Virtual Private Networks

Why VPN

• Fast, secure and reliable communication between remote locations– Use leased lines to maintain a WAN.– Disadvantages

• High Cost

• No flexibility

What is VPN

• Virtual Private Network is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated connection such as leased line, a VPN uses “virtual” connections routed though the internet.

VPN Types

• Remote-access– single remote network device to intranet

• Site-to-site

connect multiple fixed sites over a public network – Intranet -based – Extranet-based

VPN Technologies

• Tunneling

• Authentication

– Identity verification of network system.

• Access Control

– When an access request is presented, resource makes a decision to allow the access request to proceed or not.

– Performed at tunnel endpoints.

Tunneling• Tunneling is the transmission of data intended for use only

within a private, usually corporate network through a public network in such a way that the routing nodes in the public network are unaware that the transmission is part of a private network.

A

C

D

E

F

GH I

B

                

 

Tunnel

Payload

Payload

Original IP Header

New IP Header

Original IP Header

VPN Tunneling Protocols

• Layer 2 tunneling protocols

– A link layer frame is placed into the payload of a protocol data unit(PDU) from some other layer, including another layer 2 frame.

– Tunnel PPP frames through an IP network.

– Point-to-Point Tunneling Protocol (PPTP),Layer 2 Forwarding protocol (L2F), Layer 2 Tunneling Protocol (L2TP).

VPN Tunneling Protocols

• Layer 3 tunneling protocols– A layer 3 frame is placed into the payload of a protocol

data unit(PDU) from some other layer,or another layer 3 packet.

– VPNs within an IP network– IPsec

• Label switching protocol– Label is placed between layer 2 and layer 3 header.– MPLS

Layer 2 tunneling protocol• Tunnel PPP frames through the internet to the home

network.

• Tunneling protocol

– Access concentrator(Client part)

– Network Server(server part)

PPTP

• PPP access by remote computers to a private network through the Internet

1. Remote user dials in to the local ISP network access server using PPP.

PPTP

2. The PAC establishes a control channel (TCP) across the PPP connection and through the internet to the PNS attached to the home network.

PPTP

3. Parameters for the PPTP channel are negotiated over the control channel, and the PPTP tunnel is established.

PPTP

4. A second PPP connection is made from the remote user, through the PPTP tunnel between the PAC and the PNS, and into the private networks NAS.

PPTP

5. IP datagrams or any other protocol’s datagrams are sent inside the PPP frames

L2F

Tunnel is constructed from the service provider.

1. Remote user dials in to the local ISP network access server using PPP/SLIP.

L2F

2. L2F builds a tunnel from the NAS to the private network.

Uses packet-oriented protocol that provides end-to-end connectivity, such as UDP, frame relay, etc. as the encapsulating protocol.

L2F

3. L2F establishes PPP connection between NAS and home gateway.

L2F

4. IP packets are sent over the PPP.

L2TP

Comparison

• Performance

• ISP dependence.

• End-to-end security

IPsec

Payload

Payload

Original IP Header

New IP Header

Original IP Header

Security Header

• Protocol suite

• AH and ESP protocol

• Tunnel mode of operation

• Headers added to original packet.

MPLS

Payload

Payload

IP Header

Link Layer Header

IP Header MPLS

Shim