Is maintaining the status quo on your VPN costing you?
MPLS vs. IPSec VPN.
January 2008
In this edition of the Netforce newsletter, we discuss latest technologies in MPLS & IPSec VPNs & analyse site to site VPNs in relation to various factors to assist in identifying your business requirements. Click here for best practices and an informed summary of MPLS & IPSec networks.
Definition of Private Networks (MPLS)
Broadly speaking, there are two types of Virtual Private Networks; IPSec (or Internet based VPNs) and Private Networks (or Multiprotocol Label Switching (MPLS) networks).
Private networks create privacy from segregating packets based on their MPLS labels. Traffic for a particular label is read only by the carrier's LSRs (Label Switch Routers) along a defined path. Normal IP routing methods work in conjunction with the MPLS fabric -only the MPLS labels are read to deliver traffic between sites. This is equivalent to your own dedicated link.
Definition of IPSec VPNs (Public or Internet based VPNs)
IPSec VPNs have come to be defined as encrypted tunnels over Layer 3 protocols. The encryption makes the addressing and data unreadable and, thus, private. The encrypted payload is placed in another packet that carries it across the network, upon arrival the encrypted packet is authenticated and unencrypted.
The IPSec protocol is a suite of open standards that provides the framework for a device-based (rather than network based) VPN. The suite includes :
| • | authentication, to make sure you are connecting with a trusted party, |
| • | key exchange |
| • | and encryption, to make sure that your traffic stays private and hashing to make sure that it is not changed on the way. |
A key point is that data that passes between gateways is encrypted, unlike MPLS networks.