Building VPN using IPv6 1

Kazuhiko Nakahara, BIGLOBE Design and Operations Division, NEC
Hiroki Ishibashi, Business Networks Division, NEC



Business activities are dependent on communications so much these days that it is not an overstatement to say that the success of the company depends on building Internet-based corporate networks and establishing Internet based businesses that are cost effective and secure. In today's business environment, reducing the cost of communications is a big challenge for many companies. One solution to this problem is to use Virtual Private Network (VPN). By using VPN, companies can build a virtually closed network on a shared network.

There are two types of VPN, Layer-2-based VPN and IP-based VPN. Sometimes IP-based VPN is further divided into two categories; those that are build on shared IP networks closed to Internet Service Providers are called IP-VPN, and those that are build on the Internet using encryption technologies such as IPsec are called Internet VPN. When building virtual links that comprise VPN, there are many decisions to make including selecting protocols such as L2TP and PPTP, and choosing appropriate virtual tunnels for IPsec. Furthermore, there are many parameters to choose from. For example, companies must choose whether they want to do manual key exchange, or use key exchange protocols such as IKE (Internet Key Exchange). Multiple technologies are used to build VPN, and one must chose which technologies to utilize based on the purpose of the network and characteristics of each technology.

We already mentioned that IPsec is one of the technology used for building IP-based VPN. IPsec is considered mandatory in IPv6 implementation. IPsec was an additional function in IPv4, but IPv6 includes it as a basic functionality. Because of this, it can be said that all IPv6 products are also IP-VPN compliant or Internet VPN compliant (actual use of VPN will depend on the particular installation). In this article, we will take a look at ways to upgrade normal IP-VPN and Internet VPN to IPv6 based VPN.


Preparing for installation of VPN


Figure 1
Network configuration before the installation of VPN


Figure 2
Network configuration after the installation of VPN

When connecting headquarters of a company with its branch offices and sales offices, it is a common practice to use dedicated line or frame relay service as shown in Figure 1. In Figure 1, we assume that both companies A and B use dedicated line as a media for their network. However, fees for using dedicated line depend on the distance, and these fees can become a big burden for companies that have many offices. VPN can be useful in this type of situation. Figure 2 shows a network configuration after the installation of VPN. At this stage, Intranets for both companies A and B are turned into VPN. This type of VPN just replaces dedicated line, but its purpose is clear. The replacement is driven by an effort to reduce cost, while supporting an increasing demand for communications.


Motivations for using IPv6

Recent trend in communications is a slow but steady increase in the demand for Peer-to-Peer (PtoP) communications. This trend is reflected clearly in the protocols used by the communication traffic. Not all ISPs are disclosing the data, but it seems that until few years ago more than 50% of the traffic was using port 80 (Web). However, current Internet is used for many different types of communications. At this point in time, it is conceivable that only a limited number of users are generating the majority of PtoP traffic. However, as the business model and fee structure becomes better adapted to this type of traffic, majority of users may start using PtoP, and in the near future, we need to come up with an environment that can meet the demands for PtoP. We are speculating that attempts to change the business model from client-and-server model to PtoP model is already beginning in some companies.
In the case of the company A in the above example, branch office and sales offices 1 and 2 are still limited to communication via the headquarters. This type of communication makes sense when information is concentrated in the headquarters. However, not all the information flow in the company must confer to client-server model. Sales offices 1 and 2 might want to communicate directly with each other using PtoP. If there is an alliance with company B, it might be possible to increase the efficiency of the business by allowing branch offices of companies A and B to communicate directly with each other using PtoP.

previous 1/2 next