VPNVPN

What is VPNWhat is VPN

• An arrangement that provides connections An arrangement that provides connections between: between: – OfficesOffices– remote workers and remote workers and – the Internetthe Internet

• Without requiring a dedicated LineWithout requiring a dedicated Line

• Also known as private networks between sitesAlso known as private networks between sites

VPN-Remote Access, and Interoffice VPN-Remote Access, and Interoffice ConnectionsConnections

• Rational for VPN Between OfficesRational for VPN Between Offices

• Productivity Away from the OfficeProductivity Away from the Office

• VPN TechnologyVPN Technology

Between OfficesBetween Offices

• Shared circuits within the carrier Shared circuits within the carrier networksnetworks

• Adding capacity to a VPN is:Adding capacity to a VPN is:– Simpler than adding a high-speedSimpler than adding a high-speed– Customer needs only high-speed from Customer needs only high-speed from

its building to the carrier’s networkits building to the carrier’s network

Productivity Away from the OfficeProductivity Away from the Office

• Overcomes dial up costs and Overcomes dial up costs and slownessslowness

• Access via a browser to corporate Access via a browser to corporate data bases is the same data bases is the same – at home or at home or – in the officein the office

Newer VPN TechnologyNewer VPN Technology

• VPN Site-to-SiteVPN Site-to-Site– MPLSMPLS– IP VPNsIP VPNs

• Secure Access on VPNs for Remote Secure Access on VPNs for Remote AccessAccess– IPSec (Internet protocol security)IPSec (Internet protocol security)– SSL (Secure socket layer) securitySSL (Secure socket layer) security

Secure Access on VPNs for Remote Secure Access on VPNs for Remote AccessAccess

– IPSec (Internet protocol security) - requires IPSec (Internet protocol security) - requires client software on computersclient software on computers• Established a secure, encrypted link to a security Established a secure, encrypted link to a security

device at the carrier or the enterprise.device at the carrier or the enterprise.– THIS IS TUNNELINGTHIS IS TUNNELING

– SSL (Secure socket layer) security – is a newer SSL (Secure socket layer) security – is a newer VPN method.VPN method.• Access is embedded in browsers so the organizations Access is embedded in browsers so the organizations

are not required to install special client software in are not required to install special client software in each users computer.each users computer.

Rational for VPN Between OfficesRational for VPN Between Offices

• EmployeesEmployees

• Branch OfficesBranch Offices

• Business PartnersBusiness Partners

MPLS (Multiprotocol Label MPLS (Multiprotocol Label Switching)Switching)

– VPNs Everyone-to-Everyone LinkVPNs Everyone-to-Everyone Link

– Classes of Service –Prioritize Particular Classes of Service –Prioritize Particular TrafficTraffic

– Electronic Tags on MPLS packetsElectronic Tags on MPLS packets

– Service ComponentsService Components

VPNs Everyone-to-Everyone LinkVPNs Everyone-to-Everyone Link

• CustomerCustomer provides to SP provides to SP– A list of IP addresses for each site in the A list of IP addresses for each site in the

VPNVPN

• CarrierCarrier uses the list to define a uses the list to define a closed group of users allowed to closed group of users allowed to communicate with each othercommunicate with each other

Classes of Service –Prioritize Particular Classes of Service –Prioritize Particular TrafficTraffic

• Customer chooses 4-5 classes of Customer chooses 4-5 classes of serviceservice– Used to define priorityUsed to define priority– Data, voice, video (low class Data, voice, video (low class high) high)

Electronic Tags on MPLS packetsElectronic Tags on MPLS packets

• MPLS attached tags to packetsMPLS attached tags to packets

• Router reads tags and sets priorityRouter reads tags and sets priority

• Bypass the routing table lookupBypass the routing table lookup

• Good VoIP featureGood VoIP feature

Service ComponentsService Components

• T1 typical to carrierT1 typical to carrier

• Separate access linesSeparate access lines– MPLS (trusted sources)MPLS (trusted sources)– Internet (high levels of security)Internet (high levels of security)

VPNs Everyone-to-Everyone LinkVPNs Everyone-to-Everyone Link

• Mess serviceMess service• MPLS VPN traffic is carried separately from MPLS VPN traffic is carried separately from

public internet traffic to guarantee levels public internet traffic to guarantee levels of service.of service.

• IP VPNs – site-to-site using the public IP VPNs – site-to-site using the public Internet with IPSecInternet with IPSec

• IPSec creates a tunnel for each packetIPSec creates a tunnel for each packet• Tunnel hides the destination IP addressTunnel hides the destination IP address• Scrambles data by encrypting itScrambles data by encrypting it

VPNs for International ConnectivityVPNs for International Connectivity

• IPSec VPNs – Public internet-Based IPSec VPNs – Public internet-Based VPNs for Intersite ConnectionsVPNs for Intersite Connections

• Network-Based IPSec VPNs – over Network-Based IPSec VPNs – over carrier private IP Networkscarrier private IP Networks

IPSec VPNs – Public internet-Based IPSec VPNs – Public internet-Based VPNs for Intersite ConnectionsVPNs for Intersite Connections

• The VPN provider manages the The VPN provider manages the intercountry portion of the networkintercountry portion of the network

• Carrier’s POP refers to the site where its Carrier’s POP refers to the site where its equipment residesequipment resides

• NTT, BT, AT&T, Infonet, MCI, Sprint, NTT, BT, AT&T, Infonet, MCI, Sprint, Equant all offer intercontinental service.Equant all offer intercontinental service.

The EndThe End