• United States

Multipoint IPSec networking available from Cisco

Apr 29, 20042 mins
Cisco SystemsNetwork Security

* IPSec enhancement could be boon to VoIP

Last time, we offered up a refresher about IP VPN terminology. Our motivation was the fact that managed VPN services are on the rise, and most of the people we talk to throw the term around loosely – even though they might be referring to different types of networks.

We mentioned that a VPN might or might not use encryption. This factor depends on the service offered and the degree of privacy required by each customer. If encryption is used to “scramble” traffic so that it cannot be sniffed and interpreted in transit, there are several types of encryption that can be used. Among the most common are Secure Sockets Layer (SSL), embedded in most Web browsers, and IP Security (IPSec) Data Encryption Standard and 3DES. 

IPSec is inherently a point-to-point IP-based technology, working well for remote workers connecting to a hub site. Note, though, that Cisco recently rolled out a “multipoint” configuration for IPSec that brings the meshed benefits of IP to IPSec tunnels. The company’s Dynamic Multipoint VPN (DMVPN) capability allows remote sites using IPSec encryption to communicate directly to multiple other IPSec sites. 

DMVPN bodes well for VoIP between remote sites, given voice’s sensitivity to latency. Hub-and-spoke topologies introduce latency by adding an extra hop between sites. Extra rounds of encryption/decryption would add still more latency.

To push VoIP out to remote sites using the public Internet with Cisco gear, you’d likely want to also use the company’s “V3PN” capability (for “voice and video VPN”). V3PN allows users to get both quality of service (QoS) and security out of the public Internet (well, the QoS will be there once the ISPs offer differentiated services).

V3PN marks voice and video packets as high priority and displays the priority in the IPSec header, rather than encrypting the QoS marking and rendering it useless. All Cisco devices between the source and destination recognize the QoS marking and send VoIP traffic to the low-latency queue in Cisco routers.