AVirtual Private Network(VPN) extends aprivate networkacross apublicnetwork, such as theInternet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network, and thus are benefiting from the functionality, security and management policies of the private network.A VPN is created by establishing a virtualpoint-to-point connection through the use of dedicated connections, virtualtunnelling protocols, or traffic encryption.
A VPN spanning the Internet is similar to awide area network(WAN). From a user perspective, the extended network resources are accessed in the same way as resources available within the private network.Traditional VPNs are characterised by a point-to-point topology, and they do not tend to support or connectbroadcast domains. Therefore, communication, software, and networking, which are based on OSI layer2 and broadcastpackets, such asNet BIOSused inWindows networking, may not be fully supported or work exactly as they would on alocal area network(LAN). VPN variants, such asVirtual Private LAN Service(VPLS), and layer 2 tunnelling protocols, are designed to overcome this limitation.
VPNs allow employees to securely access the corporate intranet while travelling outside the office. Similarly, VPNs securely connect geographically separated offices of an organization, creating one cohesive network. VPN technology is also used by individual Internet users to secure their wireless transactions, to circumvent geo restrictions and censorship, and to connect toproxy serversfor the purpose of protecting personal identity and location.
Multiprotocol Label Switching (MPLS) is a protocol for speeding up and shaping network traffic flow.
MPLS was created in the late 1990’s to avoid having routers waste time by having to stop and look up routing tables. The protocol allows most packets to be forwarded at the Layer 2 (switching) level rather than at the Layer 3 (routing) level. Each packet gets labeled at the edge of the service provider's network and that label determines which pre-determined path the packet will follow. The paths, which are called label-switched paths (LSPs), allow service providers to decide ahead of time what will be the best way for certain types of traffic to flow within a private or public network.
MPLS uses a variety of protocols to establish Label Switched Paths (LSPs) and forward IP packets across the network. The first (ingress) router inserts a label (or a stack of them) in front of the IP header and forwards the packet. All the subsequent routing switches ignore the IP headers and perform packet forwarding based on the labels in front of them. Finally, the egress router removes the label and forwards the original IP packet toward its final destination.
Service providers can use MPLS to improve quality of service (QoS) by implementing service level agreements (SLAs) that define acceptable levels of latency, jitter, packet loss and downtime. For example, a network might have three service levels -- one level for voice, one level for time-sensitive traffic and one level for traffic that won't matter if it takes a few extra milliseconds to travel through the network. The protocol also supports traffic separation and the creation of virtual private networks (VPNs), virtual private LAN services (VPLS) and virtual leased lines (VLLs).
MPLS got its name because it works with the Internet Protocol (IP), Asynchronous Transport Mode (ATM) and frame relay network protocols. A common misconception is that MPLS is only used on private networks, but the protocol is used for all service provider networks -- including Internet backbones. Today, Generalized Multi-Protocol Label Switching (GMPLS) extends MPLS to manage time division multiplexing (TDM), lambda switching and other classes of switching technologies beyond packet switching.