VPNs


 * What is a Virtual Private Network (VPN)?**

A VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. The goal is a service comparable to that offered by a private network established with dedicated, real-world connection such as leased lines (Wang & Poo, 2007, p. 684). VPNs use "virtual" connections routed through the Internet from the company's private network to the remote site or employee (Tyson, 1998-2009). VPNs combine tunneling protocols such as generic routing encapsulation along with encryption technologies and are delivered as a layer 2 or layer 3 service (Lecklider, 2008, p. 54).




 * History**

The term VPN has been associated in the past with such remote connectivity services as the public telephone network and Frame Relay PVCs, but has finally settled in as being synonymous with IP-based data networking. Before this concept surfaced, large corporations had expended considerable resources to set up complex private networks, now commonly called Intranets. These networks were installed using costly leased line services, Frame Relay, and ATM to incorporate remote users. For the smaller sites and mobile workers on the remote end, companies supplemented their networks with remote access servers or ISDN. At the same time, the small- to medium-sized enterprises (SMEs), who could not afford dedicated leased lines, were relegated to low-speed switched services (Cisco Systems, Inc., 2008-2009).

**What are the two common types of VPNs?**


 * Remote−Access **-** Also called a Virtual Private Dial−up Network (VPDN), this is a user−to−LAN connection used by a company that has employees who need to connect to the private network from various remote locations. Typically, a corporation that wishes to set up a large remote−access VPN provides some form of Internet dial−up account to their users using an Internet service provider (ISP). The telecommuters can then dial a 1−800 number to reach the Internet and use their VPN client software to access the corporate network. A good example of a company that needs a remote−access VPN would be a large firm with hundreds of sales people in the field. Remote−access VPNs permit secure, encrypted connections between a company's private network and remote users through a third−party service provider (Cisco Systems, Inc., 2008-2009).
 * Site−to−Site - Through the use of dedicated equipment and large−scale encryption, a company can connect multiple fixed sites over a public network such as the Internet. Each site needs only a local connection to the same public network, thereby saving money on long private leased−lines. Site−to−site VPNs can be further categorized into intranets or extranets. A site−to−site VPN built between offices of the same company is said to be an intranet VPN, while a VPN built to connect the company to its partner or customer is referred to as an extranet VPN (Cisco Systems, Inc., 2008-2009).




 * Tunneling**

Most VPNs rely on tunneling to create a private network that reaches across the Internet. Essentially, tunneling is the process of placing an entire packet within another packet and sending it over a network. The protocol of the outer packet is understood by the network and both points, called tunnel interfaces, where the packet enters and exits the network (Tyson, 1998-2009).


 * Tunneling requires three different protocols:**

(Tyson, 1998-2009)
 * Carrier protocol - The protocol used by the network that the information is traveling over
 * Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP, L2TP) that is wrapped around the original data
 * Passenger protocol - The original data (IPX, IP) being carried




 * What features are needed in a well-designed VPN?**

(Tyson, 1998-2009)
 * Security
 * Reliability
 * Scalability
 * Network management
 * Policy management


 * What are the benefits of a well-designed VPN?**

(Tyson, 1998-2009)
 * Extend geographic connectivity
 * Improve security
 * Reduce operational costs versus traditional WAN
 * Reduce transit time and transportation costs for remote users
 * Improve productivity
 * Simplify network topology
 * Provide global networking opportunities
 * Provide telecommuter support
 * Provide broadband networking compatibility
 * Provide faster ROI (return on investment) than traditional WAN

**References**

Lecklider, T. (2008). Understanding Gained One Layer at a Time. //Evaluation Engineering//, 52-57. Retrieved November 1, 2009, from NCLive database. Tyson, J. (1998-2009). How Virtual Private Networks Work. //How Stuff Works, Inc.//, Retrieved November 1, 2009, from NCLive database. Cisco Systems, Inc. (2008-2009). How Virtual Private Networks Work. Retrieved November 1, 2009, from []. Fitzgerald, J. & Dennis, A. (2009). Business Data Communications & Networking (10th ed.). New Jersey: John Wiley & Sons, Inc. Wang, H. & Poo, G.S. (2007). Load balancing in the provisioning of hose model virtual private networks with multi-path routing. //The Institution of Engineering and Technology//, 1 (McDonald, 2002), 684-692. Retrieved November 1, 2009, from NCLive database. Graphics are courtesy of Yahoo images