Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
iPhone 5 rumors for the week ending May 18
Cisco's wireless unit shifts emphasis to "mobility"
Comcast ditches flat 250GB bandwidth cap for tiered service approach
Open-source messaging at (nearly) the speed of light
Social media a boon for businesses, but creates security quagmire
Academics propose groundbreaking uses for Watson
With Verizon pushing more into data caps, Sprint touts unlimited option
J*******k: Dirty word disappears from Apple iTunes store
Survey: BYOD sparks enterprise investment in Unified Communication and Collaboration
Privacy advocates fear CISPA
Doctors warned not to use social media with patients
Cisco mobility bundles target BYOD, mobile virtual desktop
iPhone 5 said, again, to have 4-inch display
Ethernet switching gets specialized
'Thelma & Louise,' 'Beetlejuice' star Geena Davis wins major telecom award
/

Know what you are getting with your IP VPN

By Johna Til Johnson
Network World, 11/05/01

Many network managers are considering using IP VPN as enhancements for - or even replacements to - conventional frame relay or ATM WAN services. IP VPNs have advantages, particularly flexibility, dynamic bandwidth and the ability to provide secure connectivity to outside organizations. But not all IP VPNs are created equal.

There are different techniques for delivering these services, each with a unique set of advantages and disadvantages, and each type is appropriate for a different user scenario. Before signing off on an IP VPN, network managers should be sure they understand the pros and cons of the architecture they've selected.

Here are some of the major categories:

  • Customer-premises based, user-defined IP VPNs. With this type, a network manager deploys customer-premises-based equipment (such as from Check Point Software or NetScreen Technologies) that creates and maintains secure tunnels across any provider's IP network (or even the Internet).

    The primary advantages to this approach are flexibility - because users aren't limited to a single provider's network - and security, because these VPNs typically rely on highly secure encryption protocols, such as IP Security (IPSec).

    The primary disadvantage is service quality because traffic may travel across multiple networks. Even when such products are deployed across a single provider's IP network, the provider typically is not aware that the traffic comprises an IP VPN, and provides it with the same "best effort" service quality as it offers any other IP traffic. This type of VPN is best suited for corporate WANs in which the primary traffic type is noninteractive, and as for general extranet connections (such as providing links from one company to another).

  • Customer-premises based, service provider-defined IP VPNs. This approach is similar to the previous one, in that IP VPN devices reside at the customer premises. However, in this case the devices are deployed and managed by the service provider, which promises an improved quality of service for the customer's IP VPN traffic.

    The catch is that there's a direct trade-off between service quality and flexibility. No service provider of which I'm aware will offer to install and manage an IP VPN device that connects to another service provider's network. So in this scenario users lose some of the flexibility they had with the previous one.

    This type of VPN is best suited for corporate WANs with a moderate to considerable amount of interactive traffic, or for extranets with a clearly defined set of players - for example, links between financial services entities.

  • Network-based IP VPNs. In this scenario, a provider creates and maintains IP VPN tunnels within its network. These can be either IPSec or Multi-protocol Label Switching tunnels, or both, and typically rely on products from the likes of Cosine and Shasta to create the tunnels.

    These VPNs are easier for service providers to configure and manage than other types of VPNs, and are generally suitable for the same set of applications as the previous scenario. However, there is one catch: Network-based IP VPNs don't always use encryption. So if users are seeking highly secure connections, this approach may not be an ideal fit.

    • RELATED LINKS

    Johnson is senior vice president and CTO for Greenwich Technology Partners, a network consulting and engineering firm. Her column appears biweekly. She can be reached atjohna@greenwichtech.com.

    More Eye on the Carrier columns


    NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
    Click here to sign up!
    New Event - WANs: Optimizing Your Network Now.
    Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
    Attend FREE
    Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.