Background on VPN

Background on VPN

Virtual Private Networks were originally defined and first applied in voice communications. For years, phone companies delivered voice services using what they called "Virtual Private Networks," despite the fact that there wasn't—and still isn't—much that is "virtual" about them. In fact, even today just about any software-defined user group provisioned over any physical medium is considered VPN by the phone companies. The term is still in use even though Public Switched Telephone Network (PSTN) facilities are owned by the phone companies, thus making the technology essentially a private network used for offering user group services.

With the rise of data communication, the term VPN was adopted by data networking industry and was given a new, more accurate meaning. So-called traditional data VPNs were initially created with dedicated link layer networking technologies such as Frame Relay PVC (Permanent Virtual Circuit) or ATM VC (ATM stands for Asynchronous Transfer Mode) links, established between individual hosts or networks. In roughly 10 years following the advent of these technologies, data VPNs typically have been implemented in this fashion with the main goal of replacing less efficient private networks based on dedicated end-to-end leased facilities.


Interestingly, later on both ATM and Frame Relay were gradually reclassified as private networking technologies, mainly on the grounds that while these networks were shared, they nevertheless were privately owned. This also made sense for marketing purposes; ATM and FR services could be equated to those available through the use of truly private, dedicated technologies, such as leased lines, thereby promoting these new data transport methods.

As the use of the public Internet Protocol (IP) networks such as the Internet quickly gained public interest and market acceptance, a new generation of VPN services based on network layer technologies has been introduced to the market. Like traditional VPNs, IP VPNs utilize shared facilities to emulate private networks and deliver reliable, secure services to end users. During the initial IP VPN technology trials, equipment manufacturers and standards organizations such as the IETF came up with a number of encapsulation and encryption techniques (more on those in Chapter 2) in an effort to deliver on the promised cost advantages and complexity reduction [Yuan2001], without compromising security requirements many potential VPN customers have. The proprietary mechanisms like Layer Two Forwarding (L2F) devised by Cisco and Point-to-Point Tunneling Protocol (PPTP) introduced by Microsoft include such early examples. Ultimately, the industry settled on the use of standard based technologies such as IPSec, L2TP, Generic Routing Encapsulation (GRE), and Multi-Protocol Label Switching (MPLS), among others (details are also in Chapter 2). Common authentication and accounting methods largely based on the RADIUS protocol previously defined to satisfy the demand for centralized subscriber management in the remote dial-up industry were also selected and standardized for use with IP VPN. Mobile wireless VPNs are the latest members of this group.