VPN acronym roundup
With so many VPN technologies and acronyms floating about, trying to keep up with which protocol does what can be quite a chore. In this tip, we have an acronym roundup and explain briefly how these relate to each other and give some clues to help you figure out which technology right for you.
- Layer 2 Forwarding was created by Cisco and submitted to the IETF in '96 (practically
pre-historic in Internet-time). Its purpose was to help service providers create Virtual Private
Dialup Networks (VPDN).
- the result of a joint-effort by Cisco and Microsoft, Layer 2 Tunneling Protocol is responsible
for creating and managing tunnels. For encryption, it relies on IPSec. L2TP tunnels can operate in
voluntary or compulsory mode, but voluntary are much more common. IPSec over L2TP is generally
considered more secure than PPTP because of the architecture and strength of keys. This protocol
will eventually replace Cisco's L2F and Microsoft's PPTP.
- A Microsoft standard, the Point-to-Point Tunneling Protocol eventually was defined in an informational RFC. Although generally not well regarded, PPTP does have some strengths. Unlike IPSec, it can encrypt and transport non-IP protocols and it is compatible with Network Address Translation. It is also much more widespread because it's included for free
- in most Windows
operating systems. For better or worse, it can integrate authentication with the Windows NT/2000
domains and unlike L2TP, most PPTP tunnels are compulsory. PPTP is frequently used for both
remote-access and for connecting remote offices in an intranet.
- Point to Point Protocol over Ethernet is a standard that allows the encapsulation and
authentication properties of PPP to be used over other layer 2 technologies such as Ethernet. This
technology is used almost exclusively by the xDSL providers.
- Unlike all the previous examples, IPSec operates at layer 3 instead of layer 2. It is primarily
used to encrypt and authenticate traffic using the Encapsulation Security Payload (ESP) but can be
used for authentication only with the Authentication Header (AH) protocol. Although very secure, it
has some drawbacks. It is incompatible with NAT and it doesn't allow other layer 3 protocols, such
as Appletalk or IPX to be encapsulated. (thus the name, IP Sec). A significant advantage of IPSec
is strong authentication using smart-cards or Digital Certificates.
- Generic Routing Encapsulation is another layer 3 protocol that is used primarily to encrypt traffic, but it also has the advantage of supporting non-IP protocols.
Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.
This was first published in October 2001