VPN's standards/Ways to set up VPN's

FrankGuthrie

Hi guys/girls,

I'm trying to wrap my head around VPN's. I have seen some basic explanation (youtube) about what you can do with VPN's, or the other way around what VPN's can do for you, but I have seen different variant of VPN. MLPS VPN etc..

So I'm kinda getting confused what the different forms are of (setting up an) VPN's and what is the difference between all of them? With what type of hardware are these VPN's setup up? Router, Server?

NetworkVeteran

what the different forms are of (setting up an) VPN's and what is the difference between all of them?

There are more VPN types and subtypes than you can shake a stick at. Which type(s) are you learning about? If you name three or four, there are probably some here willing/able to compare them. All is too big an unpaid task.

Some possible breakdowns--

• Topology
• L2 vs L3
• Overlay vs. Peer-to-Peer
• Business Purpose

FrankGuthrie

NetworkVeteran wrote: »

There are more VPN types and subtypes than you can shake a stick at. Which type(s) are you learning about? If you name three or four, there are probably some here willing/able to compare them. All is too big an unpaid task.

Some possible breakdowns--

• Topology
• L2 vs L3
• Overlay vs. Peer-to-Peer
• Business Purpose

I'm throwing money at my screen.

Aren't there a few L2/L3 options which are most used today? Any best practices to set on up?

blueberries

I like GRE with IPSEC, often in DMVPN design. MPLS VPNs are also cool. What are your goals you want for the VPN? Give us a few examples of VPNs that interest you. Like NetworkVeteran said, this will help everyone compare.

Generally VPNs are assigned to an edge device such as a MPLS router or an ASA. MPLS VPNSs don't have to have matching edge device technologies.

FrankGuthrie

blueberries wrote: »

I like GRE with IPSEC, often in DMVPN design. MPLS VPNs are also cool. What are your goals you want for the VPN? Give us a few examples of VPNs that interest you. Like NetworkVeteran said, this will help everyone compare.

Generally VPNs are assigned to an edge device such as a MPLS router or an ASA. MPLS VPNSs don't have to have matching edge device technologies.

Well that's a bit the problem, I have seen a lot of form, and want to know what is out there.

I think dat DMVPN and MPLS are mostly uses these days. I also saw the term VPLS... Kinda get confused seeing al these terms.

So let's start with these 3:
DMVPN
MPLS VPN
VPLS

blueberries

DMVPN is a design plan. Very efficient and easy to deploy for multipoint connectivity for remote users. It can use an IGP over the WAN and can be encrypted with Ipsec.

MPLS is its own protocol, considered a "2.5" layer technology. It was created to speed up latency in the cloud and use less cpu, but this is no longer the main driving point, as bandwidth has increased. It is efficient for multicast deployment be it that there is no unified WAN multicast protocol in existence. A cool aspect of MPLS VPN that I mentioned earlier is the lack of need for matching edge device technologies, so for example, you could be connected via ADSL and I could be connected via T1. It also has a TOS tuple which helps give priority to voip and video streaming in the WAN.

VPLS again, is a design plan, the ideal would be to establish multipoint connectivity for remote users.

xXErebuS

blueberries wrote: »

DMVPN is a design plan. Very efficient and easy to deploy for multipoint connectivity for remote users. It can use an IGP over the WAN and can be encrypted with Ipsec.

MPLS is its own protocol, considered a "2.5" layer technology. It was created to speed up latency in the cloud and use less cpu, but this is no longer the main driving point, as bandwidth has increased. It is efficient for multicast deployment be it that there is no unified WAN multicast protocol in existence. A cool aspect of MPLS VPN that I mentioned earlier is the lack of need for matching edge device technologies, so for example, you could be connected via ADSL and I could be connected via T1. It also has a TOS tuple which helps give priority to voip and video streaming in the WAN.

VPLS again, is a design plan, the ideal would be to establish multipoint connectivity for remote users.

So you can think of VPN as a couple of different things: Network connectivity (connecting internal sites); Client connectivity (Remote access); Vendor / External company connectivity (site-to-site VPN).


The main advantage of DMVPN (IMO) is the ability to establish dynamic tunnels; makes it easier to setup and allows spoke to spoke connectivity (if you would like). It uses the NHRP (Next Hop Resolution Protocol) to find public ip addresses of the other side of the tunnel a device needs to establish with. You would set this up to connect maybe a remote branch office internally and typically use a router. I guess you could use it for external companies but I have not seen it nor recommend it (its a shared network).

Site to Site VPNS - typically setup on a firewall. This is what I would recommend if you need to connect to a 3rd party / external company for whatever reason, IPSEC encrypts the traffic sent over the internet. Please note that VPN does not = IPSEC or secure; they are seperate of each other in every instance (i.e. you can have DMVPN w/o IPSEC, unsecure).

Remote access VPNS - I think you get this

I would say this is the most common usage; of course there are companies that are using VPN technology to hide IP addresses; provide filtering bypass for people whose country may be filtering something (like Facebook).

EDIT: I would have to agree with above and say VPNs are mostly "design" plans using different protocols.

FrankGuthrie

xXErebuS wrote: »

So you can think of VPN as a couple of different things: Network connectivity (connecting internal sites); Client connectivity (Remote access); Vendor / External company connectivity (site-to-site VPN).

EDIT: I would have to agree with above and say VPNs are mostly "design" plans using different protocols.

That actually makes sense as I see a lot of terminology flying by.

I work with a Service Provider/Hosting company as a Junior networking guy, and I'm just tying to understand different froms of VPN, so I know what the other guys are talking about

I know we use VPLS for our customer, but I'm trying to dive into the VPN ins and outs to not sound dumb to my collegeaus. Thanks for far for the help.

Just heard from a colleguas that we also offer Site to Site VPN's to our customers. Let me google on that , or if anyone has something on site to site VPN's, please let me know.

NetworkVeteran

FrankGuthrie wrote: »

I know we use VPLS for our customer, but I'm trying to dive into the VPN ins and outs to not sound dumb to my collegeaus.

With that context given, check our 'MPLS & VPN Architectures'. It's the classic for explaining SP VPN types like VPLS. I've seen more than one person use it to get up-to-speed and sound not-so-silly to colleagues.

Newer VPN types are usually explained in relation to those classic/common ones.

FrankGuthrie

NetworkVeteran wrote: »

With that context given, check our 'MPLS & VPN Architectures'. It's the classic for explaining SP VPN types like VPLS. I've seen more than one person use it to get up-to-speed and sound not-so-silly to colleagues.

Newer VPN types are usually explained in relation to those classic/common ones.

I was looking for a blog here on this site, but googled it and saw this was a book

xXErebuS

FrankGuthrie wrote: »

I was looking for a blog here on this site, but googled it and saw this was a book

Yeah I think "Check our" was supposed to say "check out" =D