|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
|
|
|
Mailing List
|
|
By Joining the mailing list you will be notified of site updates.
|
|
Show Your Support For
This Site By Donating:
|
|
|
|
|
|
|
|
|
|
|
This article describes the use of VPN technology. VPNs are used to connect users and networks securely to share data. VPNs are commonly used to allow remote users and offices to access an intranet, server, or other network resource.
What is a VPN?
A VPN (Virtual Private Network) is a way of creating a secure connection to and from a network or computer. VPNs have been used for years, but they have become more robust in recent years. They are more affordable and also much faster. There are many different types of VPNs available. Let's take a look at most common types.
PPTP VPN (Dial-up VPN)
A simple method for VPN is PPTP. It is a software based VPN system that uses your existing Internet connection. By using your existing Internet connection, a secure "tunnel" is created between two points allowing a remote user to connect to a remote network. You can setup this type of connection with various types of software or hardware. Windows Server has a PPTP build-it and you can connect to it via a native VPN client within Windows. Juniper and Cisco also have this ability, but require a 3rd party software to be loaded on remote workstations. There is some overhead associated with this as all data transmitted and received in encrypted. The can be referred to as the poor man's VPN. There is little to no cost to setup this type of VPN, and you can often use your existing equipment and software. It is sometimes referred to as "dial-up VPN" because when the client software connects it looks like it's dialing up.
A newer implenmentation of this concept called an SSL VPN uses HTTPS (port 443) to connect securely via an SSL certificate. Popular SSL VPN solutions include Juniper's JunOS pulse (formerly Network Connect) and Cisco's Anyconnect VPN. SSL VPNs are now the industry standard for "road warrior" corporate VPN access.
|
Click to Enlarge
|
Site-to-Site VPN
|
Site-to-site is the same much the same thing as point-to-point except there is no "dedicated" line in use. Each site has it's own internet connection which may not be from the same ISP or even the same type. One may have a T1 while the other only has DSL. Unlike point-to-point, the routers at both ends do all the work. They do all the routing and encryption. This is an easy way to connect two offices without having each user "dail-up" using a PPTP connection. Site-to-site VPNs can work with hardware or software-based firewall devices. On the software side, you can use something like Clarkconnect. On the hardware side, you can have many different devices to choose from. Personally, I use the Juniper SSG firewalls. The technology commonly used with this type of setup is IPsec or GRE.
|
Click to Enlarge
|
Point-to-Point VPN
A traditional VPN can also come as a point-to-point. These are also referred to as "leased-line VPNs." Simply put, two or more networks are connected using a dedicated line from an ISP. These lines can be packet or circuit switched. For example, T1's, Metro Ethernet, DS3, ATM or something else. The main strength of using a leased line is the direct point-to-point connection. It does not go out over the public Internet, so there performance is not degraded by routing problems, latency, and external congestion.
These types of connections can be expensive. A physical "loop" of wire or fiber must be used to connect the destinations. However, these are true point-to-point connections the maximum throughput can usually be achieved. Meaning, a T1 passes data at a full 1.54 Mbps. Leased line point-to-point connections are usually required when two offices need to transfer large amounts of data. The most popular solution today is Metro Ehternet. See the diagram to the right:
|
Click to Enlarge
|
MPLS VPNs
MPLS is a true "ISP-tuned" VPN. It requires 2 or more sites connected via the same ISP or an "on-net" connection*. There is a way to configure this using different ISP's or "off-net" but you never get the same performance. I've tried... While it does use your existing Internet connection, tweaks are made by your ISP for performance and security.
MPLS (Multi-Protocol Label Switching) was originally designed to improve the store-and-forward speed of routers. MPLS was created as a team effort on the part of Ipsilon, Cisco, IBM, and Toshiba. These companies worked together as part of the IETF (Internet Engineering Task Force) and MPLS was born. MPLS does perform better than a site-to-site VPN because there is less overhead, and the routing between sites is optimized by static routes from your ISP. Most larger ISPs can even bring your data center (if you have one) into your MPLS network. A real MPLS network should provide ping times between sites in under 10 ms. Traditional site-to-site VPNs can range anywhere from 30 ms (at best) to over 100 ms.
|
Click to Enlarge
|
Conclusion
The technology powering VPNs is becoming more efficient and more cost effective. If you are looking at VPNs take several things into consideration:
- Number of users
- Amount of bandwidth
- Security
- Topology
- Cost
Remember that cheaper is not always better! I've seen many companies go through the VPN process several times because they wanted to take the cheapest route. <-- no pun intended ;)
* On-net refers to a building having a direct connection to an ISPs network. ISPs may share loop to cross-connect to each others network. This would allow a building with a Sprint loop to connect to Level 3. Sprint achieves this by taking their loop and cross-connecting it directly to Level 3's network. This allows a building to be on-net with Level 3, but does not require Level 3 to run copper or fiber directly to the building.
Contact Us
NOTE: this form DOES NOT e-mail this article, it sends feedback to the author.
|
|
|
|
|
|
