VPN Is Virtual Private Network. It Is a Private Network for Voice and Data Built With

VPN Is Virtual Private Network. It Is a Private Network for Voice and Data Built With

ABSTRACT

VPN is virtual private network. It is a private network for voice and data built with carrier services. There are three definitions for VPN Voice VPN, Carrier-based voice/data VPN, Internet VPN. VPN offers a cost-effective alternative for data communication between intra-company offices, inter-company communications and remote access for domestic and international remote user and business partners.

INTRODUCTION

Traditionally, a VPN has been defined as a private network for voice and deter built with carrier services. More recently however, VPN has been defined as a private encrypted tunnel through the Internet for transporting both voice and data between an organizations different site. The different definitions of a VPN are as follows:

Voice VPN : In this scheme a single carrier handles all the voice call switching. The "virtual" in VPN implies that the carrier creates a virtual voice switching network within its switching network.

Carrier based voice data VPN: packet- ftame-and cell-switching networks cam-information in discrete bundles (called packets) that routed through a mesh network of switches to a destination. Many users share the network. Carriers program virtual circuits into the network that simulate dedicated connections between a company's sites. A web of these circuits forms a virtual private network over the carrier's packet-switched network.

Internet VPN: Internet VPN is similar to the carrier based voice-'data VPN excet* that the IP-based Internet is the underlying network.

In today's world, to the industry VPN means only one thing and that is the Internet VPN.

Companies whose facilities are split between two or more locations can connect the locations into single logical network through the use of routers and wide area networking (WAN) technologies. When a circuit-switched network, like the telephone network is used, permanent or switched circuit services are employed to emulate the physical attachment of the two sites for router-to -router packet exchange. Despite the fact that the WAN technologies almost always use shared, "public" communication utilities, the network constructed by such an organization is usually considered "private"

And unlocking the secret to the savings is easy. Just lose the leased lines-and look at the public backbone. By setting up secure virtual private networks (VPN's) over the Internet or other public network, corporate networks can save their company's fistfuls of cash.

Many businesses today use high speed leased lines, Frame Relay Services or dial up digital services (ISDN) to satisfy their data connectivity needs. With the growth of the Internet, a new cost effective alternative has been born.

An Intemet-based VPN uses the public Internet to deliver secure data services for intra-and rater-company communication. VPNs are also a means for companies to take their first step towards Internet-based electronic commerce services (E-commerce).

VPNs offer a cost effective alternative for data communications between intra companies offices (both domestic and international), inter company communications (for Electronic Commerce in the form of file transfer, electronic mail, EDI, web and client server applications), and remote access for domestic and international remote users sand business partners, Industry research estimate that operational cost savings of up to sixty7 percent over equivalent private networks can be realized.

A Virtual Private Network or VPN, is a business-critical wide-area Networking solution enabling an organization to securely and reliably communicate with it offices, business partners, vendors, customers and employees (both local and remote), The flexibility and business critical nature of VPNs enable and organization to scale its business quickly, easily and cost effectively.

VPN REVOLUTION

Virtually:Webster's dictionary defines as "being such practically or in effect, although not in actual fact or name". So for something to be a virtual network, it should act like a network, yet not be one. It's a wonder then that any one could classify only some networks as virtual since all networks are virtual to some extent Perhaps we can make the separation based on physical wiring. If there are real wires among all of the nodes, then network is not virtual. Based on this determination, WANs have been virtual since the Telcos stopped provisioning TI circuit on conditioned copper and started using channelized T3 circuits instead.

Perhaps a better determinant is whether the network connections are on demand or dedicated. An on demand network is made of connections that can be controlled by network administrators, instead of their telecom partners. A network made of connections controlled by a third party like a Teico, ISP or telecom annalist is a dedicated network. At some point in this type of network, administrators lose control of the physical network, sometimes right past the building hubs. Thus, for all practical purposes, on demand networks are built above the network layer because this is the only place accessible to network administrators for their entire network.

Virtual Private Networking technologies provide the medium to use the Public Internet backbone as an appropriate channel for private data communication. With encryption and encapsulation technologies, a VPN essentially carves out of a private passage way through the Internet VPNs will allow remote offices, company road warriors, and even business partners or customers to use the Internet, rather that pricey private lines, to reach company networks.

By replacing expensive private network bandwidth with relatively low cost band width, your company can slash operating costs and simplify communications. You don't need to have 800 lines, run modem pools or pick up long distance charges; employees and business partners simply place local or toll free calls to Internet service providers (ISPs) to make the connection. Setting up VPNs also allows you to reduce in house network management responsibilities. You'll be able to turn much or remote communications burden over to ISPs.

You can also use VPNs to link remote LANs together or giving traveling staffers, work at home employees and business partners a simple way to reach past company firewalls and tap into company resources. Virtual private networks are flexible. They are point to multipoint connections, rather than point to point links. They can be setup or closed down at the network administrators will, making them ideal for shout term projects.

There's realization that the public, packet-based network is far more cost effective than a leased network because you can share the fixed cost among many organization using the circuit The public network provides greater scalability and leverage at a lower cost

A typical TI leased line between a corporation and a local Internet service provider costs $ 400 to $ 5000 per month. But because TI charges amount as distance increases, a TI connection running across the country can cost thousands of dollars each month.

ADVANTAGES:

❖Much cheaper for connecting WANs than 800 NO: s of dedicated TI lines.

❖Provides a encryption and authentication services for a fairly good measure of privacy.

❖Maintenance of the WAN - to -WAN correction is left to Internet Service Providers.

❖Highly flexible; can be set up and taken down very easily.

The working definition that will be the basis for the all discussions in this white paper is that a VPN uses a cxmibination of tunneling, encryption, authentication, and access control technologies and services. VPNs use these technologies to ride traffic over the Internet, a managed IP net work or a provider's backbone. The traffic reaches this back bones using any combination of access technologies including TI, frame relay, ISDN, ATM or dial access.

A VPN utilizes a public telecommunications network as a secure channel for communicating data. A VPN connects remote clients, eg.: laptops used by sales persons out in the field, to companies LAN.

Historically, remote access servers, (RASs), or dial-up networking servers, have provided this type of access. In addition, a VPN can perform in the functions of a wide area network (WAN) by interconnecting two or more LANs through the Internet.

Internet providers (ISPs), equipment vendors, and software developers say they can give you best of both words the security, performance availability and multi protocol support of the private network over the inexpensive and pervasive Internet. It's called virtual private network (VPN), or "extranet" and the technology is currently being considered primarily as means of the extending the reach of private networks for dialing access. But connections with business partners and customers are another important application. And to a lesser extent, VPNs may address location ware traditional private network connections cannot be economically justified. Some vendors and services providers are talking up the idea of replacing existing private network links with VPN links.

TYPES OF VPN

DIAL VPNs

Much of the public discussion surrounding VPN thus far has centered around tunneling. Tunneling however is mealy one component of a complete and robust Dial VPN service architecture. In addition to tunneling techniques supported within the service, any disruption of a dial VPN service must contain a service must contain a description of how the service handles security, as well as network management and administration.

Tunneling:

Dial VPNS are built up on the notion of efficiently and securely tunneling data from one point to another. With tunneling the remote access server warps the user data (payload) inside IP packets, which are routed through the carrier's network or even across multiple networks in the case of the Internet, to the tunnel end point where the tunneled packet is unwrapped and forwarded in its original form. Tunneling is used by corporations shifting there remote access traffic from switched, long distance and regional carriers to ISPs and the Internet Tunneling uses point - to -point session protocol to replace switched connections, linking data address over a routed network. This replaces the linkage of telephone numbers over a switched telephone network. Tunneling allows authorized mobile workers and perhaps authorized customer, to reach your enterprise network any time and from any where. In tandem with authentication technique, tunneling also prevents unauthorized access to your corporate network.

ROUTER - BASED VPNs

Most router vendors have added VPN services to their products. Using VPN - enabled routers, IT managers can send traffic between branch offices over the Internet or a service provider's network. Dial - in users can access the corporate network by tunneling in over a provider's network. There are several advantages to a router - based approach that make it attractive to IT managers. First, adding VPN services to a router is usually a software upgrade. Frequently, the IT manager simply has to download some software from the vender's Website or get a disc from the vendor and install it on an existing router. That is usually the case get with older routers.

New routers often come with VPN services built in to the units software set or even in to the routers operating system. Pricing approaches for the VPN services vary greatly among router vendors. Some through it in for free with the operating system; others charee a fee to make use of the VPN features. Typically, the VPN software add -on for routers includes fire wall, encryption and tunneling capabilities. Some venders link the user authentication to existing authentication servers such as the Remote Authentication Dial - In User Service.

Another advantage of the router - based approach is that there is no need to change the existing network. This can save operational cost, in a couple of ways and thus reduce the total cost of ownership for a VPN.

In some VPN implementations, a dedicated box is needed. This adds to the management task of the IT staff. Installing VPN software on an existing router means no additional Internet working devices are added to the network. Frequently, dedicated VPN devices are not from the same venders that supply routers, switches and hubs. The router based approach where software added means the existing management system can still be used with the VPN. So mere is no need to train IT staffs on new equipment or management system.

While these are all valuable reasons for using a router - based VPN, there are other considerations before selecting this approach.

First, firewall, encryption and tunneling are all done in software, which could cause a problem under heavy traffic loads. A dedicated VPN device or dedicated firewalls would likely delivered higher performance. Of course, it will depend on your specific loads. In many cases, adding software to a router might do the trick.

Software - based VPN services on a router are CPU - intensive - especially when using a high level of encryption such as Triple - DES at high data - transfer rates. If that is what will be doing, hardware add -on dedicated to handling encryption tasks Might be necessary.

The disadvantage to using one of these devices is that it adds to the cost of deploying the VPN, especially if you were looking at a simple software upgrade to start.

Some vendors do not offer add-on encryption hardware devices. In cases where many users or sites are being connection at high - access speeds while using IP Sec tunneling and industrial strength encryption, the VPN tasks may simply use a large portion of the router's processing power.

This can be a major problem. In the extreme, the VPN tasks would consumer so much of the routers processing cycle that there would be a noticeable performance drop. Most IT managers determine in the type of router they need to purchase by specify a certain packet per second performance. If running VPN software on the router cuts the significantly, network response times could suffer as packet quit in queues waiting to be directed to appropriate ports.

This would require the router hardware to be upgraded- So what started out as a relatively economical way to add VPN service to your network-adding software to an existing router-would require the out lay of cash for new equipment

Many IT managers interested in router-based VPNs start with there existing router to prove the concept And as they try pilot project they get a feel for the performance under their user's loads. This will help determine if the existing router is sufficient In some cases it will be. In the others, the IT manager may need to increase the performance of the router.

SOFTWARE - BASED VPNs

Another way to deploy a VPN install is to a straight software-based VPN. Operating system suppliers and several third party vendors offer VPNs applications that perform the encryption, tunneling and authentication services required to link users over a VPN.

Although this is a similar approach to using a router - based VPN, one advantage to a software based VPN is that it allows an IT manager to use existing equipment. This software is installed on an existing server. This means the network configuration remains intact and the same management skills and tools can be used to administer the VPN. Thus there is usually no additional training or management software required to keep the VPN connections up and running.

Another advantage to a straight software-based VPN is that the programs frequently tap existing network operating system authentication services. This can greatly simplify VPN administration by, for e.g., linking VPN access right to already defined user - access privileges.

There are, of course, a few points to consider before using a straight software-based VPN approach. As in the case of a router base VPN, performance may be an issue. Performing VPN encryption and tunneling tasks takes processing power. One problem in evaluating such a VPN approach is that there are no standard matrix of determining exactly what the processing load would be on a server.

The factors that determine the load include the number of simultaneous VPN sessions that need to be supported, the level of encryption of each session, the typing of tunneling used that the rate at which data in being passed over the VPN.

1

Seminar Report

Virtual Private Network

Obviously, connecting hundreds of branch offices with TI lines to a central sight would require much more processing power in the central site than supporting a few dozen telecommuters dialing in to their service providers over analog phone lines.

The consequences of too heavy a load can vary greatly. An IT manager may have to limit the number of simultaneous sessions that are supported, thus living some users unable to connect.

If the VPN software is nmning on a server that supports other applications, the performance of these other applications may suffer as the VPN services take more and more CPU cycles.

In either case, an IT manager may find that a higher performance server would be required. So similar to what could happened with router-based VPNs, what may seem like an inexpensive way to establish a VPN might required the purchase of a new, high-end server.

Top View