Other VPN Technologies
As noted in the introduction to this chapter, VPNs can be composed of any tunneling technology
to varying degrees. Some other VPN technologies include those listed
VPN Technologies
Technology Description
Generic router encapsulation
(GRE)
GRE is not really a private technology because the data is not
encrypted, but it is a tunneling technology, and the data contained
within is somewhat transparent to the overall network.
One common use of GRE is to tunnel IPX or other non-IP traffic
over an IP-only backbone.
Virtual circuit (VC) VCs can be permanent or switched, and are found in Frame Relay
and ATM. Traffic within a VC is not encrypted, but could be considered
a tunnel and can be marketed as a virtual private network.
802.1Q in Q 802.1Q in Q also lacks privacy because the data is not encrypted,
but, like a virtual circuit, data that is tagged in one logical VLAN
is private from other VLANs. The technology for Q in Q is the
same as 802.1Q itself, except for a second .Q header being
added. This second header is controlled by the service provider.
One advantage to this model is that the original customer tag
is not changed. For those familiar with ATM, an analogy is the
virtual path identifier.
L2TP Layer 2 Tunneling Protocol is an extension to PPP, discussed in
Chapter 24, “Point-to-Point Protocol.” L2TP allows for the tunneling
of packets independent of layer 3.
Multi-Protocol Label
Switching (MPLS)
MPLS is quickly gaining as the standard service tagging model.
Many service providers are converting their data networks to
MPLS, which is simply a dynamic tag added to the front of the
packet. Again, the data is not encrypted, but vendors are selling
the service as a managed VPN. In reality, it has little functional
difference when compared to other technologies, except for the
significant benefit that it is transport agnostic. Most other technologies
require a specific set of physical layer technologies.
MPLS can also provide rapid fault detection and correction
compared to other technologies.
IPSec IP Security is a set of protocols that encrypt and authenticate the
integrity of the data between two points.
SSL Secure Sockets Layer is a popular encryption technology used for
many HTTP business transactions (HTTPS). However, the protocol
is not limited to HTTP/HTTPS and is now used for remote control
and other remote access functions, and the protocol can be used
for other services. The most significant advantage of SSL is that
the client requires no preconfiguration and the network is transparent
to the entire flow. Each end station is responsible for
encryption and decryption, and only the payload is protected.
Frame Relay and ATM These PVC-based technologies can create private paths across
the public network. Although not typically thought of in VPN
concepts, they are rightfully included in this list.