commonly returned from the remote machine to
the local machine, see Figure 19. The Telnet rec-
ommended setting is ToS = 1000, i.e. minimis-
ing delay [RFC1700].
Another traditional application is the file transfer
protocol (FTP). By this a user can log onto a
remote machine and handle files (in addition to a
few limited commands). FTP may establish sev-
eral TCP connections, e.g. one for control and
another for data transfer (Telnet can then be used
for the control session).
The FTP recommended setting is ToS equal to
1000 for control and 0100 for data flow (max-
imise throughput for the data flow).
7.2 Virtual Private Networks –
Provider-based
7.2.1 Overview
A Virtual Private Network (VPN) refers to an
interconnection of customer sites, making them
appear like a common network, where the inter-
connection is done by using resources in a
shared (public) network. A framework for VPN
is described in [RFC2764]. There the term VPN
refers to the emulation of a private Wide Area
Network (WAN) facility using IP facilities
(including the public Internet or private IP back-
bone). Hence, the VPN is considered as a con-
nectivity object, where hosts/terminals are
attached.
The logical structure of the VPN, like address-
ing, reachability and access control, is the same
as if the sites were connected by private lines.
A provider-provisioned VPN refers to a VPN
where the service provider participates in man-
agement and provisioning of the VPN.
An illustration is given in Figure 20, containing
Customer Edge (CE) devices, Provider Edge
(PE) routers and Provider (P) routers. In several
cases, customers may use private addressing
space, implying that IP addresses would not be
globally unique. This means that a PE router that
connects several different customer networks
might have different addressing schemes for
each network (unless the tunnelling is started in
the CE devices). The use of tunnelling is further
advocated by a level of isolation between the
packets from different customer networks hav-
ing to be maintained.
Two main types of VPNs are described in
[ID_ppvpnfw]:
- CPE-based VPN (Customer Premises Equip-
ment): Knowledge of the customer network is
only given in the customer equipment, hence
the service provider is not aware of it. Then,
the customer network is supported by tunnels
set up between CPEs.- Network-based VPN: Routers in the SP net-
work provides the VPN, which may allow for
hiding the VPN from the customer equipment.
Then, the customer networks are supported by
tunnels set up between PE routers.
The network-based VPNs are commonly
referred to as provider-provisioned VPNs.
Depending on the interconnection offered to the
customer sites, at least three types can be identi-
fied: BGP-VPNs, VPNs based on virtual routers,
and port-based VPNs. The latter refer to layer 2
(or layer 1) interface, like Frame Relay, ATM,
SDH, etc.Figure 18 Client-server
message exchange principlesclient serveri) Request (client port, server port)
ii) Response (server port, client port)well-
known
port at
serverFigure 19 Telnet session between client and serverTelnet
clientTelnet
serverkeystrokes network responseFigure 20 Illustration of VPNcustomer
management
functionnetwork
management
functionCE device
(VPN a)P
routerPE
routerPE
routerCE device
(VPN b)CE device
(VPN a)CE device
(VPN b)VPN tunnelsaccess
networkSP network
(single or multiple domains)access
network