More Cisco Press book chapters from new and classic Cisco Press books.
Rate your favorite Cisco Press books.
The main focus of this chapter is on VPN technology, protocols, and concepts. This chapter presents a comparison of multiprotocol label switching (MPLS), IP security (IPsec), and Secure Socket Layer (SSL) to give you a good understanding about the benefits and shortfalls of choosing each technology for a VPN solution. This is a standalone section that can be read without working through Chapter 1, "The VPN Technology Promise: Secure Access from Anywhere to Anything." Even though this chapter is more technical in nature, it is essential for managers and CIOs of organizations considering deployment of a VPN solution to review this material. The comparisons in this chapter help develop an appreciation for the design considerations, deployment challenges, and management of technology for a successful VPN solution implementation.
Choosing the Right VPN Solution—A Technology Primer
In this technology primer, three technologies are discussed with VPN deployment in mind, and a comparison is provided because the main focus of this Short Cut is making a decision about how to implement a VPN. You can learn specifics about the technology, protocols, and concepts in detail from several other Short Cuts after you've made your initial decisions. This chapter helps you compare key factors for the following three VPN technologies before you make your implementation decision:
MPLS
IPsec
SSL
Note - For a detailed look at MPLS-based VPNs, consider reading MPLS and VPN Architectures, by Ivan Pepelnjak and Jim Guichard.
For a detailed look at IPsec VPNs, consider reading IPSec VPN Design, by Vijay Bollapragada, Mohamed Khalid, and Scott Wainner.
Indicators That MPLS Is a Good Choice
MPLS is essentially a label-switching technology and provides switching at Layer 2 in a time-efficient manner, making delivery of IP packets faster than normal IP routing at Layer 3. In addition, MPLS VPN provides the privacy and quality of service (QoS) of ATM and Frame Relay Layer 2 services, as well as the flexibility, scalability, and connectivity of IP. We can now combine them into a single service for the first time.
The reason we can do this is that MPLS is modeled on label-based forwarding at Layer 3. This essentially provides a foundation for IP value-added services.
MPLS VPNs provide the capability to flexibly group users and services into arbitrary groups with arbitrary services. This is an essential element and is a foundational change to prepare the network infrastructure to deliver IP services in a cost-effective and rapid manner.
Low-cost managed IP services delivery on MPLS VPNs are feasible because lower operational costs allow service providers to deliver private IP services to businesses with required management capabilities.
The following factors help enterprises to determine when to use MPLS:
The company needs SLAs for network operation assurance.
Security needs are met by traffic separation similar to that of Frame Relay or ATM.
Traffic patterns are suited for a partial or full mesh topology.
The enterprise plans to converge its data, video, and voice traffic onto a single network; therefore, delay-sensitive traffic, such as voice, video, or mission-critical data, must receive the necessary QoS.
Implementation is very large or growing.
The enterprise wants to deploy multicast applications.
The enterprise wants to deploy additional value-added applications, such as multimedia conferencing, e-collaboration, or business-process applications such as order fulfillment, enterprise resource planning (ERP), or customer relationship management (CRM).
The enterprise wants to outsource its WAN.
Note - The preceding factors for MPLS VPN are referenced from the following: http://cisco.com/en/US/partner/netsol/ns465/networking_solutions_white_paper0900aecd801b1b0f.shtml