P1: IXL
Virtual ̇Private WL040/Bidgolio-Vol I WL040-Sample.cls August 14, 2003 17:53 Char Count= 0
Virtual Private Networks:
Internet Protocol (IP) Based
Virtual Private Networks:
Internet Protocol (IP) Based
David E. McDysan,WorldComIntroduction to IP-Based Virtual Private
Networks 579
Applications of IP Virtual Private Networks 579
Drivers for IP-Based Virtual Private Networks 579
Introduction to Virtual Private Networks
Technologies 581
A Taxonomy of IP-Based Virtual Private
Networks 583
Customer-Edge-Based Virtual Private Networks 584
CE Virtual Private Networks Over Virtual
Connection Networks 585
IP Security-Based Customer-Edge Virtual
Private Networks 585Provider-Edge-Based Layer 3 Virtual Private
Networks 586
Aggregated Routing Virtual Private Networks 587
Virtual Router Virtual Private Networks 587
Design Considerations and Example of Virtual
Private Networks 588
Considerations When Choosing a Virtual Private
Networks Approach 588
Example of Deployment of a Customer-Edge-Based
Virtual Private Networks in E-commerce 589
Glossary 589
Cross References 590
References 590INTRODUCTION TO IP-BASED
VIRTUAL PRIVATE NETWORKS
Applications of IP Virtual Private Networks
The public Internet plays an important role in many enter-
prises (McDysan, 2000). Users can exchange information
with individuals anywhere in the world via e-mail, Web
sites, transaction systems, file sharing, and file transfer.
Furthermore, the Internet is a rapidly growing means of
conducting business for commercial enterprises. It also
provides a means for companies to advertise their goods
and services. The Internet can help reduce administrative
costs by placing the data entry, verification, and think-
time aspects of order entry and service parameter selec-
tion in the hands of the end user. This replaces the older,
less-efficient paradigm of people in enterprises interacting
over the postal system and/or the telephone and facsim-
ile to place orders, update records, and complete business
transactions. The Web provides the automated means for
the end user to peruse the choices at his or her own speed,
requiring the expenditure of energy and time of only one
person. Furthermore, careful design of the Web site by
experts allows many more people access to the best set of
information. In the classic telephone or facsimile method,
the level of expertise depended on the particular agent the
caller reached.
The tremendous volume of such information on public
Web sites continues to grow and increase in quality, based
upon real-world experience and user feedback. When the
Web site contains enterprise-specific information that, for
one reason or another, is sensitive, we call the application
an intranet. One level of security is that of user identi-
fications (IDs) and passwords. This is the same level of
security used on many public domain Web sites. The next
level of security is that of encryption and firewalls, top-
ics covered in the next section. A more challenging activ-
ity is the use, by multiple enterprises, of the Internet in avirtual private fashion in an application called an extranet.
The premier example to date is probably that of the Au-
tomotive Network eXchange, which connects major auto-
motive manufacturers and their suppliers, as described at
the end of this article.
In addition to control over who may communicate
with whom, as described above, virtual private networks
(VPNs) have a number of additional important require-
ments. Of course, providing verifiable authentication that
specific sites and users are part of a specific intranet or
extranet VPN is an important requirement. Also, keeping
the administrative cost of VPNs under control requires
automation of membership discovery in conjunction with
this authentication. Furthermore, customer networks will
make use of private IP addresses or nonunique IP address
(e.g., unregistered addresses). This implies that there is
no guarantee that the IP addresses used in the customer
VPN are globally unique.Drivers for IP-Based Virtual Private
Networks
Progress marches ever onward, and the world of net-
working is no different (McDysan, 2000). Similarly to the
way enterprises constructed private data networks over
the telecommunications infrastructure developed for tele-
phony, the industry is developing a new wave of technolo-
gies, overlaying the basic suite of Internet protocols, to
construct VPNs. When the public network infrastructure
of a VPN matches that of the enterprise equipment, then
significant savings can occur. This is a recurring theme in
the history of communication networks, with the Internet
simply the latest frontier.
Successful enterprises are cost conscious. Even large
government programs are subject to public scrutiny. In
the highly competitive world of commercial enterprises,
those that are not cost conscious fail on a predictable and579