VPN Network Design CCIE Coaching Center in Delhi Gurgaon

Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192

Virtual private networks typically are deployed over some kind of shared infrastructure. VPNs are similar to tunnels in that they carry traffic over an existing IP infrastructure. VPN infrastructures include the Internet, ATM/Frame Relay WANs, and point-to-point connected IP infrastructures. A disadvantage of using VPNs over public networks is that the connectivity is best-effort in nature and troubleshooting is also very difficult because you don't have visibility into the service provider's infrastructure.

Figure 6-2 shows VPN connectivity options.

Figure 6-2. VPN Examples

[View full size image]

The three VPN groups are divided by application:

• Access VPN— These types of VPN connections give users connectivity over shared networks such as the Internet to their corporate intranets. Users connect remotely using dialup, ISDN, Cable/DSL, or via wireless hotspots. Remote network connectivity into the corporate network over the Internet is typically outsourced to an ISP, and the VPN clients are supported by the internal help desk. Two architectural options are used to initiate the VPN connections: client-initiated or network access server (NAS)-initiated VPN connections. Client-initiated VPN connections let users establish IPsec encrypted sessions over the Internet to the corporate VPN terminating device. NAS-initiated VPN connections are where users first connect to the NAS and then the NAS sets up a VPN tunnel to the corporate network.
• Intranet VPN— Intranet VPNs or site-to-site VPNs connect remote offices to the headend offices. Generally, the remote sites use their Internet connection to establish the VPN connection back to the corporate headend office. But they could use a VPN tunnel over an IP backbone provided by the service provider. The main benefits of intranet VPNs are reduced WAN infrastructure, lower WAN charges, and reduction in the cost of ownership.
• Extranet VPN— VPN infrastructure for business partner connectivity also uses the Internet or a private infrastructure for network access. Keep in mind that it is important to have secure extranet network policies to restrict the business partners' access.

Overlay VPNs

Overlay VPNs are built using traditional WAN technologies such as Frame Relay and ATM. The service provider provides the virtual circuits to enable connectivity between the locations. The underlying network emulates Layer 3 point-to-point links between sites. Secure VPN tunnels are then built over the IP infrastructure using Generic Routing Encapsulation (GRE) and IPsec protocols. Because the network is secure, the provider has no visibility into the Layer 3 traffic and provides only the transport services. However, this incurs a higher cost because of the bandwidth and virtual circuits needed at each site.

Virtual Private Dialup Networks

Virtual Private Dialup Networks (VPDN) provide remote network access using tunnels over traditional dialup, ISDN, DSL cable, and wireless network access connections. This method involves the ISP terminating network connections and then forwarding the traffic onto the company's corporate network. Virtual tunnels are used between the company sites and the ISP using Layer 2 Forwarding (L2F) or Layer 2 Tunneling Protocol (L2TP) tunnels. Network configuration and security remain under the company's control, not the ISP's.

Peer-to-Peer VPNs

With peer-to-peer VPNs, the service provider plays an active role in enterprise routing. This approach uses modern MPLS VPN technology. Organizations can then use any IP address space, thus avoiding issues with overlapping IP address space. MPLS VPN networks learn routing information from normal IP routing sources; however, they use an additional label to specify the VPN tunnel and the corresponding VPN destination network.

VPN Benefits

The major benefits of using VPNs are flexibility, cost, and scalability. VPNs are easy to set up and deploy in most cases. VPNs enable network access to remote users, remote sites, and extranet business partners. VPNs lower the cost of ownership by reducing the WAN and dialup recurring monthly charges. The geographic coverage of VPNs is nearly everywhere Internet access is available, which makes VPNs highly scalable. In addition, VPNs simplify WAN operations because they can be deployed in a consistent manner.