(Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. VPNs are widely used by enterprises to create wide area networks (WANs) that span large geographic areas, to provide site-to-site connections to branch offices and to allow mobile users to dial up their company LANs.|
For years, common carriers have built VPNs that appear as a private national or international network to each customer, but, in fact, are sharing the same physical backbone trunks with many customers. VPNs have been built over X.25, Switched 56, frame relay and ATM technologies as well as IP networks. For added security, encryption is often used. See PVC and SVC.
Encrypting data that travels between a remote user and the corporate LAN over the Internet is very popular. It is much more economical than using private, leased lines or making long distance data calls via modem. Today, in fact, many people think that "VPN" and "encrypted connections over the Internet" are synonymous. See computer security and information security.
Several protocols are used to provide security over the Internet. For brief transactions at a Web site, SSL is widely used. For extended, secure transmissions, IPsec, L2TP and PPTP are used to provide secure "tunnels" over the Internet. See IPsec, L2TP, PPTP and SSL.
Frame Relay VPNs from Carriers
Carriers offer point-to-point and multipoint VPNs using frame relay. Customer equipment converts packets to frame relay packets. Frame relay VPNs support any network protocol (IP, IPX, SNA, etc.), but adding a location in a multipoint VPN means provisioning virtual circuits from that site to all other sites, which can be costly. See frame relay.
Virtual IP VPNs from Carriers
Carriers offer multipoint networks that accept only IP packets from the customer and run over an IP core. These virtual private routed networks (VPRNs) connect the customer's IP router to the provider's IP router and require some coordination. See MPLS.
Ethernet VPNs from Carriers
Carriers offer services that encapsulate Ethernet frames and deliver them across their network to an Ethernet connection on the other end. A "LAN interconnect" service connects one Ethernet to another. A "transparent LAN" service (TLS) offers multipoint connectivity, typically using frame relay, but has been problematic due to the differences in Ethernet and frame relay architecture. A virtual private LAN service (VPLS) is the latest implementation of a transparent LAN for Ethernet, using an IP and MPLS core to route traffic (see VPLS).