Learn the VPN services of telecommunications carriers

VPN services include IP-VPN and wide-area Ethernet, as well as managed VPN, which is a low-cost version of IP-VPN and outsourcing the management of Internet VPN.Let's talk about these VPN services.

IP-VPN / Wide area Ethernet is a multi-type WAN

　According to the Ministry of Internal Affairs and Communications's communication usage survey, there are three types of communication services used for corporate communications networks, an Internet VPN, IP-VPN, and a wide-area Ethernet.Among them, IP-VPN and wide-area Ethernet, a VPN service provided by telecommunications carriers, are characterized by more than 2,000 employees, and in businesses in the financial and insurance industry.

　This is probably because IP-VPN and wide area Ethernet are communication services that connect user bases via a closed network built by telecommunications carriers, and that it is a multifaceted multi-type communication service.By using a closed network held by a telecommunications carrier, you can provide users a well -managed and reliable communication service.This has been returned to users in the form of a service quality assurance system (SLA: SLA: SLA: SLA), which minimizes the downtime of the net and guarantees the occupancy rate, net delay time, and failure recovery time.

　Inexpensive Internet VPNs always needed techniques to prepare for the threat because they were always exposed to wiretapping and falsification by third parties (Figure 1).On the other hand, there is no room for such threats to enter in a closed network held and managed by telecommunications carriers (Fig. 2).In terms of cost, it is more expensive than Internet VPN, but it provides that much communication quality and reliability.

Figure 1 Inexpensive Internet VPN requires security measures

Figure 2 IP-VPN and wide area Ethernet are safe because they use the closed network of telecommunications carriers.

　And, unlike one-on-one communication services like the previous dedicated lines, the IP-VPN / wide area Ethernet is a multi-type communication service.It is listed.It is thought that companies with many employees have a large number of bases.If you configure a "full mesh" topology that connects all bases, it will be difficult to manage countless VPN tunnels.

　If this is IP-VPN / wide area Ethernet, you can communicate with any other base simply by connecting a new base to the net (Fig. 3).In fact, it is a tree-type communication service centered on the net, and the IP-VPN net is considered a "router" that covers the whole country, and the wide area Ethernet network can be regarded as an "L2 switch" that covers the whole country.This is a feature that was not found in communication services such as dedicated lines, frame relays, and cellulille, which were used in the past.

Figure 3 Features of IP-VPN and wide area Ethernet

　In addition, IP-VPN and wide area Ethernet have various options for access lines.Since IP-VPN / wide area Ethernet is a communication network service, to use the service, it must be connected by "access line" from the user base to the net.This access line can be used not only for high -speed digital lines and Ethernet dedicated lines, but also for ATM dedicated lines, and ADSL and FTTH depending on the ATM line.There are also options such as access from entry VPN described later and remotely accessing from existing telephone networks.

Overview of IP-VPN and wide area Ethernet

　Let's start with the explanation of IP-VPN.The only layer 3 protocol that supports IP-VPN is IP.This is due to the IP-VPN net is an IP router network using MPLS.

　Remember the movement of the general router.In the IP-VPN network, when a new network is added, the routing information in the net is updated and packets can be transferred like a router.In other words, adding a base with IP-VPN is equivalent to adding a new network to the router.

　Many current data communications use IPs, but there are actually many cases where network layers (Layer 3) protocols other than IP are actually used.In such a case, in order to use the IP-VPN, a system, such as encapsulation of the protocol, must be prepared separately.

　There are also restrictions if you want to use a routing protocol between locations connected by VPN.In IP-VPN, basically static, or routing protocols often support only BGP (Border Gateway Protocol).As described in MPLS-VPN technology earlier, the edge router of the MPLS-VPN network connecting the user router uses a routing protocol called MP-BGP (Multi-Protocol Extension BGP).In other words, routing protocols such as RIP and OSPF, which are commonly used by users, cannot be used.The response around this is different depending on the telecommunications carrier, and it is necessary to contact us once.

　On the other hand, a wide area Ethernet is often composed of a switch net using tag VLAN.Also, using the technology called EOMPLS (Ethernet over Mpls) may configure an Ethernet network on an MPLS network of IP-VPN.In any case, if the LAN is connected to the wide area Ethernet, the L2 frame is transferred to another base as it is.This is the same as connecting a user LAN to a switch called a wide area Ethernet network.

　For this reason, the wide area Ethernet has no restrictions on Layer 3 protocols.I mentioned earlier that IP-VPN has a restriction on routing protocols, but if it is a wide area Ethernet, you can freely select a routing protocol.However, please note that the wide area Ethernet does not support spanning trees on the net side.In the wide-area Ethernet, although the range of access lines that can be used in the same way as IP-VPN, access with PPPs such as mobile phones and access by entry VPN may not be supported.

(Next page, easier and cheaper! Entraving VPN)