VPN Protocols

The term "VPN" has taken on many different meanings in recent years. VPNC has a white paper about VPN technologies that describes many of the terms used in the VPN market today. In specific, it differentiates between secure VPNs and trusted VPNs, which are two very different technologies.

For secure VPNs, the technologies that VPNC supports are

• IPsec with encryption
• L2TP inside of IPsec
• SSL with encryption

For trusted VPNs, the technologies that VPNC supports are:

• MPLS with constrained distribution of routing information through BGP ("layer 3 VPNs")
• Transport of layer 2 frames over MPLS ("layer 2 VPNs")

IPsec is the most dominant protocol for secure VPNs. SSL gateways for remote-access users are also popular for secure VPNs. L2TP running under IPsec has a much smaller but significant deployment. For trusted VPNs, the market is split on the two MPLS-based protocols. Companies want to do their own routing thend to use layer 2 VPNs; companies that want to outsource their routing tend to use layer 3 VPNs.

The various VPN protocols are defined by a large number of standards and recommendations that are codified by the Internet Engineering Task Force (IETF). There are many flavors of IETF standards, recommendations, statements of common practice, and so on. Some of the protocols used in IPsec are full IETF standards; however, the others are often useful and stable enough to be treated as standard by people writing IPsec software. Neither of the trusted VPN technologes are IETF standards yet, although there is a great deal of work being done on them to get them to become standards.