Basic classification of VPN
According to whether the VPN uses encryption, it can be divided into encrypted VPN and non-encrypted VPN. In contrast, encrypted VPNs are generally considered to be the preferred solution for constructing secure VPNs. Other types of VPNs, such as MPLS VPN, depend on their trust in the ISP and the security and integrity of the routing function. For non-encrypted VPNs, some forms of encryption are often used to make up.
• Encrypted VPN—Encrypted VPN uses various encryption mechanisms to ensure the security of communications transmitted over public networks. The purpose is to allow VPN communications to pass through public networks (such as the Internet) securely, such as those using IPSec, and VPNs established with IPSec use encryption algorithms to encrypt communications through public networks (such as the Internet).
• Non-encrypted VPN—Building an unencrypted VPN allows two or more private networks to be connected so that users of each private network can seamlessly access resources in their respective networks. The disadvantage of this non-encrypted method is that the communication security of the network cannot be guaranteed at all, or other non-encrypted methods can be used.
VPNs can also be classified according to their level in the OSI model. Generally can be divided into the following three categories:
• Data link layer VPN—For the data link layer VPN, two private networks use the Frame Relay protocol or ATM protocol, etc., and are connected at layer 2 of the OSI model. But their cost is usually very high, because they require the creation of a dedicated layer 2 path.
• Network layer VPN—The network layer VPN is constructed using Layer 3 tunneling and / or encryption technology, for example, a VPN constructed using an IPSEC tunnel and encryption protocol. The network layer is low enough in the protocol stack so that it can provide seamless connections for applications running on it.
• Application layer VPN—The application layer VPN is built for specific applications. A very good example is SSL-based VPN, which provides an encrypted channel between a web browser and a server running SSL. SSH was introduced as an encryption mechanism and a secure login session for various network devices. SSH can encrypt and create VPNs for other application layer protocols such as FTP and HTTP.
VPN other classification
In addition to the way of providing security and the classification of the OSI model, VPN has several classifications.
VPN based on business type
• Intranet VPN-used to connect two or more private networks within the same organization. When a distant office needs to be connected to the headquarters or when a company is acquired and needs to integrate its network into the main network of the acquirer, the intranet VPN can come in handy.
• Extranet VPN—usually used to connect multiple private networks to which multiple organizations belong. This is often used in the case of B-2-B, when two companies want to conduct a transaction together. A company ’s collaborators can also access the company ’s resources through a VPN on the Internet.
IE-LAB provides valid materials(accurate dumps) to help you pass your CCIE. For the written, we have valid workbooks that cover all real exam questions. You can easily pass the exam, usually 7 days’ preparation in enough. For the Lab exam, we will offer valid workbooks（real exam）, rack which is the same as real exam, one to one support, professional tutor and timely update.
Classified by VPN application
• Access VPN (remote access VPN)-client to gateway, using the public network as a backbone network to transmit VPN data traffic between devices
• Intranet VPN (Intranet VPN)-gateway to gateway, connecting resources from the same company through the company’s network architecture;
• Extranet VPN (Extranet VPN)-forms an extranet with a partner enterprise network, connecting one company with the resources of another company.
Classification by type of equipment used
Network equipment providers have developed different VPN network equipment for different customer needs, mainly for switches, routers and firewalls:
• Router-style VPN—Add VPN service to the router, this method is easier to deploy;
• Switch VPN—mainly used to connect VPN networks with few users;
According to the realization principle
• Overlay VPN—This VPN requires users to establish VPN links between end nodes themselves, including: GRE, L2TP, IPSec and many other technologies.
• End-to-end VPN—The network operator completes the establishment of the VPN channel on the backbone network, which mainly includes MPLS and VPN technologies.
This article is exclusively published by James from IELAB.NETWORK and cannot be reproduced without permission.
visit us: http://ielab.network