P1: IXL
Virtual ̇Private WL040/Bidgolio-Vol I WL040-Sample.cls August 14, 2003 17:53 Char Count= 0
580 VIRTUALPRIVATENETWORKS:INTERNETPROTOCOL(IP) BASEDregular basis. Standing still is simply not good enough.
The maturation of computing hardware and the support-
ing software has ushered in the postindustrial informa-
tion age. Now, enterprises need to interconnect employ-
ees, databases, servers, affiliates, and suppliers in a rapidly
changing business environment. Flexibility becomes an
overarching requirement. Those enterprises that do not
adapt will not survive.
Increased competition breeds the need for innovation.
In traditional services and products, new, smaller com-
panies grab market share by offering new and innovative
services more rapidly, or by offering traditional services or
products at a lower cost. The incumbents sometimes cry
foul, claiming that the newcomers are “cream skimming”
the lucrative market segments. The newcomers counter
that the incumbents are the “fat cats,” who have all the
cream. Although some monopolies do exist, either reg-
ulated or de facto, the pace of change is ever accelerat-
ing.
The worldwide adoption of the Web is a great equal-
izer. Even a small enterprise can have a large impact and
presence via the electronic Web that never sleeps. The
user-friendly Web browser with downloadable plug-ins
empowers distribution of new paradigm-shifting applica-
tions within days to weeks. The rapid adoption of elec-
tronic commerce will forever change the way business
operates and government administrates. Enterprises are
rapidly deploying Web-based intranet and extranet tech-
nology to reduce internal costs, in many cases replacing
legacy mainframe-based systems.
Communication networks continue to shrink the dis-
tances between nations, cultures, and time zones. The
introduction of each new type of communication tech-
nology empowers the nearly instantaneous dissemination
of new media types around the globe. Beginning with
the first transatlantic telephone cable in 1956, the speed
of transfer of news and breaking information fell from
days to minutes. Communications satellites ushered in
the era of video and multimedia distribution in the 1960s,
on the heels of the space age. In the late 20th century,
high-capacity fiber optic transoceanic and transcontinen-
tal cables connected the planet, bringing the benefits of
digital transmission to the corridors used by most en-
terprises. This increase in high-performance connectivity
enables enterprises to scale beyond national boundaries,
particularly in the commercial and nonprofit sector, and it
also has an impact on governmental enterprises. Witness
the lowering of national barriers in the European Union,
as an example.
Most enterprises have some sensitive information that
would be of value to competitors or other parties. En-
terprises trust the implicit security in private leased-line
networks. In fact, a major impediment to the adoption
of VPNs is ensuring that this new technology delivers the
level of privacy and security that enterprises have come to
expect from private lines. Toward this end, the fundamen-
tal security requirements of any VPN are the following
(Kosiur, 1998; Schneier, 1995; McDysan, 2000):authen-
tication,validating that originators are indeed who they
claim to be;access control,the act of allowing only au-
thorized users admission to the network;confidentiality,
ensuring that no one can read or copy data transmittedacross the network; andintegrity,guaranteeing that no
one can alter data transferred by the network.
VPN approaches employ different methods to meet
these requirements. These methods are sometimes im-
plicit and sometimes explicit. Security is a fundamental
requirement for customer-edge (CE)-based VPNs operat-
ing over the shared Internet infrastructure. Of course,
good security begins with secure practices. For example,
if the employees of an enterprise leave their user IDs, pass-
words, or encryption keys lying around, then all the secu-
rity technology in the world won’t protect sensitive infor-
mation.
Most enterprises believe that quality of service (QoS),
traffic management, and prioritized or differentiated ser-
vice will become an increasingly important driver in their
evolving communications needs. Some applications, such
as voice and video, require rigid amounts of capacity and
minimum levels of quality to operate acceptably. Other
applications, such as Web browsing, file transfers, and
e-mail, are elastic and can adapt to available capacity to a
certain extent. However, even elastic applications result in
lowered productivity and increase effective cost to the en-
terprise if certain minimum-capacity and -quality guide-
lines are not met. Normally, an enterprise may also need
to prioritize or differentiate between these categories of
applications to handle intervals of congestion.
The primary QoS measures are loss, delay, jitter, and
availability. Voice and video applications have the most
stringent delay, jitter, and loss requirements. Interactive
data applications such as Web browsing and electronic
collaboration have less-stringent delay and loss require-
ments. Non-real-time applications, such as file transfer,
e-mail, and data backup, work acceptably across a wide
range of loss rates and delay. Availability requirements
vary across enterprises.
Capacity, also referred to as bandwidth, is fundamen-
tal to the traffic engineering of a VPN, which is necessary
to deliver the required QoS. Some applications require a
minimum amount of capacity to work at all, for exam-
ple voice and video. The performance of elastic protocols
that adaptively change their transmission rate in response
to congestion in the network improves as the capacity
allocated to them increases. The Internet’s transmission
control protocol (TCP), which carries Web traffic and file
transfers, is an example of an elastic protocol. Other ap-
plications are elastic up to a certain point, after which
adding capacity does not improve performance.
Many network providers guarantee specific QoS and
capacity levels via service level agreements (SLAs). An
SLA, which is a contract between the enterprise user and
the network provider, spells out the capacity provided be-
tween points in the network that should be delivered with
a specified QoS. If the network provider fails to meet the
terms of the SLA, then the user may be entitled to a re-
fund. These have become popular capabilities offered at
additional cost by network providers for the private line,
frame relay (FR), asynchronous transfer mode (ATM), or
Internet infrastructures employed by enterprises to con-
struct VPNs.
Several approaches have been standardized for deliver-
ing one or more of the above aspects of QoS. The oldest is
the integrated services (Intserv) architecture (RFC 1633,