Site home page
Get alerts when Linktionary is updated
Book updates and addendums
Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)
Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!
Contribute to this site
Electronic licensing info
VPN (Virtual Private Network)
Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.
Private networks have traditionally been built with dedicated leased lines, dial-up lines, or other links such as satellite or microwave. Links are established among remote sites. The links are "private" because no other traffic except the traffic of the company leasing the links crosses the links.
A virtual private network is the creation of private links across public networks such as the Internet. The idea is to create what appears to be a dedicated private link on a shared network using encryption and tunneling techniques. Anybody can create a private connection by encrypting the contents of the traffic being sent across a network, but truly secure VPNs are better built with the cooperation of service providers that can create dedicated paths with guaranteed service levels across their networks.
VPNs are relatively easy in ATM and frame relay networks because the network provider creates virtual circuits across the network that provide dedicated bandwidth and path control for the customer. Traffic is then encrypted by the sender and sent across the virtual circuit. In some cases, the customer outsources all VPN control to the service provider. A short-haul physical link is established to the provider's point of presence and the provider handles all aspects of encryption and path control.
The open environment of the Internet allows anyone to establish a private link by encrypting packets that cross the network. However, the virtual network part of the VPN (as opposed to the private part) requires the cooperation of service providers that can establish virtual circuits using traffic engineering techniques that set up paths with reserved bandwidth. This is possible with MPLS (Multiprotocol Label Switching), which provides traffic engineering for the Internet. As for making the traffic private, IPSec is a good choice.
VPNs across public networks may require the cooperation of a number of providers. For example, if you need a cross-country VPN on a virtual circuit between LA and New York, you may need to enlist the services of several service providers that can cooperatively establish an MPLS path across the Internet.
Before MPLS and IPSec, basic tunneling and encryption schemes were used to build Internet VPNs. L2TP (Layer 2 Tunneling Protocol) is an example of a protocol that encapsulates IP packets in "tunneling" packets that hide the underlying Internet routing structure. L2TP allows users to create what appears to be a local dial-up session into a corporate network across the Internet, thus saving long-distance charges.
Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.