Virtual Private Network
What is VPN?
A VPN utilizes public telecommunications networks to conduct private data communications. Most VPN implementations use the Internet as the public infrastructure and a variety of specialized protocols to support private communications through the Internet.
Ø Terminologies to understand how VPNs work.
Ø VPN follows a client and server approach.
Simple Example:
If you have an office with 10 computers and are setup in a network with their own IP address(computer address). Now you are at home and wanted to connect to the office network and wanted to access some file in the office network. Then your home computer needs to be connected over the internet to the office network(using some VPN software setup), so then you can make your home computer work as if it is in the office network. You can access the office files, programs as if you are sitting at home.
Brief history:
As commerce grows, it power expand too many shops or offices crossways the nation plus approximately the world. To stay things organization professionally, the populace working in those locations requires a speedy, safe as well as reliable way to share in order across computer networks. In adding, itinerant employees like salespeople require a in the same way safe plus dependable way to attach to their business's computer network from remote locations.
Single well-liked skill to achieve these goals is a VPN (virtual private network). A VPN is a secret network that uses a public network (generally the Internet) to attach remote sites or users jointly. The VPN uses "effective" connections routed through the Internet from the business's confidential network to the remote site or worker. As a result of by means of a VPN, business makes sure safety measures anybody intercepting the encrypted information can't read it. Let’s see the working of VPN (virtual private network) below.
Latest Technology:
VPN was not the primary technology to make distant connections. More than a few years ago, the mainly wide-ranging way to attach computers among several offices was by using a leased line. Leased lines, such as integrated services digital network, 128 Kbps, are confidential system relations that a telecommunications corporation could lease to its clientele. Leased lines offer a corporation by a way to expand its confidential network further than its instant geographic region. These relations form a single wide-area network (WAN) for the commerce.
Types of Virtual Private Network:
There are basically three types of VPN:
INTRANET:
This type of VPN is usually implemented for commonly structured networks that may span various physical locations. An example would be a network that exists in several buildings connected to a data center or mainframe that has secure access through private lines. These may need strong encryption and strict performance and bandwidth requirements.
REMOTE ACCESS:
Initiated by remote users to connect to their corporate LAN such as employees and telecommuters equipped with laptops that will connect intermittently from many different locations.
EXTRANET:
This type of VPN uses the Internet as its base and deals with a wider scale of users and locations to allow customers and branch offices to access corporate resources across various network types.
Tunneling:
Tunneling is a method of using a network infrastructure to transfer data for one network over another network. The data (or payload) to be transferred can be the frames (or packets) of another protocol. Instead of sending a frame as it is produced by the originating node, the tunneling protocol encapsulates the frame in an additional header. The additional header provides routing information so that the encapsulated payload can traverse the intermediate network.
The encapsulated packets are then routed between tunnel endpoints over the network. The logical path through which the encapsulated packets travel through the network is called a tunnel. After the encapsulated frames reach their destination on the network, the frame is de-encapsulated (the header is removed) and the payload is forwarded to its final destination.
Ø Tunneling includes this entire process (encapsulation, transmission, and de-encapsulation of packets).
Tunneling requires three different protocols.
Ø Passenger protocol: The original data (IPX, NetBeui, IP) that is carried.
Ø Encapsulating protocol: The protocol (GRE, IPsec, L2F, PPTP, L2TP) that is wrapped around the original data.
Ø Carrier protocol: The protocol used by the network over which the information is traveling.
A VPN utilizes public telecommunications networks to conduct private data communications. Most VPN implementations use the Internet as the public infrastructure and a variety of specialized protocols to support private communications through the Internet.
Ø Terminologies to understand how VPNs work.
Ø VPN follows a client and server approach.
Simple Example:
If you have an office with 10 computers and are setup in a network with their own IP address(computer address). Now you are at home and wanted to connect to the office network and wanted to access some file in the office network. Then your home computer needs to be connected over the internet to the office network(using some VPN software setup), so then you can make your home computer work as if it is in the office network. You can access the office files, programs as if you are sitting at home.
Brief history:
As commerce grows, it power expand too many shops or offices crossways the nation plus approximately the world. To stay things organization professionally, the populace working in those locations requires a speedy, safe as well as reliable way to share in order across computer networks. In adding, itinerant employees like salespeople require a in the same way safe plus dependable way to attach to their business's computer network from remote locations.
Single well-liked skill to achieve these goals is a VPN (virtual private network). A VPN is a secret network that uses a public network (generally the Internet) to attach remote sites or users jointly. The VPN uses "effective" connections routed through the Internet from the business's confidential network to the remote site or worker. As a result of by means of a VPN, business makes sure safety measures anybody intercepting the encrypted information can't read it. Let’s see the working of VPN (virtual private network) below.
Latest Technology:
VPN was not the primary technology to make distant connections. More than a few years ago, the mainly wide-ranging way to attach computers among several offices was by using a leased line. Leased lines, such as integrated services digital network, 128 Kbps, are confidential system relations that a telecommunications corporation could lease to its clientele. Leased lines offer a corporation by a way to expand its confidential network further than its instant geographic region. These relations form a single wide-area network (WAN) for the commerce.
Types of Virtual Private Network:
There are basically three types of VPN:
INTRANET:
This type of VPN is usually implemented for commonly structured networks that may span various physical locations. An example would be a network that exists in several buildings connected to a data center or mainframe that has secure access through private lines. These may need strong encryption and strict performance and bandwidth requirements.
REMOTE ACCESS:
Initiated by remote users to connect to their corporate LAN such as employees and telecommuters equipped with laptops that will connect intermittently from many different locations.
EXTRANET:
This type of VPN uses the Internet as its base and deals with a wider scale of users and locations to allow customers and branch offices to access corporate resources across various network types.
Tunneling:
Tunneling is a method of using a network infrastructure to transfer data for one network over another network. The data (or payload) to be transferred can be the frames (or packets) of another protocol. Instead of sending a frame as it is produced by the originating node, the tunneling protocol encapsulates the frame in an additional header. The additional header provides routing information so that the encapsulated payload can traverse the intermediate network.
The encapsulated packets are then routed between tunnel endpoints over the network. The logical path through which the encapsulated packets travel through the network is called a tunnel. After the encapsulated frames reach their destination on the network, the frame is de-encapsulated (the header is removed) and the payload is forwarded to its final destination.
Ø Tunneling includes this entire process (encapsulation, transmission, and de-encapsulation of packets).
Tunneling requires three different protocols.
Ø Passenger protocol: The original data (IPX, NetBeui, IP) that is carried.
Ø Encapsulating protocol: The protocol (GRE, IPsec, L2F, PPTP, L2TP) that is wrapped around the original data.
Ø Carrier protocol: The protocol used by the network over which the information is traveling.
PPTP: (point -to- point tunneling protocol)
PPTP allows multiprotocol traffic to be encrypted and then encapsulated in an IP header to be sent across an organization’s IP network or a public IP network such as the Internet. PPTP encapsulates Point-to-Point Protocol (PPP) frames in IP datagram for transmission over the network. PPTP can be used for remote access and site-to-site VPN connections. PPTP is documented in RFC 2637 in the IETF RFC Database.
PPTP uses a TCP connection for tunnel management and a modified version of Generic Routing Encapsulation (GRE) to encapsulate PPP frames for tunneled data. The payloads of the encapsulated PPP frames can be encrypted, compressed, or both. The following figure shows the structure of a PPTP packet containing an IP datagram.
When using the Internet as the public network for VPN, the PPTP server is a PPTP-enabled VPN server with one interface on the Internet and a second interface on the intranet.
L2TP: (layer 2 tunneling protocol)
L2TP allows multiprotocol traffic to be encrypted and then sent over any medium that supports point-to-point datagram delivery, such as IP, X.25, frame relay, or asynchronous transfer mode (ATM). L2TP is a combination of PPTP and Layer 2 Forwarding (L2F), a technology developed by Cisco Systems, Inc. L2TP represents the best features of PPTP and L2F. L2TP encapsulates PPP frames to be sent over IP, X.25, frame relay, or ATM networks. When configured to use IP as its datagram transport, L2TP can be used as a tunneling protocol over the Internet. L2TP is documented in RFC 2661 in the IETF RFC Database.
L2TP over IP networks uses User Datagram Protocol (UDP) and a series of L2TP messages for tunnel management. L2TP also uses UDP to send L2TP-encapsulated PPP frames as tunneled data. The payloads of encapsulated PPP frames can be encrypted, compressed, or both, although the Microsoft implementation of L2TP does not use MPPE to encrypt the PPP payload.
Advantages and disadvantages:
Advantages:
1. Reduce cost implementation (We don’t need to use lease line/ ISDN/ FR, mobile only need to dial local ISP to connect to branch office)
2. Security (VPN provide strong security mechanism through encryption, authentication etc)
3. Lower cost (Bring down cost of Wan equipment)
4. More Flexible
5. Simple Management
6. Interoperability of devices from multiple vendors
7. Centralized VPN management
8. Easy implementation
9. Easy usability
10. Scalability
11. Performance
12. Bandwidth management
13. Service provider’s infrastructure
14. High availability
Disadvantages:
VPNs historically, the potential pitfalls or "weak spots" in the VPN model can be easy to forget. These four concerns with VPN solutions are often raised.
1. VPNs require an in-depth understanding of public network security issues and proper deployment of precautions.
2. The availability and performance of an organization's wide-area VPN (over the Internet in particular) depends on factors largely outside of their control.
3. VPN technologies from different vendors may not work well together due to immature standards.
4. VPNs need to accommodate protocols other than IP and existing ("legacy") internal network technology.
PPTP allows multiprotocol traffic to be encrypted and then encapsulated in an IP header to be sent across an organization’s IP network or a public IP network such as the Internet. PPTP encapsulates Point-to-Point Protocol (PPP) frames in IP datagram for transmission over the network. PPTP can be used for remote access and site-to-site VPN connections. PPTP is documented in RFC 2637 in the IETF RFC Database.
PPTP uses a TCP connection for tunnel management and a modified version of Generic Routing Encapsulation (GRE) to encapsulate PPP frames for tunneled data. The payloads of the encapsulated PPP frames can be encrypted, compressed, or both. The following figure shows the structure of a PPTP packet containing an IP datagram.
When using the Internet as the public network for VPN, the PPTP server is a PPTP-enabled VPN server with one interface on the Internet and a second interface on the intranet.
L2TP: (layer 2 tunneling protocol)
L2TP allows multiprotocol traffic to be encrypted and then sent over any medium that supports point-to-point datagram delivery, such as IP, X.25, frame relay, or asynchronous transfer mode (ATM). L2TP is a combination of PPTP and Layer 2 Forwarding (L2F), a technology developed by Cisco Systems, Inc. L2TP represents the best features of PPTP and L2F. L2TP encapsulates PPP frames to be sent over IP, X.25, frame relay, or ATM networks. When configured to use IP as its datagram transport, L2TP can be used as a tunneling protocol over the Internet. L2TP is documented in RFC 2661 in the IETF RFC Database.
L2TP over IP networks uses User Datagram Protocol (UDP) and a series of L2TP messages for tunnel management. L2TP also uses UDP to send L2TP-encapsulated PPP frames as tunneled data. The payloads of encapsulated PPP frames can be encrypted, compressed, or both, although the Microsoft implementation of L2TP does not use MPPE to encrypt the PPP payload.
Advantages and disadvantages:
Advantages:
1. Reduce cost implementation (We don’t need to use lease line/ ISDN/ FR, mobile only need to dial local ISP to connect to branch office)
2. Security (VPN provide strong security mechanism through encryption, authentication etc)
3. Lower cost (Bring down cost of Wan equipment)
4. More Flexible
5. Simple Management
6. Interoperability of devices from multiple vendors
7. Centralized VPN management
8. Easy implementation
9. Easy usability
10. Scalability
11. Performance
12. Bandwidth management
13. Service provider’s infrastructure
14. High availability
Disadvantages:
VPNs historically, the potential pitfalls or "weak spots" in the VPN model can be easy to forget. These four concerns with VPN solutions are often raised.
1. VPNs require an in-depth understanding of public network security issues and proper deployment of precautions.
2. The availability and performance of an organization's wide-area VPN (over the Internet in particular) depends on factors largely outside of their control.
3. VPN technologies from different vendors may not work well together due to immature standards.
4. VPNs need to accommodate protocols other than IP and existing ("legacy") internal network technology.