1. Home
  2. Networking
  3. Integrated cisco and unix network architectures

The VPNC Concept of VPNs

To grasp the concept of virtual privacy, you have to understand the character of conventional private networks. The opposite of VPNs are good, old circuit-switched dedicated private networks based on a number of dedicated leased lines (DLLs). VPNs commonly are deployed on a shared public infrastructure across "untrusted territory" beyond Open System Inteconnection (OSI) Layer 1 and use point-to-point or point-to-multipoint concepts such as virtual circuits, either switched or permanent, or "cloudlike" any-to-any connectivity, as with MPLS network edge architectures and MPLS Border Gateway Protocol (BGP) VPNs. Several virtual links constitute a virtual network that accomplishes privacy at arbitrary layers of the OSI stack. Although a common misperception, VPNs do not necessarily require encryption and authentication to achieve some level of privacy.

Note that a network of virtual links constitutes a VPN and that a tunnel carries out three basic tasks:[1]

  1. It provides a virtual link.

  2. It provides data encryption; that is, it transmits the data in a secret code.

  3. It provides remote-end authentication; that is, it guarantees who is doing the sending and receiving.



    		Command Syntax Conventions
    		Chapter 1. Operating System Issues and Features-The Big Picture
    		Chapter 2. User-Space Routing Software
    		Chapter 3. Kernel Requirements for a Full-Featured Lab
    		Chapter 4. Gateway WAN/Metro Interfaces
    		Chapter 5. Ethernet and VLANs
    		Chapter 6. The Analyzer Toolbox, DHCP, and CDP
    		Chapter 7. The UNIX Routing and ARP Tables
    		Chapter 8. Static Routing Concepts
    		Chapter 9. Dynamic Routing Protocols-Interior Gateway Protocols
    		Chapter 10. ISP Connectivity with BGPv4-An Exterior Gateway Path-Vector Routing Protocol for Interdomain Routing
    		Chapter 11. VPN Technologies, Tunnel Interfaces, and Architectures
    		The Rationale for Tunnels in Routing Environments
    		The VPNC Concept of VPNs
    		The OSI Stack Perspective
    		Internet, Intranet, and Extranet Terminology
    		IP-IP Tunnel
    		Generic Router Encapsulation (GRE) Tunnel
    		Special Multicast and IPv6 Tunneling (RFC 2473, RFC 3053)
    		Cisco L2F (Layer 2 Forwarding)
    		PPTP (Point-to-Point Tunnel Protocol)
    		L2TP (Layer 2 Tunnel Protocol)
    		Mobile IP
    		User-Space Tunneling
    		IPSec Foundation
    		General Tunnel and Specific IPSec Caveats
    		Advice About IPSec Lab Scenarios
    		Road-Warrior Scenarios (Road Warrior-to-OpenBSD/FreeBSD Gateway with IKE)
    		Dynamic Routing Protocols over Point-to-Point Tunnels-Transparent Infrastructure VPN
    		Summary
    		Recommended Reading
    		Endnotes
    		Chapter 12. Designing for High Availability
    		Chapter 13. Policy Routing, Bandwidth Management, and QoS
    		Chapter 14. Multicast Architectures
    		Chapter 15. Network Address Translation
    		Appendix A. UNIX Kernel Configuration Files
    		Appendix B. The FreeBSD Netgraph Facility