What is the VPN connection


During the initial stages of information technologies, telecom carriers used leased lines to provide Layer 2 connections for enterprises. The disadvantages of leased lines are as follows:
  • Constructing leased lines takes a long period.
  • Leased lines require huge investments.
  • Leased lines are difficult to manage.
After the emergence of asynchronous transfer mode (ATM) and frame relay (FR) technologies, telecom carriers begun to use virtual circuits (VCs) to provide point-to-point (P2P) Layer 2 connections for clients. Clients can set up Layer 3 networks and transmit IP data over the P2P Layer 2 connections. Compared with leased lines, VCs are less expensive and can be constructed within a short period. In addition, VCs enable users of different private networks to share the same carrier's network.
Despite their advantages over leased lines, VCs also have their disadvantages:
  • VCs are dependent on media such as ATM or FR. To provide VPN services based on ATM or FR, carriers must construct ATM networks covering all service areas. This implementation results in heavy capital expense.
  • The speed of ATM or FR networks is lower than that required by the Internet.
  • The deployment of ATM or FR networks is complex. To add a site to an existing ATM or FR network, you must modify the configurations of the edge nodes that connect to the site.
Traditional private networks help to boost enterprise profits, but do not meet the requirements for flexibility, security, economy, and scalability. To solve these problems, VPNs, emulated private networks carried over IP networks, have been introduced as a substitution to traditional private networks.
VPNs are virtual communication channels set up over public networks by Internet service providers (ISPs) or network service providers (NSPs).

Characteristics

A VPN has the following characteristics:
  • Privacy
    VPNs and traditional private networks make no difference to users in terms of privacy. VPN resources are separated from bearer network resources and are exclusive to VPN users. In addition, VPNs offer sufficient security measures to protect internal information against external interference.
  • Virtuality
    VPN users communicate with each other over public networks, which are used by non-VPN users at the same time. A VPN is only a logical private network. A public network that carries a VPN is called a VPN backbone network.
The VPN technology can flexibly segment an existing IP network into several logically isolated networks. This feature allows an enterprise to flexibly interconnect or isolate different departments or branches. This feature also facilitates service provisioning. For example, creating a VPN for the IP phone service can solve the problem of inadequate IP addresses while guaranteeing quality of service (QoS).
VPNs, especially Multiprotocol Label Switching (MPLS) VPNs, are highly valued by carriers in terms of providing interworking between enterprises and providing other enhanced services. VPNs have, as never before, become an important means for carriers to provide value-added services (VASs) over IP networks.

Benefits

VPNs offer the following benefits to users:
  • Guaranteed data security
    A VPN provides reliable connections between remote users, branches, business partners, suppliers, and company headquarters to ensure data transmission security. High security is becoming increasingly important as e-business and financial networks converge with communication networks.
  • High cost-effectiveness
    An enterprise can connect its headquarters with branches, personnel on business, and business partners over public networks at low costs.
  • Increased office mobility
    Enterprise employees can access the enterprise network from anywhere and at any time, meeting the increasing demand for office mobility.
  • QoS guarantee
    A QoS-capable VPN, such as an MPLS VPN, can provide users with different levels of QoS guarantee.
VPNs offer the following benefits to carriers:
  • Easy operation
    VPNs increase carriers' profits by improving resource utilization.
  • Flexible configuration
    Carriers can add or delete VPN users by means of software configurations without hardware modifications.
  • Diversified services
    In addition to basic VPN interworking services, carriers can also provide enhanced services, such as network outsourcing, service outsourcing, and customized services.
VPNs allow enterprises to direct less attention to network operation and maintenance and more attention to the achievement of their business goals. This feature enables VPNs to be increasingly popular with enterprises. A carrier can provide multiple types of services, such as best-effort IP services, VPNs, traffic engineering, and differentiated services (DSs), over only one network, reducing network construction, maintenance, and operation costs.
VPNs improve the scalability and flexibility of networks in addition to providing security, reliability, and manageability. Users can enjoy VPN services as long as they have Internet access, regardless of their location.

Classification

With the development of network technologies, the VPN technology is widely applied and many new VPN technologies emerge. VPNs can be divided into different types.

Classification Based on Applications

VPNs are divided into the following types based on applications:
  • Intranet VPN
    An intranet VPN connects the headquarters, branches, regional offices, and mobile personnel of an enterprise over public networks. Intranet VPNs are the extension to or substitute for traditional private networks or other enterprise networks.
    Intranet VPNs can be used by banks and governments to construct their intranets.
    Chain businesses, such as chain stores, storage and logistics companies, and gas station chains, are typical examples of enterprises using intranet VPNs.
  • Extranet VPN
    An extranet VPN extends selected resources and applications from an enterprise network to users outside the enterprise, such as suppliers, business partners, and clients. The extranet VPN is established between enterprises with common interests over public networks.
    An extranet established with traditional leased lines requires complex network management and access control, or even the installation of compatible user-side network devices. Although an extranet can be established in dialing mode, different extranet users must be configured respectively. In addition, an extranet in dialing mode is expensive to construct and maintain, especially if the business partners and customers are scattered far and wide. As a result, many enterprises have given up on extranets, which leads to complex and inefficient business processes between enterprises.
    Extranet VPNs are a solution to the problems of extranets. Similar to intranet VPNs in terms of technical implementation, extranet VPNs are easy to construct and manage. Currently, enterprises generally use VPNs to construct extranets. Extranet VPNs provide better QoS guarantee and higher data transmission security than the Internet. In addition, the extranet VPN owner can configure the access rights of extranet VPN users using firewalls or by other means.

Architecture

The VPN technology is much more complex than the P2P technology. VPN implementation requires construction of network connections between users, which includes network topology planning, route calculation, and maintenance of VPN users joining or leaving. The VPN architecture comprises the following parts:
  • VPN tunnels
    • Establishment of tunnels
    • Management of tunnels
  • VPN management
    • VPN configuration management
    • VPN member management
    • VPN attribute management: management of attributes of multiple VPNs on provider edges (PEs) and differentiation of VPN address spaces
  • VPN signaling protocol
    • Exchange and share of VPN resources between customer edges (CEs) on a VPN
    • VPN member discovery in some applications

Typical Networking

A typical VPN has the following layers:
  • Access layer
    The devices on the access layer provide access services for users. These devices do not need to implement many functions, but must provide many access interfaces. For metropolitan area networks (MANs) in big cities, the access layer needs to provide more functions besides the access function.
    Generally, a CE is dual-homed or multi-homed to access nodes on the access layer. Dual homing can be either physical or logical. In physical dual homing, a CE accesses two nodes over two physical links; in logical dual homing, a CE accesses two nodes that reside on a ring.
  • Convergence layer
    The convergence layer has either a mesh topology or a ring topology.
  • Backbone layer
    The backbone layer must have a full-mesh topology and multi-level backup. The devices on the backbone layer are generally connected through high-speed interfaces.

No comments:

Post a Comment