Thursday, 15 March 2012

IP-based VPN infrastructure

IPSec has become the de facto industry standard for IP-based VPN infrastructure.  The future version of IP (IPv6), has IP sec built in it, and when fully deployed, it will render IPSec obsolete (Younglove, 2000). Generally speaking and independent of IPSec, there are two basic methods in which network layer encryption is implemented.  The most secure is end-to-end between 10participating hosts.  This allows for the highest level of security.  The alternative is tunnel mode, where encryption is only performed between intermediate devices (routers), and traffic between the end system and the router is in plain text.  The latter is obviously less secure (Gleeson et al., 2000). The basic concept of this kind of implementation is to use a shared network infrastructure that is based on switched link layer technology like Frame Relay or Asynchronous Transfer Mode (ATM).  Thus, a collection of VPNs may share the same infrastructure for connectivity, and share the same switching elements without being visible to each other.  By this, link-layer VPNs attempts to maintain the critical elements of being self contained and economical (Gleeson et al., 2000). There are several protocols that are used in link-layer VPN implementations, the most common is Multiprotocol over ATM (MPOA), and Multiprotocol Label Swiching ( MPLS) (Venkateswaran, 2001).

No comments:

Post a Comment

Note: only a member of this blog may post a comment.