tunneling/encryption/authentication if Internet-
based or IP-based Enterprise Class
z Connection-oriented backbone provides security for
Leased Line Replacement
y Frame Relay and ATM provide inherent “connectivity
security”
x Paths are pre-defined; misdelivered packets are discarded
z Enhanced IP has inherent security if over a Frame
Relay / ATM backbone
2. Flexibility
22
3. Throughput
z Overhead Considerations
y IP versus Frame Relay
versus ATM overhead
y When does overhead
matter?
z Network Design
y Eliminating “star”
bottlenecks
x E.g., IP “Accelerated” frame
relay
z Any-to-Any Virtual
Topologies Router
y Unlike current Frame Relay
z Eliminating “star”
bottlenecks
y E.g., IP “Accelerated”
frame relay
Router Router
IP Accelerated
Traditional
Frame Relay
23
5. Multiprotocol / Multimedia Support
z Non-IP Data
y E.g., SNA
x Does the customer prefer
DLSw or RFC-1490?
z Voice
y QoS issues
x Absolute delay, Jitter, etc
z Video / Image
y Real-time video has
constraints similar to voice
6. Availability
24
7. Scalability
z Scalable Control
y Core services
y Managed services
y Full outsourcing
z Scalable Complexity
y Private addresses, etc.
z Access Speeds and
Options
y Traditional and non-
traditional from 56 kbps to
OC-n
8. Manageability
z CNM capabilities
y Adds, moves and
changes under the
customer’s control
y Customer-controlled
QoS
y Support for private IP
addresses
z Preserve the “look and
feel” of the private
network
25
9. Service Level Agreements
26
VPNs: Reality Behind the Hype
z Overview
z VPN Reference Architectures
z VPN Application Models
z VPN Business Case
z What to Look For in a VPN
èSummary
Summary
27
Summary
28