Home | Articles | About | Contact | Forum |
Monday, September 26, 2016



Lunarpages.com Web Hosting

Mailing List

E-mail:
By Joining the mailing list you will be notified of site updates.


Show Your Support For
This Site By Donating:











Audience: Self Learners - System Admins
Last Updated: 8/29/2012 9:33:47 PM
**All times are EST**





Types of VPNs

By Erik Rodriguez

This article describes the use of VPN technology. VPNs are used to connect users and networks securely to share data. VPNs are commonly used to allow remote users and offices to access an intranet, server, or other network resource.



What is a VPN?

A VPN (Virtual Private Network) is a way of creating a secure connection to and from a network or computer. VPNs have been used for years, but they have become more robust in recent years. They are more affordable and also much faster. There are many different types of VPNs available. Let's take a look at most common types.

PPTP VPN (Dial-up VPN)

A simple method for VPN is PPTP. It is a software based VPN system that uses your existing Internet connection. By using your existing Internet connection, a secure "tunnel" is created between two points allowing a remote user to connect to a remote network. You can setup this type of connection with various types of software or hardware. Windows Server has a PPTP build-it and you can connect to it via a native VPN client within Windows. Juniper and Cisco also have this ability, but require a 3rd party software to be loaded on remote workstations. There is some overhead associated with this as all data transmitted and received in encrypted. The can be referred to as the poor man's VPN. There is little to no cost to setup this type of VPN, and you can often use your existing equipment and software. It is sometimes referred to as "dial-up VPN" because when the client software connects it looks like it's dialing up.

A newer implenmentation of this concept called an SSL VPN uses HTTPS (port 443) to connect securely via an SSL certificate. Popular SSL VPN solutions include Juniper's JunOS pulse (formerly Network Connect) and Cisco's Anyconnect VPN. SSL VPNs are now the industry standard for "road warrior" corporate VPN access.
PPTP VPN Diagram Click to Enlarge

Site-to-Site VPN

Site-to-site is the same much the same thing as point-to-point except there is no "dedicated" line in use. Each site has it's own internet connection which may not be from the same ISP or even the same type. One may have a T1 while the other only has DSL. Unlike point-to-point, the routers at both ends do all the work. They do all the routing and encryption. This is an easy way to connect two offices without having each user "dail-up" using a PPTP connection. Site-to-site VPNs can work with hardware or software-based firewall devices. On the software side, you can use something like Clarkconnect. On the hardware side, you can have many different devices to choose from. Personally, I use the Juniper SSG firewalls. The technology commonly used with this type of setup is IPsec or GRE. PPTP VPN Diagram Click to Enlarge


Point-to-Point VPN

A traditional VPN can also come as a point-to-point. These are also referred to as "leased-line VPNs." Simply put, two or more networks are connected using a dedicated line from an ISP. These lines can be packet or circuit switched. For example, T1's, Metro Ethernet, DS3, ATM or something else. The main strength of using a leased line is the direct point-to-point connection. It does not go out over the public Internet, so there performance is not degraded by routing problems, latency, and external congestion.

These types of connections can be expensive. A physical "loop" of wire or fiber must be used to connect the destinations. However, these are true point-to-point connections the maximum throughput can usually be achieved. Meaning, a T1 passes data at a full 1.54 Mbps. Leased line point-to-point connections are usually required when two offices need to transfer large amounts of data. The most popular solution today is Metro Ehternet. See the diagram to the right:
PPTP VPN Diagram
Click to Enlarge

MPLS VPNs

MPLS is a true "ISP-tuned" VPN. It requires 2 or more sites connected via the same ISP or an "on-net" connection*. There is a way to configure this using different ISP's or "off-net" but you never get the same performance. I've tried... While it does use your existing Internet connection, tweaks are made by your ISP for performance and security.

MPLS (Multi-Protocol Label Switching) was originally designed to improve the store-and-forward speed of routers. MPLS was created as a team effort on the part of Ipsilon, Cisco, IBM, and Toshiba. These companies worked together as part of the IETF (Internet Engineering Task Force) and MPLS was born. MPLS does perform better than a site-to-site VPN because there is less overhead, and the routing between sites is optimized by static routes from your ISP. Most larger ISPs can even bring your data center (if you have one) into your MPLS network. A real MPLS network should provide ping times between sites in under 10 ms. Traditional site-to-site VPNs can range anywhere from 30 ms (at best) to over 100 ms.
PPTP VPN Diagram Click to Enlarge

Conclusion

The technology powering VPNs is becoming more efficient and more cost effective. If you are looking at VPNs take several things into consideration:
  • Number of users
  • Amount of bandwidth
  • Security
  • Topology
  • Cost
Remember that cheaper is not always better! I've seen many companies go through the VPN process several times because they wanted to take the cheapest route. <-- no pun intended ;)

* On-net refers to a building having a direct connection to an ISPs network. ISPs may share loop to cross-connect to each others network. This would allow a building with a Sprint loop to connect to Level 3. Sprint achieves this by taking their loop and cross-connecting it directly to Level 3's network. This allows a building to be on-net with Level 3, but does not require Level 3 to run copper or fiber directly to the building.

Contact Us

If you found this information useful, click the +1 button



Your E-mail:


Subject:


Type verification image:
verification image, type it in the box

Message:


NOTE: this form DOES NOT e-mail this article, it sends feedback to the author.

TCP vs. UDP
Juniper SRX anti-spam filtering config
Windows Server 2008 Clustering Configuration
Windows 2008 R2 Network Load Balancing (NLB)
Extreme Networks: Downloading new software image
Juniper SRX save config to USB drive
Juniper SRX logout sessions
Extreme Networks Syslog Configuration
Command line drive mapping
Neoscale vs. Decru
Data Security vs. Data Protection
Juniper SRX Cluster Configuration
HOWTO - Create VLAN on Extreme Switch
Using a Non-local Colocation Facility
Linux Server Administration
IT Chop Shops
Flow Viewers: SFLOW, NetFLOW, and JFLOW
Exchange 2007 Back Pressure
IPtables open port for specific IP
Politics in IT Departments
HOWTO - Block Dropbox
Cisco IOS Cheat Sheet
Subnet Cheat Sheet
Design a DMZ Network
How DNS works
Firewall Configuration
Juniper SSG Firewalls
Server Management
Configuring VLANs
Runlevels in Linux
Server Clustering
SONET Networks
The Red Hat Network
Server Colocation
Complicated Linux Servers
Dark Fiber
Data Center Network Design
Firewall Types
Colocation Bandwidth






Copyright © 2002-2016 Skullbox.Net All Rights Reserved.
A division of Orlando Tech Works, LLC
By using this site you agree to its Terms and Conditions.
Contact Erik Rodriguez