P1: IXL
Virtual ̇Private WL040/Bidgolio-Vol I WL040-Sample.cls August 14, 2003 17:53 Char Count= 0
GLOSSARY 589ANX
TPANX
TPANX
IPsec TPCSPPublic
InternetCSPCSPCEPOANX
OverseerIPsecIPsecCASPANX
ExtranetFigure 11: ANX extranet architecture.Example of Deployment of a
Customer-Edge-Based Virtual Private
Networks in E-commerce
Unless your enterprise is the first to try a new techno-
logy, protocol, or architecture, there will likely be case
studies available for review. A frequently documented ex-
tranet case study is the Automotive Network eXchange
(ANX) (McDysan, 2000). This extranet VPN involves a
few large enterprises (automotive manufacturers) and a
significant number of small-to-medium-size enterprises
(their suppliers). Initiated by the Automotive Industry Ac-
tion Group (AIAG) in 1994, the IPsec-based ANX network
had Chrysler, Ford, and General Motors as the founding
network participants. These companies and other major
automotive manufacturers utilize parts and services from
a large number of common original equipment manufac-
turers, such as Bosch, Delta, Fisher, ITT, and TRW. Follow-
ing the completion of successful trials in 1997 and 1998,
ANX launched production in November 1998. By the end
of 1999, ANX had nearly 500 registered trading partners.
As an example of a quantifiable goal achievable by an ex-
tranet, the AIAG estimates that a collaborative planning,
forecasting, and replacement tool running over the ANX
network may save up to $1,200 per vehicle. This savings
results from a reduction of the delivery cycle of parts and
supplies and the associated inventory levels.
The ANX architecture is based upon a set of in-
terconnected certified service providers (CSPs), certified
exchange point operators (CEPOs), and certificate author-
ity service providers to which ANX trading partners sub-
scribe, as illustrated in Figure 11. Telcordia (formerly Bell-
core) has been chosen as the ANX overseer, which awards
certification to CSPs and CEPOs. The ANX service qual-
ity certification categories are network service features,
interoperability, performance, reliability, business conti-
nuity and disaster recovery, security, customer care, and
trouble handling. ANX has also specified that the Interna-
tional Computer Security Association (ICSA) will certify
whether equipment is IPsec compliant.
Finding companies with equipment that has the ICSA
stamp of approval is a good place to start when looking
for IPsec-compliant vendors.This network is effectively a partitioned set of inter-
faces running on top of the public Internet infrastructure
offered by the selected set of certified commercial ISPs. It
replaces the prior complex arrangement of physical and
logical connections between trading partners with one
logically administered, cryptographically secured connec-
tion to the ANX extranet. Choice of the TCP/IP protocol
suite provides access to a broad range of file transfer,
electronic document interchange, e-mail, and other ap-
plication software. This is especially important in the au-
tomotive industry, where computer-based techniques are
now used in almost every stage of the design, manufac-
turing, delivery, and maintenance aspects of the business.
Although the benefits of ANX apply primarily to medium-
to-large-size enterprises in the automotive industry, the
drive toward interoperability will benefit other industry
segments in the longer term (for more information, see
http://www.anx.com).GLOSSARY
Customer-edge (CE) device Provides access for users
at a site and has an access connection to a PE device. It
allows users at a site to communicate over the access
network with other sites in the VPN.
Enterprise A single organization, corporation, or gov-
ernment agency that administratively controls and sets
policy for communication among a set of sites.
Extranet Allows communication between a set of sites
that belong to different enterprises, as controlled by
the enterprise administrators and/or a third party.
These enterprises have access to a specified subset
of each other’s sites. Examples of extranets include
(a) companies performing joint software develop-
ment, (b) a group of suppliers and their customers
exchanging orders and delivery tracking informa-
tion, and (c) different organizations participating in
a consortium that has access to important informa-
tion.
Generic routing encapsulation (GRE) A general pro-
tocol for encapsulating a network layer protocol over
another network layer protocol (RFC 2784, Farinacci,
Li, Hanks, Meyer, & Traina, 2000).