Traditional VPNs
· Frame Relay VPN (Layer 2)
· ATM VPN (Layer 2)
CPE-based VPNs
· L2TP and PPTP VPN (Layer 2)
· IPsec VPN (Layer 3)
Provider Provisioned VPNs (PP-VPNs)
· BGP/MPLS VPNs (Layer 2 and 3, RFC 2547bis)
Session based VPN
· SSL VPN (Layer 4 +)
· SOCKS VPN (Layer 4 +)
The traditional VPN technologies have been widely deployed in the field by Service Providers and Enterprises. However, due to their high cost and less features, new VNP technologies such as IPsec VPN, SSL VPN and MPLS VPN are becoming more and more popular. These new VPN technologies are fully compatible with TCP/IP, the choice of technology for data routing and transportation of the world.
The key technology for VPN is the security of data over a public network. The three types of security: authentication, encryption and encapsulation, forms the foundation of virtual private networking. However, authentication, encryption and encapsulation can be performed by many different technologies. In addition, these three sets of technologies can be combined in different ways.
For data encapsulation in VPN, many tunneling technologies are developed, such as Layer 2 Tunneling Protocol (L2TP), Layer 2 Forward protocol (L 2F ) and Point to Point Tunneling Protocol (PPTP). PPTP provides remote users encrypted, multi-protocol access to a corporate network over the Internet. Network layer protocols, such as IPX and NetBEUI, are encapsulated by the PPTP for transport over the Internet. However, PPTP can support only one tunnel at a time for each user. Therefore, its proposed successor, L2TP (a hybrid of PPTP and another protocol, L 2F ) can support multiple, simultaneous tunnels for each user. PPTP and L2TP are the layer 2 VPN technologies from CPE (customer premise equipment) to CPE.
Internet Protocol Security (IPSec), the most widely deployed VPN technology, is a set of authentication and encryption protocols developed by the Internet Engineering Task Force (IETF), to address data confidentiality, integrity, authentication and key management in the IP networks. The IPSec protocol typically works on the edges of a security domain, which encapsulates a packet by wrapping another packet around it. It then encrypts the entire packet. This encrypted stream of traffic forms a secure tunnel across an otherwise unsecured IP network. IPsec is the primary layer 3 VPN technology providing a CPE to CPE tunnel.
SSL/TLS, a technology popularly used for secured communication of web traffic (HTTPS), can also be also used for VPN. SSL VPNs use the highly mature and widespread SSL/TLS protocol to handle the tunnel creation and cryptographic elements necessary to create a VPN. SSL/TLS is much easier to implement than IPSec and provides a simple and well-tested platform. The RSA handshake (or DH) is used exactly as IKE in IPSec, and the SSL crypto library is used to secure the symmetric tunnel after that, again using similar encryption techniques to those protecting IPSec tunnels. This tunnel can pass arbitrary traffic, just like an IPSec VPN.
The VPN technologies popular among service providers are the border gateway protocol/multiprotocol label switching (BGP/MPLS) VPN. BGP/MPLS VPN is introduced t o solve the scal ability problems in the traditional ATM and Frame Relay VPNs. In addition, the MPLS VPN, a connectionless VPN, is fully compatible with the TCP/IP technologies and the Internet world, which has significantly lower cost of deployment and operations. The BGP/MPLS VPN standard is defined in the IETF RFC 2547bis to provide Layer 3 VPN solutions using BGP to carry route information over a MPLS core. This Layer 3 MPLS-VPN solution achieves all of the security of the Layer 2 approach, while adding enhanced scalability inherent in the use of Layer 3 routing technology.
Tidak ada komentar:
Posting Komentar