Private networks have traditionally been built with dedicated leased lines, dial-up lines, or other links such as satellite or microwave. Links are established among remote sites. The links are "private" because no other traffic except the traffic of the company leasing the links crosses the links.

A virtual private network is the creation of private links across public networks such as the Internet. The idea is to create what appears to be a dedicated private link on a shared network using encryption and tunneling techniques. Anybody can create a private connection by encrypting the contents of the traffic being sent across a network, but truly secure VPNs are better built with the cooperation of service providers that can create dedicated paths with guaranteed service levels across their networks.

VPNs are relatively easy in ATM and frame relay networks because the network provider creates virtual circuits across the network that provide dedicated bandwidth and path control for the customer. Traffic is then encrypted by the sender and sent across the virtual circuit. In some cases, the customer outsources all VPN control to the service provider. A short-haul physical link is established to the provider's point of presence and the provider handles all aspects of encryption and path control.

The open environment of the Internet allows anyone to establish a private link by encrypting packets that cross the network. However, the virtual network part of the VPN (as opposed to the private part) requires the cooperation of service providers that can establish virtual circuits using traffic engineering techniques that set up paths with reserved bandwidth. This is possible with MPLS (Multiprotocol Label Switching), which provides traffic engineering for the Internet. As for making the traffic private, IPSec is a good choice.

VPNs across public networks may require the cooperation of a number of providers. For example, if you need a cross-country VPN on a virtual circuit between LA and New York, you may need to enlist the services of several service providers that can cooperatively establish an MPLS path across the Internet.

Before MPLS and IPSec, basic tunneling and encryption schemes were used to build Internet VPNs. L2TP (Layer 2 Tunneling Protocol) is an example of a protocol that encapsulates IP packets in "tunneling" packets that hide the underlying Internet routing structure. L2TP allows users to create what appears to be a local dial-up session into a corporate network across the Internet, thus saving long-distance charges.

Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.