Virtual private networks (VPNs) use advanced encryption and tunneling to permit organizations to establish secure, end-to-end, private network connections over a third-party network. The third-party network can be a private service provider network or the public Internet. An organization can connect to the third-party network using a variety of WAN and remote-access technologies, including leased lines, Frame Relay, cable modems, digital subscriber line (DSL), analog modems, ISDN, and so on. Organizations can also use VPNs to connect outside users, such as business partners, customers, resellers, and suppliers. VPNs also support mobile users and telecommuters.
Point-to-point connectivity across the third-party network is typically provided by a tunneling protocol. Tunneling is a technique for encapsulating packets of one protocol inside another protocol. For example, a tunnel can carry IPv4 packets across an internetwork that supports only IPv6. In the context of a VPN, tunneling is used to encapsulate private messages and apply encryption algorithms to the payload.
Tunnels provide a logical, point-to-point connection across a connectionless IP network, enabling application of advanced security features. Encryption is applied to the tunneled connection to scramble data, thus making data legible only to authorized systems. In applications where security and privacy are less of a concern, tunnels can be used without encryption to provide multiprotocol support.
Layer 2 tunneling methods encapsulate at the data link layer of the OSI model. Examples include Point-to-Point Tunneling Protocol (PPTP), Layer 2 Forwarding (L2F), MPLS VPNs, and Layer 2 Tunneling Protocol (L2TP). L2TP is an IETF standard (RFC 2661) that many vendors support for their VPN solutions, including Cisco and Microsoft. The IETF is also developing a new version of L2TP, called L2TPv3. L2TPv3 is emerging as a lightweight yet robust solution for Layer 2 tunneling.
Layer 3 tunneling encapsulates at the network layer. Two examples are IPSec and Cisco's generic routing encapsulation (GRE). If only IP-unicast packets are being tunneled, IPSec is the best choice. GRE is used when multicast, broadcast, and non-IP packets need to be tunneled.
VPN applications for enterprise networks can be divided into two main categories: site to site and remote access. Site-to-site VPNs focus on connecting geographically dispersed offices and are an extension of the classic enterprise WAN. A site-to-site VPN can also add interconnections between multiple organizations, in which case it is sometime called an extranet VPN. Remote-access VPNs focus on remote users and business partners who access the network on an as-needed basis.
Was this article helpful?
What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.