understanding vpn technology choices

Understanding VPN Technology Choices Comparing MPLS, IPSec, and SSL
Background
Telecommunications networks are evolving naturally toward IP-enabled platforms as a different needs. A single enterprise may find requirements for all three, since each technology distinguishers, MPLS enforces traffic separation between multiple VPNs on the same network. has its own strengths and weaknesses. An MPLS VPN offers many advantages from the customer perspective. It’s easy to manage, replacement for private lines. Networks are also converging, since with IP technology, a single network can support both voice and data requirements. These converged networks The MPLS Foundation MPLS is a core enabling technology which supports the definition of a private IP routing highly secure, flexible, scalable and supports both small and large VPN deployments. As mentioned above, it can deliver the QoS functionality that’s needed to support a are easier to manage, and should deliver high availability, network security, scalability and domain on a packet switched network, using label-switched paths. Each packet that converged network of voice, video and data. It provides very robust end-to-end Quality of Service (QoS). traverses an MPLS network carries a label that identifies its VPN membership, where it’s Three basic IP VPN technologies are used today to create network architectures: Multi communications, as long as all the end-points are connected to the carrier’s own network. going, and the importance of the data payload. This supports a concept called Quality of Protocol Label Switching (MPLS), IP Security (IPSec) and Secure Socket Layer (SSL). Service (QoS), which allows some packets to be assigned a higher priority; therefore, An MPLS VPN can easily support various network computing paradigms for network
Many companies are using combinations of these VPN technologies to design unique assuring a higher level of performance. By keeping latency to a minimum, QoS enables applications (such as client-server, peer-to- peer and hub and spoke). MPLS can also solutions that will meet their business needs. Understanding the options will help network a network to handle the more demanding requirements of Voice over IP (VoIP). enable multiple network services on a single network infrastructure (such as Frame Relay, managers make good choices and design an optimized infrastructure that makes the most Ethernet and ATM) where the synergies of L2 and L3 VPN connections may be provided. of the available technology. In concept, an MPLS network is a mesh structure, rather than a traditional hub- and-spoke design. That means it can offer any-to-any connectivity, which allows for very Plus, it supports high-speed access in a “technology agnostic” fashion – different types of IP-aware devices can be integrated easily
•MPLS is the baseline technology that supports a modern converged network, and provides its own built-in level of efficient data transfer and highly dynamic load balancing. into an MPLS platform. That makes network expansion a very straightforward exercise. network security.
•IPSec is a technology that has been adapted from a host-to-host and remote access technology to one that supports As a mesh network topology, MPLS is ideally suited to a carrier or service provider model Perhaps the biggest inherent advantage of MPLS may be the flexibility it brings to that provides connectivity to multiple customers with many sites. While serving multiple disaster recovery. Because MPLS networks can support multiple iterations of the same networking. customers, the network must be configured tohandle enterprise traffic in a unique, secure application, running in physically separate locations, they will always be more robust
•SSL is a technique for providing “client- less” network access by allowing secure transactions through a web browser. and scalable fashion. This is commonly accomplished by setting up the network’s and better able to cope with the loss of a single processing center. own edge devices to recognize and process the traffic appropriately, creating a Virtual MPLS VPNs offer many advantages; however, there are issues that may need to be In some cases, these technologies may be used alone. However, they’re more likely to be combined in some fashion to support Private Network (VPN) within its own system of routers, cable and fiber. Using route addressed. For example, businesses no longer have end-to-end control of routing. Companies need to work closely with their Technology MPLS IPSec SSL Combined Technologies MPLS providers in order to understand how routing decisions will be made in the Encryption ? ¦ ¦ ¦ backbone. Some add-on hardware may be needed to meet special security requirements Multicast ¦ ¦ ? ¦ (such as encryption), or if the MPLS network needs to bridge to a point that lies outside the Any-to-Any ¦ ¦/? ? ¦ Dynamic ¦ ¦ ? ¦ carrier’s network. Finally, customers supporting e-commerce applications may need to implement additional SSL components able Routing Unicast ¦ ¦ ¦ ¦ Encryption to secure credit card transactions made through a web browser. Internet ¦ ¦ ¦ ¦ Remote ? ¦ ¦ ¦ MPLS is becoming the primary technology used for a foundation infrastructure, Access especially for companies that want site-to- site, mesh-style connectivity. It can handle Note: With newer IPSec developments, users may be able to utilize the any-to-any capabilities of MPLS. ?Most likely not a good technology fit for business need ¦ Agood technology fit for business need converged traffic (supporting data, voice and video). MPLS is a good option for enterprises Figure 1 illustrates VPN technology fits for business needs. needing to deploy value-added applications (multimedia, conferencing, e-collaboration) to the MPLS VPN. For industries that are highly regulated, such as banking and health network if the Frame Relay network went down. This second network can provide and business process applications (enterprise resource planning, customer relationship care, IPSec offers an extra level of protection through encryption and authentication. both additional bandwidth under normal circumstances, and an on-demand backup management). Deploying an MPLS network can allow a company to move toward network for emergencies. IP-enabled call centers, providing cost efficiencies and improved customer experience. IPSec enforces data confidentiality by encrypting packets before transmission. It helps ensure IPSec is a good choice for: the integrity of data by authenticating packets, and validates the origin of data by authenticating •Enterprises who need additional security measures beyond traffic separation Let’s take a closer look at how to address some of the issues associated with MPLS VPNs. the source of packets that are received. Finally, IPSec can help prevent attacks by identifying Bridging with IPSec IPSec is complementary to MPLS VPN technologies. Where an MPLS VPN is a aged or duplicate packets. •Enterprises that communicate mostly through hub and spoke IPSec is not a client-less solution. It does require some kind of application driver in •Enterprises who are looking to deploy a solution across an existing network technology for defining private IP network partitions within a packet switched network, hosts or a dedicated device to enable the connection. Each router must be configured IPSec is a technology for defining encrypted and authenticated flows across a packet •Enterprises that need access to geographically disbursed employees to understand all the other routers in the network, which can be a maintenance switched network. It was initially defined as a host-to-host encryption protocol, but has nightmare if there are many locations involved. With IPSec, making structural changes, adding Within the basic IPSec technology, a recent development known as Dynamic Multipoint since evolved into a technology that can support gateway-to-gateway and host-to- new locations or connecting with additional networks will involve a fair amount of VPN (or DMVPN) allows for a “partial mesh” network. Using IPSec, it facilitates the gateway protection.
IPSec is often thought of as a security technique, but in fact, it’s also configuration work. Compared to MPLS, an IPSec network will be harder to manage. creation of dynamic tunnels, which can be brought up and down based on traffic a networking technology. IPSec could be used in addition toMPLS, or instead of MPLS, patterns. However, DMVPN tunnels do not need to be configured at each node, so it’s depending on business needs. Businesses do not always have tochoose between IPSec and MPLS. For example, a an approach that will reduce some of the configuration and maintenance overhead of The key advantage of IPSec is that it provides a way of establishing a VPN connection company with bandwidth limitations in its Frame Relay network would have trouble IPSec. Each spoke has at least one “always up” connection to the hub, which serves as through the Internet. IPSec can be used to extend access to the MPLS VPN by coping with the additional demands of VoIP and video. However, it may establish an the routing database and adjacency server. The hub can also invoke an “on demand” supporting remote users and supply chain partners. It is often used to meet connectivity IPSec network in parallel, and use this second network to support the video or connection to another spoke. A DMVPN approach can improve communication, needs that are outside the MPLS carrier’s space. IPSec can also provide added security voice traffic. In addition, the routers can be configured tofail-over to the IPSec streamline management and lower maintenance cost. processing and memory, as the technology is computing-intensive. Headquarters Branch Office It is important to encrypt and remove any cookies and session information when using Hub SSL clients in public areas. Vendors are beginning to offer technologies to ensure
MPLS MPLS MPLS that employee and corporate data are not left behind in public machines. Even with PE MPLS these limitations, SSL may still play a role in the enterprise environment for companies PE PE Remote Overseas Site(s) that want to offer broad, client-less access to internal systems. The technology is Global MPLS Network VPN Gateway PE PE POP Public Internet POP IPSec best used for short duration access, communication with partners or customers, access to specified company network POP POP POP SSL MPLS resources and browser-based connections from home personal computers or kiosks. SSL Telecommuters at home PCs/kiosk IPSec IPSec Summary To see how all three of these technologies might work together, consider the business European Site
Suppliers/Partners
Power-Telecommuters & SOHO Banking Partner model of an airline. Here, MPLS is ideally suited for the carrier, bringing all the airline’s Figure 2 illustrates how different VPN technology choices can work together. facilities together in a converged mesh design. IPSec components could be added to connect to supply chain partners, travel SSL for the Web SSL, simply put, is a way to provide secure communications through a web browser. It specific information the user should view. In an environment where the IT department agents and others who might need regular and ongoing communications with the has limited control over the end devices, this technology might be the right choice. airline’s internal systems. Finally, an SSL component could support self-service secures connections by authenticating and encrypting traffic between users who are ticketing through a Web site, dealing with the part of the business that needed communicating. SSL is often used as an e-commerce technique, but can also be a SSL can also be used as an add-on to complement an IPSec network, in order to deliver the ubiquitous access needed in a clientless connectivity. tool for controlling remote access. However, it’s not really a networking technology, and is broadly available Extranet. The technology can also be used to access corporate IP-enabled networks are certainly the way of the future, and an MPLS VPN is likely to not designed for site-to-site VPNs. resources from remote kiosks, and reduce the deployment of IPSec software clients. be the network of choice for many large enterprises. The addition of IPSec and SSL The chief advantage of SSL is its ability to establish security in a client-less environment. protocols can reach beyond the limits of the MPLS carrier, and also provide additional SSL has its limitations. It’s reasonably straightforward for web applications, but That’s a serious plus in a world where many people work from home, or want toconnect capabilities on top of an MPLS platform. The intelligent combination of these technologies legacy applications that are less Web savvy may require some downloadable client to corporate networks from Internet cafes. Compared toIPSec, SSL is less cumbersome can cover most situations a company is likely toface. components. SSL-based VPNs do not support applications not coded for SSL, toadminister, and it can still be used as a tunneling technology. With SSL, enterprises such as Telnet, FTP, IP telephony, multicast applications and applications that need Getting informed advice from a networking expert is the right way to start. can limit access to specific Web pages or internal resources, providing entry to only QoS. An SSL server needs adequate
In cities, towns and remote locations, mini satellite dishes point attentively to the Southern sky. Emblazoned with names like DirecTv, ExpressVu, DirecWay, Web Conferencing, iNetVu, Linkstar, XM Satellite Radio, Sirius Satellite Radio iDirect their numbers are growing at an amazing rate. Iridium Satellite Phone is the only provider of truly global satellite voice and data solutions with complete coverage of the earth (including oceans, airways and Polar Regions). Get the latest buzz on Free satellite tv systems - including the features and benefits that make them today's ultimate television viewing experience.(Get Dish) Ever wonder why these satellite dish systems are in such great demand? Does high speed internet service or digital television programming via satellite intrigue you?
If you've never heard of Cheap VoIP, get ready to change the way you think about long-distance phone calls. VoIP, or Voice over Internet Protocol, is a method for taking analog audio signals and turning them into digital data (IP packets) that can be transmitted over the Internet.