8/7/2019 05ce52

1/12

Virtual Private NetworksVirtual Private Networks

8/7/2019 05ce52

2/12

VPNsVPNs

Definition: A VPN is an emulation of a privatewide area network (WAN) facility using IP

facilities (including the public Internet, or private

IP backbones).

VPNs can be implemented in many ways:

CPE based solutions

Network based solutions

8/7/2019 05ce52

3/12

8/7/2019 05ce52

4/12

Internet Support VPNsInternet Support VPNs

Customer requirements for VPNs

Support for data security

Support for Quality of Service Guarantees

Need some form of IP tunneling

8/7/2019 05ce52

5/12

CPE Vs. Network Based VPNsCPE Vs. Network Based VPNs

Most current VPN implementations are based onCPE devices:

Firewalls

WAN edge routers

Network based solution: VPN is implemented on

network by Internet service provider (ISP)

Some mechanisms leverage tools that are applicable

only to ISPs rather than individual customers running

special CPE devices.

8/7/2019 05ce52

6/12

Different VPN typesDifferent VPN types

Virtual Leased Lines (VLLs) Virtual Private Routed Networks (VPRNs)

Virtual Private LAN Segment (VPLSs)

Virtual Private Dial Networks (VPDNs)

8/7/2019 05ce52

7/12

Virtual Leased Lines (VLLs)Virtual Leased Lines (VLLs)

VLL = IP tunnel forming a point-to-point link toemulate a physical leased line or dedicated

connection.

8/7/2019 05ce52

8/12

VPRNsVPRNs

Benefit: Configuration of the CPE router issimplified. ISP edge router appears to be a

neighbor router.

Forwarding is done at the network layer (Layer 3).

Each customer side CPE router is connected to an

ISP edge router through one or more stub links

(leased lines, ATM or Frame Relay)

Each VPRN supports only a single network layerprotocol.

8/7/2019 05ce52

9/12

VPRN Generic RequirementsVPRN Generic Requirements

Unique VPN identifier to refer to a particular VPN

VPRN membership

configuration

dissemination (directory lookup, explicit management

configuration, piggybacking in routing protocols).

Stub link reachability information

edge router must learn set of addresses/address prefixes

reachable via each stub link.

Each CPE router needs to learn the destinationsreachable by each stub link.

8/7/2019 05ce52

10/12

VPLS: Requirements & RecommendationsVPLS: Requirements & Recommendations

Very similar to VPRNs Unlike VPRNs, CPE nodes can either be bridges

or routers

nature of CPE (bridge Vs router) impacts nature of

encapsulation, addressing, forwarding and reachabilityprotocols within the VPLS.

Advantage: protocol transparency.

Commonality btw VPRNs and VPLSs can be

exploited to reduce complexity.

8/7/2019 05ce52

11/12

VPDNsVPDNs

Support compulsory tunneling a dial or network access server (LAC), extends a PPP

session across a backbone using L2TP to a remote

LNS.

Other issues: Call Routing

Security mechanism

Traffic management

Call multiplexing

Address management

Support for largeMTUs

8/7/2019 05ce52

12/12

SummarySummary

Further standardization efforts needed in defining a generic VPN tunneling protocol

a globally unique VPN identifier

a VPN membership information configuration and

dissemination mechanism

Further study is needed to address

security issues

scalability of membership configuration and

dissemination mechanism