Types of VPN
8 likes1,174 views
Layer 1 Overlay VPNs use dedicated connections like T1/E1 leased lines to connect branches in a secure manner. Layer 2 Overlay VPNs connect branches over multi-access networks like frame relay. Layer 2.5 Overlay VPNs use MPLS, which inserts an MPLS header between layer 2 and 3 headers. Layer 3 Overlay VPNs use IPSec to encrypt data and GRE for routing/multicast over public networks. Layer 4 Overlay VPNs use SSL/TLS to encrypt data at the transport layer for applications like web browsing.
Types of VPN
- 2. Layer 1 Overlay VPN we can use leased lines for connectivity between branches. These are dedicated connections which provide us a reliable link which is not shared with anyone else. When data is being transmitted between branches it is using a network path which is not under our control. Now if there is a logical or physical thing that provides security to our communication, we refer to that as “VPN”. This is the reason some people refer to T1, T3 or E1, E3 leased lines as layer 1 overlay VPN.
- 3. Layer 2 Overlay VPN When we want to connect our branches using a multi-access network we use frame-relay. It is a protocol standard, which provides us multi-access network functionality as well as a secure transmission channel. At this channel only we can communicate with our branches not others i.e. why we can also call it as Layer 2 Overlay VPN.
- 4. Layer 2 and half Overlay VPN MPLS (Multi-protocol Label Switching) is a very widely used technology these days for multi-access network. When a packet enters a MPLS network a 32 bits MPLS header tag is inserted between layer 2 & layer 3 headers. This is the reason why many folks call MPLS a layer 2.5 technology thus making it Layer 2 and Half Overlay VPN. When we use MPLS our entire routing table is shared with service provider and entire data travels in plain-text format, to make it secure there is a special VPN called GETVPN.
- 5. Layer 3 Overlay VPN Until now we have discussed about VPN which are not using public network like internet. If we are using internet to connect branches of organization then we need to make sure the data transmitted should remain private and unaltered. To secure communication we use IPSec (IP Security) which encrypts the data to make it private and also ensures that it is delivered unaltered. IPSec is not capable to exchange routing and multicast traffic between branch routers. For this purpose GRE (Generic Routing Encapsulation) is used. By default GRE has no security mechanism to protect data. To obtain security for routing and multicast traffic IPSec must be used along with GRE. These Two Protocol IPSec & GRE are represented as a Layer 3 Overlay VPN.
- 6. Layer 4 Overlay VPN Many times when we are using internet, we want the communication between servers and clients to be secure. For instance when using a bank website we don’t want to transmit data like credit card information, passwords, etc. in clear text. For this purpose Secure Socket Layer (SSL) or Transport Layer Security (TLS) was invented. SSL was developed initially and later replaced by TLS. It is used for a wide variety of applications like web browsing, VoIP, email, etc. It works at transport layer along with other protocols and encrypts the data before it is transmitted. This leads to it being referred as layer 4 Overlay VPN
- 7. Layers Overlay Virtual Private Networks Layer 1 Overlay T1, T3 & E1, E3 Layer 2 Overlay Frame-Relay, ATM Layer 2 and half MPLS Layer 3 Overlay IPSec, GRE Layer 4 Overlay SSL/TLS (HTTPS)
- 8. Site-Site VPN Connectivity between branches is a necessity for any organization. It enables the access of resources at two branches from each other. Site- Site VPN is used to secure this data transmission between two sites. Thus all the devices in LAN of one site can transmit data to devices in LAN of other site. Things like employees placing VoIP calls between two sites can be made possible if we have VPN configured. It is one of the most commonly deployed VPN.
- 9. Remote Access VPN Work from home is a very common thing in organization these days. Employees can perform their duties while they are at their home. The biggest challenge for this is to get them connected to organization network in a secure way. This problem is solved by deployment of Remote Access VPN.
- 10. Dynamic Multipoint Virtual Private Network (DM VPN) When we have multiple sites connected to each other via internet and secure communication between them is required Site-Site VPN can be used. The only problem is Site-Site VPN in fully mesh connectivity is hard to create, maintain & troubleshoot if the number of sites is huge. This problem is solved by DMVPN (Dynamic Multipoint Virtual Private Network). In DMVPN we create Hub & Spokes, where hubs are called servers & spokes are called clients. When client will boot up, it will register itself with the server. When one spoke wants to communicate with other a dynamic tunnel is created between two spokes automatically. After the communication is done tunnel is destroyed. This solution is more manageable and scalable.
- 11. Group Encrypted Transport Virtual Private Network (GET VPN) All VPN solutions like Site-Site, Remote Access and DMVPN provide point-point connectivity. GETVPN is only the solution, which provides tunnel less any- any connectivity. It makes the communication secure in a private WAN deployments. GETVPN was especially designed for secure data communication over MPLS network.
- 12. Secure Socket Layer VPN (SSL VPN) SSL protocol was designed for secure data communication between web server and web browser. Later it was modified and renamed as Transport Layer Security (TLS). The biggest benefit of using SSL VPN is it does not necessarily require installation of VPN client on the end user device. SSL VPN can be used on any device that supports web browsing, so end user device can be a PC, Mac, Tablet or a Smartphone.
- 13. Protocols Virtual Private Network IPSec (IP Security) Site-Site, Remote Access, DMVPN GDOI (Group Domain of Interpretation) GET VPN (Group Encrypted Transport VPN) SSL ( Secure Socket Layer) Three Modes (Clientless, Thin, Thick)