As appealing as the idea of
virtual private networking (VPN) is to most network managers, the variety
of potential solutions being pitched by various vendors and industry groups
has many of them confused.
As discussed in last week's article, VPN provides a relatively inexpensive
way to connect telecommuters, mobile workers and remote sites to a home
office LAN. Security, flexibility and interoperability are three critical
design areas.
When studying the protocols being pitched for VPN, network managers
should keep those criteria in mind. VPN protocols are:
Point-to-Point Tunneling Protocol (PPTP), championed by Microsoft
Corp. (this is probably the best known VPN protocol).
Layer 2 Forwarding (L2F) Protocol, developed by Cisco Systems,
Inc.
Layer 2 Tunneling Protocol (L2TP), a combination of the PPTP
and L2F offerings that is supported by multiple vendors.
IP Security (IPSec) protocol under development at the Internet
Engineering Task Force (IETF).
|
Tunneling is an important concept to understand when evaluating VPN
protocols. Tunneling refers simply to the practice of encasing one protocol
in another protocol. In order to carry IPX across a TCP/IP-only network,
for example, the protocol has to be encased in an IP packet.
VPN extends tunneling for security purposes. Specifically, private data
packets are secured using data encryption, authentication or integrity
functions and are then encased in IP packets for transport across the Internet.
Layer 2 or Layer 3?
Two types of VPN tunneling are being proposed: Layer 2 and Layer 3 tunneling.
PPTP, L2TP and L2F fall into the former category and IPSec into the latter.
The goal of Layer 2 tunneling protocols is to transport Layer 3 protocols
such as AppleTalk, IP and IPX across the Internet. To achieve this, the
architects of PPTP and L2F leveraged the existing Layer 2 PPP standard,
which is designed to transport different Layer 3 protocols across serial
links. In these schemes, Layer 3 packets are encased in PPP frames, which
are then encased in IP packets for transport across the Internet.
|