Abstract

AbstractThis chapter begins with some motivational discussion on why enterprises use the Internet to improve productivity, generate new revenues, and be more competitive. We highlight some important security considerations that render the basic public Internet unacceptable for conducting sensitive transactions, such as e‐commerce. Our discussion then summarizes the technologies, namely connection‐oriented label switching and separate connectionless forwarding tables, that are used to partition a shared public network into multiple virtual private networks (VPNs). The chapter then presents a taxonomy of the types of VPNs being standardized in the Internet Engineering Task Force (IETF), differentiated primarily by whether the VPN functionality is implemented on the customer‐edge (CE), or on the provider‐edge (PE) devices. We then summarize CE‐based VPNs either (a) overlaid on a frame relay or an asynchronous transfer mode network or (b) implemented over the Internet using the IP security (IPsec) standards. The text then describes the principal PE‐based approaches, which involve either (a) a separate routing instance for each VPN or (b) a shared, aggregated routing instance for all VPNs that logically maintains separation through configuration. Finally, the chapter concludes with a discussion about design considerations for use of VPNs and an example of an extranet VPN deployment using the CE‐based IPsec approach.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.