Table of Contents

1 Introduction
2 How can we benefit from using VPN
3 Why have a VPN
4 VPN Topology
5 Tunneling
6 VPN Protocols
7 Types of VPN
8 Advantages of VPN
9 DIsadvantages Of VPN
10 Future Scope
11 Conlcusion
12 References

1. Introduction (What is a VPN)

VPN Stands for Virtual Private Network is basically a group of
computers connected together through a network over a public
Network which is basically Internet.VPN is used to access network
resources when an individual is not connected on the same local area
network (LAN) and in Business we have to connect to remote data
centers or servers and this task is accomplished using VPN.Various IT
consulting firms where they communicate with clients or other
participating companies over a untrusted Public Network , VPN can act
as a method for securing and encrypting their communications.
Virtual. Virtual means not genuine or in an alternate condition of
being. In a VPN, private correspondence between two or more gadgets
is accomplished through an open network the Internet. Along these
lines, the correspondence is for all intents and purposes yet not
physically there.
Private. Private intends to continue something a mystery from the
overall population. Despite the fact that those two gadgets are
speaking with each other in an open situation, there is no outsider who
can intrude on this correspondence or get any information that is
traded between them.
Network A network comprises of two or more gadgets that can openly
and electronically correspond with each other through links and wire. A
VPN is a network. It can transmit data over long separations
successfully and effectively.
So, before going any further we need to differentiate between private
network and a virtual private network. A virtual Private network sends
data between two end points over public network by creating a secure
tunnel whereas private network uses leased lines for the same.

Figure 1 Private VS Virtual

VPN empowers clients to send and get information crosswise over
shared or open networks as though their registering gadgets were
specifically associated with the private network, and in this way profit
by the usefulness, security and administration approaches of the
private network. We can establish a virtual point to point connection
with the use of dedicated connections, Virtual tunneling protocols, or
traffic encryption. The establishment of connection can create a VPN. A
VPN traversing the Internet is like a wide area network (WAN). From a
client viewpoint, the amplified network assets are gotten to similarly as
assets accessible inside of the private network. Traditional VPNs are
described by a point-to-point topology, and they don't tend to bolster
or associate show spaces. VPN variations, for example, Virtual Private
LAN Service (VPLS), and layer 2 burrowing conventions, are intended to
conquer this impediment.

Figure 2 VPN
In the Figure 2 above we can see that Employees working from home
and from mobile location or device are connected to office network
using VPN over the public network, Internet. They are VPN client
connected to VPN server at Office location.
Despite the fact that the innovation behind VPN is confused, the
component fundamentally pieces individuals from looking into your
information, and ensures your personality by concealing your IP
address. Utilizing and interfacing with a VPN is as simple as getting to
your email account.
Basically, a VPN, Virtual Private Network, is characterized as a network
that uses open network ways however keeps up the security and
assurance of private networks. For instance, XYZ Company has two
areas, one in New York and New Jersey. All together for both areas to
convey proficiently, XYZ Company has the decision to set up private
lines between the two areas. private lines would confine free and
augment the utilization of their transfer speed, it will cost XYZ
Company a lot of cash since they would need to buy the
correspondence lines per mile. The more suitable alternative is to

execute a VPN. XYZ Company can snare their correspondence lines

with a nearby ISP in both urban communities. The ISP would go about
as a mediator, interfacing the two areas. This would make a moderate
little range network for XYZ Company.

2. How We Can Benefit from Using VPN

A VPN alone is only an approach to reinforce your security and access
assets on a system you're not physically associated with. This
individual has obligations to go to, and utilizes a VPN gave by their
school or organization to get to assets on their system when they're at
home or voyaging. Much of the time, this individual as of now has a
free VPN administration gave to them, so they're not precisely looking.
Additionally, in the event that they're stressed over security, they can
simply start up their VPN when utilizing air terminal or bistro Wi-Fi to
guarantee nobody's snooping on their association. Whether they're
downloading legitimately or unlawfully, this individual doesn't need on
some organization's witch-chase list since they have a torrent
application introduced on their PC. VPNs are the best way to stay safe
when utilizing something like Bit Torrenteverything else is only a
misguided sensation that all is well and good. Preferred safe over
attempting to shield yourself in court or paying a gigantic fine to
something you could conceivably have even done, isn't that so? The
protection minded and security advocate. Whether they're an in an
entirely checked environment or a totally free and open one, this
individual uses VPN administrations to keep their interchanges secure
and scrambled and far from prying eyes whether they're at home or
abroad. To them, unsecured associations mean somebody's perusing
what you say. The globetrotter. This individual needs to watch the
Olympics live as they happen, without managing their crummy nearby
systems. They need to look at their most loved TV appears as they air
as opposed to sitting tight for interpretations or re-telecasts (or watch
the adaptations publicized in different nations,) listen to area confined
spilling web radio, or need to utilize another web administration or
application that searches awesome however for reasons unknown is
constrained to a particular nation or district.
Some mix of the above. Chances are, regardless of the possibility that
you're not one of these individuals usually, you're some blend of them
relying upon what you're doing. In these cases, a VPN administration
can be useful, whether it's simply an issue of securing yourself when
you're out on the town, whether you handle touchy information for
your occupation and would prefer not to get terminated. Regardless of
the fact that nothing unless there are other options truly stable right to

you, you can in any case advantage from utilizing a VPN. You should
utilize one when you travel or work on an untrusted system (read: a
system you don't own, oversee, or trust who deals with.) That implies
opening your portable PC at the coffeehouse and signing into Facebook
or utilizing your telephone's Wi-Fi to check your email at the airplane
terminal can all conceivably put you at danger.

3. Why Have a VPN

A VPN spares organizations from leasing costly committed rented lines,
VPN's give the capacity for clients to telecommute and spares cost on
assets, for example, email servers, document servers, and so forth, as
all these can be gotten to on the VPN association at the focal site.
A genuine illustration would be if an organization was part into two
locales (When alluding to destinations we mean workplaces), the
primary site in the US and a littler site in the UK. The US site has as of
now a full system and capacity foundation set up which comprised of
dynamic catalog, a trade server, document server et cetera. The UK
site just comprised of a little number of clients, suppose 10
representatives. To make this specific situation financially savvy a VPN
association from site to site would be the best arrangement. Giving a
VPN burrow from the UK site to the US site would spare expenses from
installing another system foundation, trade server, dynamic index
server etc. As the US site would as of now have heads keeping up
servers and the foundation and can now keep up the VPN association
and also different assets would demonstrate another region where
investment funds would be made.
Another cost sparing situation to the above illustration would be to
shut the UK site down where representatives situated in UK could
telecommute. A remote access VPN situation would be suited if the 10
clients were not based anyplace specifically, and there was no UK
based office. For this situation they would simply require a web
association and an arranged VPN customer programming empowering
them to safely interface with their corporate system in the US. On the
off chance that they were utilizing SSL VPN then they would not require
an arranged customer side programming, they would simply require
the URL location to interface with the VPN gateway.
So VPN's give an eminent and financially savvy answer for
organizations with a few branch workplaces, accomplices, and remote
clients to share information and associate with their corporate system
in a safe and private way.

With ordinary web activity, parcels can be sniffed and read by anybody.
However sending information through a VPN burrow epitomizes all
information parcels giving abnormal state of security. In the event that
parcels which were sent safely over the web were sniffed, they would
be ambiguous and if adjusted this would likewise be recognized by the
VPN entryway.

4. VPN TOPOLOGY (How It Works)

Internet connection is needed to begin using VPN and Internet
connection is provided by Internet Service Provider. Internet Service
providers can provide different kind of services which vary based on
the use either it can be for personal use that is for home (slower speed
dial up connection) or for business (Fast Internet Connection). Routers
or Switches are configured to connect to the Source internet to give
access to VPN.
Permanent Virtual Circuit It is a virtual circuit which is dedicated to a
single user like a leased line. PVCs are created by VPN instruments
through tunnels which encapsulate the senders data in IP Packets and
routing is hidden and Internet infrastructure is switched for sender and
receiver. The VPN device at the sending office takes the active parcel
or outline and typifies it to travel through the VPN burrow over the
Internet to the less than desirable end. The process is quite
transparent for sender as well as receiver. Once the packet arrives at
the destination device just turns off the VPN frame and receiver
network receives the original packet.
OSI Open system Interconnection has layer2 or layer 3 and VPN
operates on either of these layers. Layer 2 has Ethernet frames and
layer 3 has IP packets which are used by VPN.
In Layer 3 VPN eliminates incoming layer 2 frame and makes a new
layer 2 frame. There are various protocols for creating layer 2 VPN over
the internet out of which two of the most famous are L2TP (layer 2
tunneling protocol) and PPTP (point to point tunneling protocol). MPLS
(Multiprotocol Label switching) is used in Layer 3 VPNs.

5. Tunneling
Tunneling is a procedure of utilizing an internetwork base to exchange information for one
system over another system. The information or payload to be exchanged can be the edges of
another convention. The Tunneling convention embodies the casing in an extra header, rather
than sending the first casing as delivered by the starting hub. The extra header gives steering data
to empower the typified payload to navigate the transitional internetwork. The exemplified edges
are steered between passage endpoints over the internetwork. A passage is the consistent way
through which the exemplified parcels go through the internetwork. At the point when a typified
outline touches base at its destination on the internetwork it is embodied and sent on to its last
destination. Burrowing incorporates the whole procedure of exemplification, transmission and
embodiment of edges.
Few tunneling technologies:3 D F 8 B 5 0 6 E 4 A 1 6 9 4 E 4 6

GRE Generic Routing Encapsulation (rfc 1701/2)

IPsec Internet Protocol Security Tunnel Mode

PPTP - Point-to-Point Tunneling Protocol

L2F Layer 2 Forwarding

L2TP Layer 2 Tunneling Protocol

6. VPN Networking Protocols

Four main protocols used by VPN tunnels are:
Point to Point tunneling protocol (PPTP)
PPTP is a convention or innovation that backings the utilization of
VPN's. Utilizing PPTP, remote clients can get to their corporate systems
safely utilizing the Microsoft Windows Platforms and other PPP
empowered frameworks. This is accomplished with remote clients
dialing into their nearby web security suppliers to interface safely to
their systems by means of the web.
PPTP has its issues and is considered as a feeble security convention as
per numerous specialists, despite the fact that Microsoft keeps on
enhancing the utilization of PPTP and cases issues inside PPTP have
now been revised.
Layer 2 Tunneling Protocol (L2TP)
L2TP is an augmentation of the PPTP utilized by web suppliers to give
VPN administrations over the web. L2TP joins the usefulness of PPTP
and L2F (Layer 2 sending convention) with some extra capacities
utilizing a percentage of the IPsec usefulness. Additionally, L2TP can be
utilized as a part of conjunction with IPsec to give encryption,
confirmation and honesty.
IP Security (IPsec)
IPsec works on layer 3 thus can secure any convention that keeps
running on top of IP. IPsec is a system comprising of different
conventions and calculations which can be added to and created. IPsec
gives adaptability and quality inside and out, and is a practically

idealize answer for securing VPN's. IPsec is utilized for both site to site
and remote client availability.
Secure Socket Layer (SSL VPN)
SSL VPN gives fantastic security to remote access clients and in
addition convenience. SSL is as of now vigorously utilized, for example,
when you shop web you will see a SSL ensured page when you see the
"https" in your program URL bar instead of "http". Using SSL VPN would
mean a huge number of end client's eventual ready to get to the
corporate system without the backing of a director and conceivable
hours of arranging and investigating, not at all like IPsec. The end
client would simply need to know the location of the SSL VPN.

7. Types of VPN.

Figure 3 Types OF VPN

Figure 3 above briefly describes the different layer and types of VPN and
Protocols.

Service Provider and Customer Provisioned VPNs

Two types of VPN:

Service provider provisionedVPNs that are configured and

managed by a service provider or providers

Customer provisionedVPNs that are configured and managed by

the customer itself

Note that the client of the administration supplier might be either an

undertaking or another administration supplier, in which case, the
administration supplier that offers the VPN administration is known as a
transporter of bearers, and the administration offered to the client
administration supplier is known as a bearer's transporter VPN
administration. Also, a VPN administration may be offered over the spine
systems of different participating self-governing frameworks and/or
administration suppliers. For this situation, the VPN administration is referred
to as a between AS or inter provider VPN administration. provider provisioned
VPN Example:

Virtual Private Wire Service (VPWS) VPNs

Virtual Private LAN Service (VPLS) VPNs

IP-Only Private LAN Service (IPLS) VPNs

IPsec
customer provisioned VPN Examples:

GRE VPNs

IPsec VPNs

Site-to-Site and Remote Access VPNs

Two broad categories of VPN

Site to site

Remote access

VPNs

Site-to-site VPNs allow connectivity between companies such as MNC

Geographically like head and branch offices.

Figure 4 Site to Site VPN

There are two types of site-to-site VPN:

Intranet VPNsConnects different locations of one company

Extranet VPNsConnects different companies together. It can also be

companies and their clients.
Remote access VPNs connects home or we can say mobile users who
work outside of companys network and want to access companys
resources.

It empowers versatile clients to build up an association with an

association server by utilizing the framework gave by an ISP (Internet
Services Provider). Remote access VPN permits clients to interface with
their corporate intranets or extranets wherever or at whatever point is
required. Clients have admittance to every one of the assets on the
association's system as though they are physically situated in
association. The client associates with a neighborhood ISP that
backings VPN utilizing (POTS), (ISDN), (DSL) etc.
Below figure illustrates Remote access VPN.

Figure 5 Remote Access VPN

Service Provider Provisioned Site-to-Site VPNs

Site to Site VPN further is categorized into:

Layer 1 VPNs

Layer 2 VPNs

Layer 3 VPNs.

Layer 1 VPN Transport layer where all the services are managed through
GMPLS (Generalized Multiprotocol Label Switching)
Layer 2 VPNs
This site to site VPN is configured with switches routers and hosts and
connects between different locations of a company. Layer 2 addressing
handles the communication part. Layer 2 header such as MAC address etc.
and incoming user traffic forwarding is done by PE Devices.
PE Devices also known as Provider Edge router.
Two types of layer 2 VPN: -

Point-to-point (P2P) Draft Martini (MPLS) or L2TPv3 are used in

constructing P2P circuit.

Multipoint-to-multipoint (M2M) VPNs

M2M are of two types

1.

Virtual Private LAN Service (VPLS)

2.

IP-Only LAN Service (IPLS)

Layer 3 VPNs
Layer 3 connects host, switches and routers at different clients site. All
communication is based on Layer 3 addressing and same PE device used for
forwarding with header information as discussed in layer 2.
Two types of layer 3 VPN: PE-based VPNs client network addressing system is used by PE devices in
layer 3 VPN in network routing and forwarding traffic.
PE-based VPNs also called as Network-based.
PE-based has further two types of VPNs
RFC4364/2547bis style
A separate routing and forwarding tables are maintained by PE Devices for
each VPN. Multiprotocol Border Gateway Protocol (MP-BGP) is used to publish
routes between devices.
Virtual Router (VR) based
For each VPN spate logical routers are maintained with each router having
their own protocol instances.

Figure 6 PE based

CE-based VPNs / CPE based VPNs

Client network routing and forwarding is not handled by PE devices whereas
they forward traffic based on globally unique addressing system. GRE and
IPsec protocols are used to configure tunnels between CE devices.

Figure 7 CE based

Customer Provisioned Site-to-Site VPNs

CE devices such as routers are used to configure VPN tunnels and client data
traffic is sent over those tunnels using different protocols such as GRE, IPsec.
Service Provider and Customer Provisioned Remote Access VPNs

There are two tunnels mode to configure remote VPN.

Two tunnels are: Compulsory tunnel modeIn this mode NAS Network attached Storage
acts as a tunnel and sends traffic over VPN using protocols such as L2F, PPTP
etc. this VPN is service provider provisioned.
In Figure 5, we can see compulsory tunnel in VPN.
Voluntary tunnel modeThis VPN can be wither service provider or
client provisioned. We do not use NAs here instead traffic is directly between
client and VPN gateway.
In Figure 5, we can see Voluntary tunnel in VPN.
VPDN - Virtual Private Dialup Network. Remote users can connect to a dial
over PSTN or ISDN. This was used in earlier times now we have DSL and
other high speed connections to connect.

Few other categories of VPN

Overlay and peer VPNs:

OverlayVPNS client network address is not disclosed to PE devices

for routing and routing information is also not shared with service
providers. Example ATM.

Peer VPNsThis is exactly opposite to overlay client network address

is disclosed to PE devices and routing is done based on client network
address. CE device and PE device exchange info with each other such
as routes. Example MPLS.

Connection-oriented and connectionless VPNs:

Connection-oriented VPNsIn connection-oriented VPNs, VCs or

tunnels are set up to carry VPN traffic. Example Frame Relay.

Connectionless VPNsNo tunnel is configured in connectionless VPN

8. Advantages of VPN
VPN's kill the requirement for costly rented lines. Generally, leased lines
have been utilized interfacing office areas together as a part of a
protected way. On the off chance that the workplace areas are further

away, the expense of leasing these minimum lines can be excruciating.

A VPN however, just obliges you to have a broadband web association,
thus abstaining from paying a heavy whole of month to month rental on
devoted rented lines. VPN's are additionally a substitution for remote
get to server's and dial up system associations albeit once in a while
utilized any longer.
Having numerous branch workplaces over the globe requires numerous
rented lines, thus does not scale well. Every office would require a
rented line to every single other office. VPN's interfacing by means of
the Internet is a significantly more versatile arrangement, as
contradicted rented lines.
Using join adjusting and interface holding VPN's can utilize two or more
web associations, so if one association at your organization had an
issue all VPN activity can be sent over the remaining associations, and
will naturally utilize the first association when it is go down once more.

9. Disadvantages of VPN
However, having a VPN implies relying on the Internet, and relying that
your ISP is dependable, in spite of the fact that this issue can be
diminished by having two or more ISP's and utilizing the second as a
part of a VPN failover scenario. Also VPN's require cautious setup.

10.

Future Scope

What's to come is in incorporated VPNs which rely on upon how VPNs

industry will enhance their exceptional qualities that will empower customers

to speak viably with different purchasers. Along these lines, a VPN makes an
extensive, multi-site, far reaching information system which takes into
account each gadget to be particularly tended to from anyplace on the
system. This implies focal assets can be gotten to from any website in the
association or from any Internet-associated area around the globe. The
specialized issues included in associating many remote locales to a focal
system are broad. It regularly includes the buy of extremely costly highthickness spine switches or the utilization of excessive casing transfer
administrations. These frameworks are rarely simple to bolster and regularly
require expert abilities. Additionally, it relies on upon the capacity of
intranets and extranets to convey on their guarantees. Most importantly VPN
organizations must consider to cost putting something aside to service of
VPNs. As a rule, the more the organizations supply less expensive expense of
administrations, the more items or requests increment for them on the
business sectors. In this manner, they will win high benefit then spend a ton
of cash for growing much higher quality VPN.

11.

Conclusion

VPN is a developing innovation that has made considerable progress.

From a shaky sever of Public Telephone systems to an effective business
help that uses the Internet as its portal. VPN's innovation is as yet
creating, and this is an incredible point of interest to organizations,
which need innovation that can scale and develop alongside them. With
VPN organizations now have elective advantages to offer to their
representatives, workers can telecommute, deal with kids while as yet
doing beneficial, and have admittance business related data at
whatever time. VPN will likewise make the likelihood of a business
growing its administrations over long separations and comprehensively,
to a greater extent a reality.

12.

Reference

Virtual Private Network retrieved from

https://en.wikipedia.org/wiki/Virtual_private_network

Layer 2 and Layer 3 VPN retrieved from

http://www.cisco.com/networkers/nw03/presos/docs/ACC-2001.pdf

Introduction to VPNS retrieved from

http://www.cisco.com/networkers/nw00/pres/2400.pdf

Comprehensive guide to VPN retrieved from

http://www.redbooks.ibm.com/redbooks/pdfs/sg245309.pdf

VPN retrieved from

http://www.cse.wustl.edu/~jain/cis788-99/ftp/h_7vpn.pdf

How Virtual private network Works retrieved from

https://www.communicat.com.au/wpcontent/uploads/2013/04/how_vpn_work.pdf

Types of VPN retrieved from

https://www.juniper.net/documentation/en_US/junos13.3/topics/concept
/vpn-types.html

VPN Protocols retrieved from

http://techpp.com/2010/07/16/different-types-of-vpn-protocols/

VPN Tunnels retrieved from

http://compnetworking.about.com/od/vpn/a/vpn_tunneling.htm