Search /
Advanced search  |  Help  |  Site map
Click for Layer 8! No, really, click NOW!
Networking for Small Business
Where's my gigabit Internet, anyway?
Americans cool with lab-grown organs, but not designer babies
IE6: Retired but not dead yet
Enterprise who? Google says little about Apps, business cloud services in Q1 report
DDoS Attackers Change Techniques To Wallop Sites
Can we talk? Internet of Things vendors face a communications 'mess'
AMD's profitability streak ends at two quarters
Michaels says breach at its stores affected nearly 3M payment cards
Exclusive: Google's Project Loon tests move to LTE band in Nevada
H-1B loophole may help California utility offshore IT jobs
How a cyber cop patrols the underworld of e-commerce
For Red Hat, it's RHEL and then…?
Will the Internet of Things Become the Internet of Broken Things?
Kill switches coming to iPhone, Android, Windows devices in 2015
Israeli start-up, working with GE, out to detect Stuxnet-like attacks
Galaxy S5 deep-dive review: Long on hype, short on delivery
Google revenue jumps 19 percent but still disappoints
Windows XP's retirement turns into major security project for Chinese firm
Teen arrested in Heartbleed attack against Canadian tax site
Still deploying 11n Wi-Fi?  You might want to think again
Collaboration 2.0: Old meets new
9 Things You Need to Know Before You Store Data in the Cloud
Can Heartbleed be used in DDoS attacks?
Secure browsers offer alternatives to Chrome, IE and Firefox
Linksys WRT1900AC Wi-Fi router: Faster than anything we've tested


Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

A debate at the Next Generation Networks conference in Boston last week, pitted IPSec VPNs based on equipment placed at each network site, against network-based Multi-protocol Label Switching VPNs that sort traffic into discrete customer streams within a service provider's network.

Neither technology won the debate, but the discussion did reveal strengths and weaknesses of each. These results can prove useful to anyone trying to sort through wide area networking choices.

An IPSec VPN is one that creates encrypted IP tunnels from site to site across a public network. A Multi-protocol Label Switching (MPLS) VPN service assigns each corporate user its own IP space and moves traffic along Layer 2 MPLS flows. Both enable users to create fully meshed networks for less than it would cost to set up private line, frame relay or ATM networks. Some carriers claim they could cut the cost in half.

IPSec VPNs offer several benefits. They require each site to have devices that authenticate users and encrypt and decrypt traffic, which makes these VPNs very secure. Any changes users make to lists of authorized users or security policies take effect immediately because users control all the equipment. They are well suited to supporting remote access for mobile users who may be calling in over insecure networks. Sites can tie into the VPN over plain old Internet access links, which are relatively inexpensive.

The downside is that they require an initial capital outlay for equipment at each site, and they require ongoing management, monitoring and maintenance. Part of this continuing effort includes managing keys that are used to encrypt traffic. As these networks grow, they require more work to manage unless the gear comes with tools to automate policy distribution.

Encapsulating VPN traffic using this method increases packet-header size, and can increase the size of some packets making them so large that they must be fragmented. This can slow down traffic.

But network-based VPNs do have advantages, as well. They require no new network gear as long as each site already has a WAN router, so there is no initial capital outlay.

Network-based services are well suited for multiprotocol traffic because non-IP traffic is readily converted by customer routers. These services can support frame relay, ATM and even Ethernet access lines, as well.

The service provider configures and manages, monitors and maintains the network. The downside of that is these services cost more per month than simple Internet access. Also, users have to wait for the service provider to make any additions or changes to user lists.

As you can see there is no hands-down winner, but knowing these pluses and minuses can help you make a choice.


Tim Greene is a senior editor at Network World, covering virtual private networking gear, remote access, core switching and local phone companies. You can reach him at

Network World VPNs archive
Past newsletters.

MPLS facing slow adoption, despite flurry of market hype
Network World, 11/05/01

Know what you are getting with your IP VPN
Network World, 11/05/01

NetScreen automates VPN policy mgmt.
Network World, 11/12/01

Cisco taps security services partners
Network World, 11/12/01

A grand telework plan
Network World, 11/12/01

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.