Virtual Private Networks

A virtual private network (VPN) is a network that is built on common infrastructure, but appears to its private users to be dedicated to the user needs. VPNs combine the privacy of a private circuit with the cost efficiency and robustmess of the Internet.

There is increasing demand for VPN services to accommodate the rise in projects with participants in multiple locations, who wish to co-operate between locations as if they were operating on the same local-area network. The most common way to use a VPN is to connect private networks which use Internet-incompatible network addresses. It is envisaged that the approach to VPN provision will be extensively redeveloped on GÉANT2 in order to provide increased user control of availability, configuration and performance.

Virtual private networks (VPNs) are used on GÉANT2 to support projects that have a need for them. The VPNs currently used on GÉANT2 are point-to-point connections linking two sites. Typically, these will be two sites that belong to the same organisation or project, but which are each connected to a different network. Using a VPN, the two sites can communicate as though they were directly connected to each other. The VPN will appear as a ‘tunnel’ for the two sites involved.

VPNs are an important tool in the portfolio of possible connectivity options that GÉANT2 is assembling to meet the specific needs of its users.

Technology

On GÉANT2, VPNs are provisioned using the transport of OSI Layer 2 Ethernet frames over multi-protocol label switching (MPLS) tunnels. Multiprotocol label switching (MPLS) is a technology and framework used to set up label-switched paths (LSPs) over an IP network, either manually or by means of a signalling protocol. The labelling applied to data packets using MPLS pre-defines the path along which the packets should be sent.

The LSPs are determined by various relevant constraints and are maintained by resource reservation protocol (RSVP). This ensures the LSPs always follow the optimal path at any given time. If a link in an LSP fails, the LSP will automatically reroute to another path so that it can still be use to forward traffic. The Martini approach proposed by the IETF, which allows different Layer 2 connections to share the same LSP, is currently being used to implement L2 VPNs in the GEANT network.

MPLS can be used to implement the following services over an IP network:

• Layer 3 Virtual Private Network (VPN)
• Layer 2 VPN, either point-to-point or multipoint Layer 2 connections
• Traffic engineering (MPLS-TE), used to control the route taken by certain traffic aggregates in order to optimise network utilisation and to avoid points of congestion in the network.

On GÉANT2, as on the GÉANT network, its main uses will be in Layer 2 VPNs and traffic engineering for large data flows from projects with particularly demanding networking requirements, such as DEISA.

Request a VPN

The VPN service provided over the GÉANT network is essentially static, and requires high levels of time and effort to establish, configure and reorganise in order to action each request for a VPN. Use of a VPN on GÉANT2 must be requested in advance so it can be designed and configured. This is normally done via your NREN by contacting the person responsible for VPNs/MPLS. They will then request a VPN on behalf of your project. In particular, for a complete end-to-end VPN, please note that a VPN must be requested by the users within each participating NREN, with the VPNs then stitched together (this may not always be possible).

Please note that a different solution may be suggested instead of a VPN.

You will need to provide the following information.

• Contact details for the two NRENs involved
• Contact details for the two end sites
• IP addresses of the routers at each end site
• Router model at each end site
• Bandwidth requirements
• A project description
• Applications to be used, including explanation of why a VPN is required
• Start and end date for when the VPN is required.