"VPN," or Virtual Private Network, has become almost as recklessly used in the networking industry as has "OoS" (Ouality of Service) to describe a broad set of problems and "solutions," when the objectives themselves have not been properly articulated. This confusion has resulted in a situation where the popular trade press, industry pundits, and vendors and consumers of networking technologies alike, generally use the term "VPN" as an offhand reference for a set of different technologies. This paper attempts to provide a common sense definition of a VPN, and an overview of different approaches to building them.
The term "private" is fairly straightforward, and is intricately related to the concept of "virtualization" insofar as VPN's are concerned, as we'll discuss in a moment. In the simplest of definitions, "private" means that communications between two (or more) devices is, in some fashion, secret - that the devices which are not participating in the "private" nature of communications are not privy to the communicated content, and that they are indeed completely unaware of the private relationship altogether. Accordingly, data privacy and security (data integrity) are also important aspects of a VPN which need to taken into consideration when considering any particular VPN implementation.
A VPN is a communications environment in which access is controlled to permit peer connections only within a defined community of interest, and is constructed though some form of partitioning of a common underlying communications medium, where this underlying communications medium provides services to the network on a non-exclusive basis.
Sending specific portions of network traffic across a tunnel is another method of constructing VPN's - some more effective than others. The most common tunneling mechanisms are GRE (Generic Routing Encapsulation) [6] tunneling between a source and destination router, router-to-router or host-to-host tunneling protocols such as L2TP (Layer 2 Tunneling Protocol) [7] and PPTP (Point-to-Point Tunneling Protocol) [8], and DVMRP (Distance Vector Multicast Routing Protocol) [9] tunnels.
Tunneling can be considered an overlay model, but the seriousness of the scaling impact relies on whether the tunnels are point-to-point or point-to-multipoint. Point-to-point tunnels, have lesser scaling problems than do point-to-multipoint tunnels, except in situations where a single node begins to build multiple point-to-point tunnels with multiple end-points. While there is a linear scaling problem introduced at this point, the manageability of point-to-point tunnels lies solely in the administrative overhead and the number of the tunnels themselves .. On the other hand, point-to-multipoint tunnels that use "cut-through" mechanisms to make greater numbers of end-points one hop away from one another and subsequently introduce a much more serious scaling problem.
