Internet Protocol Virtual Private Network (IP VPN) is a group of technologies that are widely used by corporations and service providers to provide secured, private and scalable communications with proper QoS, over a public IP based infrastructure such as the Internet and Service Provider shared IP networks. IP VPN is replacing the traditional VPN technologies such as ATM VPN, Frame Relay VPN and TDM based VPN to become the main stream of the VPN services, though interfaces to the existing technologies exist in some cases.
The core technology of VPN is the encapsulation or tunneling algorithms. Primarily, there are three types of IP VPN technologies: IPsec based IP VPN, MPLS based IP VPN and SSL base IP VPN. Different technologies may have different focus of benefits and serve different business purposes. The following are summaries of the three types of technologies, their main applications and limitations:
MPLS based IP VPN: MPLS-based Layer 3 VPNs uses MPLS labeling algorithms and signaling protocols to encapsulate IP packets and distribute VPN-related information. MPLS based IP VPN can seamlessly interface with traditional VPN technologies such as ATM, Frame Relay and TDM etc. It can be an alternative or a complementary VPN solution to the legacy deployment. A primary advantage of MPLS is that it provides the scalability to support both small and very large-scale VPN deployments. It can support end-to-end QoS, rapid faultcorrection of link and node failure, bandwidth protection, and a foundation for deploying additional value-added services. MPLS technology also simplifies configuration, management, and provisioning, helping service providers to deliver highly scalable, differentiated, end-to-end IP based services. The service provider can offer SLAs by enabling MPLS traffic engineering and fast reroute capabilities in the core network. MPLS based IP VNP is a network based VPN technology for site-to-site VPN communications only.
IPsec Based IP VPN: IPSec protocol provides the framework for CPE-based Layer 3 VPNs. IPSec supports 1)Data confidentiality by encrypting packets before transmission; 2)Data integrity through authenticating packets 3)Data origin authentication; 4) Anti-replay; 5) Encapsulating Security Payload (ESP), for confidentiality. IPSec parameters are communicated and negotiated between network devices in accordancewith the Internet Key Exchange (IKE) protocol.The IPSec protocol provides protection for IP packets by allowing network designers to specify the traffic that needs protection, define how thattraffic is to be protected, and control who can receive the traffic. IPSec VPNs is a replacement technology to the traditional VPNs such as leased-line, Frame Relay, or ATM. The advantage of IPSec is that it meets network requirements more cost effectively and with greater flexibility byusing the public IP network such as the Internet and service providers IP-based networks.IPSec is suitable for both site-to-site and remote-access VPNs.
SSL based IP VPN: Secure Sockets Layer (SSL) is for remote-access VPNs, instead of site-to-site VPNs. In the SSL based VPN, the Secure Sockets Layer protocol is used for packet encapsulation and user authentication. SSL provides access to Web-based applications from any location with a Web browser, an Internet connection, and without special clientsoftware. It provides secure connectivity by authenticating the communicating parties and encrypting the traffic that flows between them.SSL-based VPNs only support applications coded for SSL, including standard e-mail clients, Telnet, FTP, IP telephony, multicastapplications, and applications requiring QoS.