Virtual Private Networks: Internet Protocol (IP) Based
Applications of IP Virtual Private Networks
The public Internet plays an important role in many enterprises. Users can exchange information with individuals anywhere in the world via e-mail, Web sites, transaction systems, file sharing, and file transfer. Furthermore, the Internet is a rapidly growing means of conducting business for commercial enterprises. It also provides a means for companies to advertise their goods and services. The Internet can help reduce administrative costs by placing the data entry, verification, and thinktime aspects of order entry and service parameter selection in the hands of the end user.
Drivers for IP-Based Virtual Private Networks
Progress marches ever onward, and the world of networking is no different. Similarly to the way enterprises constructed private data networks over the telecommunications infrastructure developed for telephony, the industry is developing a new wave of technologies, overlaying the basic suite of Internet protocols, to construct VPNs. When the public network infrastructure of a VPN matches that of the enterprise equipment, then significant savings can occur. This is a recurring theme in the history of communication networks, with the Internet simply the latest frontier.
Introduction to Virtual Private Networks Technologies
A VPN attempts to draw from the best of both the public and the private networking worlds. Such a network is private in the sense that the data an enterprise transfers over the VPN is separated and/or secure from that of other enterprises or the public. It is virtual in the sense that the underlying public infrastructure is partitioned to have some level of service for each enterprise. A VPN is communication between a set of sites making use of a shared network infrastructure, in contrast to a private network, which has dedicated facilities connecting the set of sites in an enterprise.
A Taxonomy of IP-Based Virtual Private Networks
The taxonomy of VPN types is primarily determined by whether the tunnels that provide the service terminate on CE or PE devices. Illustrates the case where the tunnels terminate on the CE. A CE-based VPN is one in which knowledge of the service aspects of the customer network is limited to CE devices. Customer sites are interconnected via tunnels or hierarchical tunnels, as defined in the glossary. The service provider network is unaware of the existence of the VPN because it operates exclusively on the headers of the tunneled packets.
These tunnels may be dedicated to separate VPNs or they may be shared between multiple VPNs by the PEs, which use label stacking to isolate traffic between VPNs. These inner tunnels interconnect an L3 virtual forwarding instance (VFI/VSI) for each VPN instance in a PE switching router. A PE-based L2 VPN provides an L2 service that switches link-layer packets between customer sites using the customer’s link-layer identifiers, for example the Ethernet. A PE-based L3 VPN provides an L3 service that routes packets between customer sites using the customer network’s address space, for example the IP
The CE-based approach is the simplest from the service provider backbone perspective, but it requires a fair amount of configuration and management of the CE. On the other hand, the network-based approach provides greater control of traffic engineering and performance, but it incurs additional complexity in the backbone network to achieve these benefits.