VPNs have been widely deployed by the networking industry in various shapes and forms for many years. Lately, VPN has been introduced to IP-based data communications as well. Industry analysts forecast significant growth for the IP VPN industry; for instance, Infonetics Research believes worldwide end-user VPN expenditures are set to grow 275 percent, from $12.8 billion to $46 billion, between 2001 and 2006. It is also expected that VPN will have a significant impact on wireless communications. The latest application of VPN to mobile communications, MVPN—still in its infancy—has many unresolved issues, both from a technical and business perspective. However, its technical framework is already largely defined, and early deployments of its various forms have been undertaken.
In this chapter we introduce MVPN concepts and analyze its technology by first addressing architectures and taxonomy of traditional data VPNs and then moving on to add mobility to the picture. The discussion begins with a VPN definition and an analysis of private networking. We continue this discussion with sections on VPN-enabling technologies and on VPN taxonomy. The chapter concludes with an analysis of wireless versus mobile terminology and the introduction of VPN in mobile environments.
Let's expand on the VPN definition we provided back in Chapter 1. VPN combines two concepts: virtual networking and private networking. In a virtual network, geographically distributed and remote nodes can interact with each other the way they do in a network where the nodes are collocated. The topology of the virtual network is independent of the physical topology of the facilities used to support it. A casual user of the virtual network, not aware of the physical network setup, would only be able to detect the topology of the virtual network. A virtual network is also managed as a single administrative entity.
Private networks are usually defined as nonshared networking facilities combining hosts and clients that belong to the same administrative entity. A good example of a private network is a corporate intranet, which can only be used by a certain number of authorized individuals belonging to that particular corporation. Virtual private networking, thus, is the emulation of private secure data networks over public shared insecure telecommunications facilities (recall the MVPN definition in Chapter 1).
VPN properties include mechanisms for data protection and establishing trust among hosts in virtual networks and incorporation of various methods to enforce and maintain service level agreements (SLAs) and quality of service (QoS) for all entities that make up a Virtual Private Network. VPN can be defined from many perspectives. The preceding definition looks at VPN from a networking standpoint, which should serve us well for the purposes of this book.
In the past few years there have been various attempts to come up with a broader VPN definition that would include applications-level technologies such as TLS (see Chapter 2 for analysis of TLS versus VPN). Other sources deservedly argue that vendors and information technology communities took an overly simplified approach to the matter and turned the whole VPN concept into a generic networking term that is now widely exploited for marketing purposes. While acknowledging the validity of both points of view, especially in light of relative VPN newness, we still see a need for a common working definition for data VPN to transition to practical aspects of its implementation.