[vpn] Raymond ( my project)

Stephen Hope stephen.hope at energis.com
Fri Oct 12 16:58:41 EDT 2001


1st the cop out - all this is my opinions, and biased by what i know and
what i have done before.

VPN is term for a logical network running over a different network. Many
practical systems actually are "VPNs" at different levels. The first VPNs
were X.25, voice networks (or others) - it depends on who you ask.

Most common use in data networking is for a higher security IP network which
uses an underlying lower security IP network, (ie. a company remote access
system via the Internet) but there are lots of other useful applications.

There are several common ways of providing a VPN over IP - standard ones
include GRE (IP tunnel over IP, IPsec (encryption with optional IP over IP),
L2TP, SSL. Proprietary ones include IPsec over UDP in several different
flavours, L2F and PPTP

IPsec is one way of providing IP over IP networks.

Frame relay can be (and usually is) a VPN when provided by a carrier - the
carrier has a backbone which supports multiple customers, and each customer
"sees" a logical subset of all connections. However, "real" Frame Relay is
just an interface definition, the underlying backbone may be other types of
network - e.g. the old Magellan switch used an underlying IP network,
Newbridge / Alcatel switches use ATM and some recent kit uses MPLS.

That customer may just put native IP over their frame cloud. Or, if they
want better security, they may put IPsec over IP over Frame, typically just
for the encryption support if it is a private network.

In that case we have 3 flavours of VPN running in the same system at
different layers of the protocol stack IPsec over IP over Frame presentation
over IP.....

And each layer needs management, and takes its own overhead costs in terms
of bandwidth, processing and potential for faults......

And that is why a lot of "data only" network architects are pushing IP as
the underlying protocol - fewer layers and more consistency. Of course, when
you carry voice over IP then you add just as many layers which are even more
complex - but that is a different argument.

So, your Q needs a bit more detail before we can give you specific answers.



Stephen Hope C. Eng, Network Consultant, shope at energis-eis.co.uk,
Energis UK, WWW: http://www.energis.com
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4194 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776

> -----Original Message-----
> From: Shereen aggour [mailto:saggour at gmx.net]
> Sent: 12 October 2001 06:51
> To: vpn at securityfocus.com
> Cc: Berkoh Raymond - HPS
> Subject: Re: [vpn] Raymond ( my project)
> Actually I need your help as well for a project of mine that 
> is to state the
> differences between VPNs over IP oppossed to those over frame relay.
> If you can provide me with information, that would be graet.
> Thanks,
> -- 
> Sent through GMX FreeMail - http://www.gmx.net
> VPN is sponsored by SecurityFocus.com

VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list