P1: IXL
Virtual ̇Private WL040/Bidgolio-Vol I WL040-Sample.cls August 14, 2003 17:53 Char Count= 0
590 VIRTUALPRIVATENETWORKS:INTERNETPROTOCOL(IP) BASEDIntranet Restricts communication to a set of sites that
belong to one enterprise and via policy may further
restrict communication between groups within these
sites. For example, communication between marketing
and engineering may be limited.
IP security protocol (IPsec) A set of IETF standards
that defines a suite of security protocols that provide
confidentiality, integrity, and authentication services
(RFC 2401, Kent & Atkinson, 1998).
Layer 2 tunneling protocol (L2TP) An IETF standard-
ized protocol defined initially for support of dial-in con-
nections (RFC 2661, Townsley, et al., 1999). A succes-
sor to the proprietary Microsoft PPTP and Cisco L2F
protocols, L2TP gives mobile users the appearance of
being on an enterprise LAN.
Multiprotocol label switching (MPLS) A switching
technique that forwards packets based upon a fixed-
length label inserted between the link and network
layer or that uses a native layer 2 label, such as FR or
ATM (RFC 3031, Rosen, Viswanathan, & Callon, 2001).
Similar to frame relay and ATM in function, MPLS dif-
fers from these protocols by virtue of its tight coupling
to IP routing protocols.
Provider-edge (PE) device A PE device faces the ser-
vice provider core network on one side and interfaces
via an access network to one or more CE devices.
Site A set of users who have connectivity without use
of a service provider network, for example users who
are part of the same enterprise in a building or on a
campus.
Tunnel Formed by encapsulating packets with a header
used to forward the encapsulated payload to the tun-
nel end point. In VPN applications, tunnel end points
may be a CE or a PE device. Encapsulating one tunnel
within another forms a hierarchical tunnel, which is
useful for reducing the number of tunnels in the core
of networks. Examples of protocols commonly used for
forming a tunnel are MPLS, L2TP, GRE, IPsec, and IP-
in-IP tunnels.
User Someone or something that has been authorized
to use a VPN service, for example a human being using
a host or a server.
Virtual private network (VPN) A specific set of sites
configured as either an intranet or an extranet to al-
low communication. A set of users at a site may be a
member of one or many VPNs.CROSS REFERENCES
SeeCircuit, Message, and Packet Switching; Electronic
Commerce and Electronic Business; Extranets; Internet Ar-
chitecture; Internet Literacy; Internet Security Standards;
Intranets; Public Networks; TCP/IP Suite.REFERENCES
ANX Network (2003). Retrieved February 10, 2003, from
http://www.anx.com/Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.,
& Weiss, W. (1998).An architecture for differentiated
services.Retrieved February 20, 2003, from http://ietf.
org/rfc/rfc2475.txt
Braden, R., Clark, D., & Shenker, S. (1994).Integrated ser-
vices in the Internet architecture: An overview.Retrieved
February 20, 2003, from http://ietf.org/rfc/rfc1633.txt
Braun, T., Guenter, M., & Khalil, I. (2001, May). Manage-
ment of quality of service enabled VPNs.IEEE Com-
munications Magazine.
Callon, R., Suzuki, M., DeClerq, J., Gleeson, B., Malis,
A., Muthukrishnan, K., RosenE., Sargor, C., & Yu, J.
(2002).A framework for layer 3 provider provisioned vir-
tual private networks.Unpublished manuscript.
Carugi, M., McDysan, D., Fang, L., Nagarajan, A., Sum-
imoto, J., & Wilder, R. (2002).Service requirements
for provider provisioned virtual private networks.Manu-
script in preparation.
E-mail list logs, presentations, related ITU-T drafts
(2003). Retrieved February 20, 2003, from http://
ppvpn.francetelecom.com
Farinacci, D., Li, T., Hanks, S., Meyer, D., & Traina, P.
(2000).Generic routing encapsulation (GRE). Retrieved
February 20, 2003, from http://ietf.org/rfc/rfc2784.txt
IETF working group charter page, list of RFCs and cur-
rent drafts (2003). Retrieved February 20, 2003, from
http://ietf.org/html.charters/ppvpn-charter.html
Kent, S., & Atkinson, R. (1998).Security architecture for
the Internet protocol.Retrieved February 20, 2003, from
http://ietf.org/rfc/rfc2401.txt
Kosiur, D. (1998).Building and managing virtual private
networks.New York: Wiley.
McDysan, D. (2000).VPN applications guide.New York:
Wiley.
Muthukrishnan, K., & Malis, A. (2000).A Core MPLS IP
VPN architecture.Retrieved February 20, 2003, from
http://ietf.org/rfc/rfc2917.txt
Rosen, E., & Rekhter, Y. (1999).BGP/MPLS VPNs.Re-
trieved February 20, 2003, from http://ietf.org/rfc/
rfc2547.txt
Rosen, E., Viswanathan, A., & Callon, R. (2001).Multipro-
tocol label switching architecture.Retrieved February
20, 2003, from http://ietf.org/rfc/rfc3031.txt
Schneier, B. (1995).Applied cryptography: Protocols, algo-
rithms, and source code in C.New York: Wiley.
Thayer, W., Doraswamy N., & Glenn, R. (1998).IP Secu-
rity Document Roadmap. Retrieved February 20, 2003,
from http://ietf.org/rfc/rfc2411.txt
Townsley, W., Valencia, A., Rubens, A., Pall, G., Zorn, G.,
& Palter, B. (1999). Layer two tunneling protocol
L2TP.Retrieved February 20, 2003, from http://ietf.org/
rfc/rfc2661.txt
Wroclawski, J. (1997).The use of RSVP with IETF in-
tegrated services.Retrieved February 20, 2003, from
http://ietf.org/rfc/rfc2210.txt
Virtual Private Network Consortium (2003). Retrieved
February 20, 2003, from http://www.vpnc.org/