Introduction
conceptual model helps us understand the
VPN usually stands for Virtual Private
Network, although the expression Virtual
Private Networking is also found, namely on
our fellow tutor's book, “Computer Networks”
[1].
Maybe the designation VPN(s), using the
plural, makes it more clear that we are talking
about a plurality of things but that do not
encompass separate physical structures.
This disambiguation are a bit relevant and the
more so because of the plethora of different
names and concepts that are used when we talk
about the internet, also called, the Internet,
using upper-case, or simply, the net.
Basically we ought to distinguish in the first
place between the concept of internetworking,
which involves connecting two or more
computer networks that functions as a single
large network, and the more generalized
concept of the Internet: a network of networks
unified by an internetworking protocol
standard, a set of protocols generally named
the Internet Protocol Suite (TCP/IP), that
involves these two fundamental protocols – the
TCP and the IP – among others.
The OSI (Open System Interconnection)
model represents the building blocks for
internetworks. Understanding this widely used
complex pieces that make up an internetwork
and for that matter to understand the Internet:
the network of all those resulting large
computer networks.
So we see that internetworking is a wide
concept as it encompasses the concept of
computer network – a group of interconnected
computers – and can be connecting more than
two of those.
The term private network has been used in
the past to designate different computer
networks, like LANs, WANs, SANs or MANs
(Local, Wide, Storage and Metropolitan Area
Networks). These are computer devices that
are connected with each other and made
private using a dedicated connection, usually a
leased line – made private upon agreement -
from the public telephone infrastructure. There
are emerging terms such as SOHO (Small
Office/Home office), H/PAN (Home or Private
Area Network) to designate private networks
in a home or office place, but they are
basically LANs.
The two main aspects of VPNs will lead us to
the idea of virtual, the illusion of a direct
connection and separate physical structure, and
that of private, that can be kept secret:
tunnelling and encryption.
The concept of encapsulation will be used in
the context of tunnelling and despite being
also a main aspect of our topic area it is used
in quite different contexts along the computer
networks study, namely in the network
delivery protocols.
A tunnelling protocol encapsulates packets at a
peer level. It can be used to transport multiple
protocols over a common network or provide
the vehicle for a point-to-point link that using
encryption makes up a Virtual Private
Network. The idea of "tunnel" is that of
creating a way for packets of different types to
share the same peer-to-peer mechanism. A
tunnelling protocol should not be confused
with an “encapsulation protocol” because
many network protocols encapsulate. It is for
that matter more correct to see it a "port
forwarding" protocol that allows reaching a
destination bypassing the routing “port
forwarding” mechanisms.
Topic Area Context – The pay-once/plug-and-play desirability
In our topic area, VPNs, we will now have a
closer look on anything that may lead us to an
innovation. This new idea could be an
invention related to any of the tunnelling
protocols used in VPNs, a new encryption
method that could bring some advantage
and/or new terminology along what we called
an acronym focused approach.
2
COMER, 2007 [2] gives us a very good
explanation of what a VPN is doing with his
analogy of letters addressed inside another
letter's envelope, with a different address. The
same way, VPNs use tunnelling to encase data
and the messages to be exchanged – the
payload protocol – and creates a peer-to-peer
that uses the public network delivery protocol
and will need for that matter some form of
encryption to secure such communication.
As Dr Goran Bezanov states in his text:
“Many protocols encapsulate the data;
however tunnelling refers to those protocols
that carry a protocol from another networking
system within an IP packet; such as for
example, transmitting NetWare IPX packets
within IP”. [3]
The term virtual has been sometimes soundly
used in computing and computer science,
namely in expressions like “virtual circuit” and
“virtual memory”. Alternatively, the term
logical is used pretty much in the same sense
and with the same meaning, as in the
expression “logical address”.
So maybe VPNs could be called, or named,
Logical Private Networks..., and despite that
seeming more ado, for a Shakespeare's thing,
Google's indeed retrieving some relevant
results that relate that freshly made-up
expression with the former.
A considerably more sober and well written
explanation of all these VPNs subtleties and
their discrete nature can be found along the
paper: "What is a VPN?", by Geoff Huston and
Paul Ferguson [4].
Another good reference that was very useful to
make sense of the different kinds of VPNs
along the different tunnelling protocols used
was the article “Types of VPNs”, by Erik
Rodriguez [5]
Among the tunnelling protocols used in VPNs
we have: IPIP (RFC 1241 , RFC 1853 , RFC
2003), GRE - Generic Routing Encapsulation
(created by Cisco), IPSec (RFC 4301) , L2TP
- Layer2 Tunnelling Protocol. (RFC 2661) ,
PPTP - Point-to-Point Tunnelling Protocol
As for the IPsec tunnelling protocol a salient
3
(RFC 2637) and SOCKS (RFC 1928).
In coming up with a new encryption method
that brought some advantages we considered
the fact that L2TP uses UDP to transport the
PPP data and that this is often encapsulated in
IPSec for encryption instead of using Point-to-
Point encryption as does PPTP, for instance.
Both L2TP and PPTP work at the link layer
(layer 2), while IPsec at the network level
(layer 3) and SOCKS at the Application level
(he SOCKS client is implemented between the
application and
transport layers).
An important concept in L2TP is that of
Attribute Value Pair (AVP).
We couldn't come up with new idas to
implement but here follows one image
representing the L2TP Header Format and one
along how AVP is organized:
feature is that it encompasses encryption and
because we were aware of a new trend in
encryption aiming to surpass other methods,
like AES and others, called “Elliptic curve
cryptography” (ECC), we did seek for it along
tunnelling to find out that someone has
proposed this kind of encryption for a specific
feature used in IPsec, the IKE (Internet Key
Exchange) (SOLINAS 2007, RFC 4754) [6]
From KOSIUR, 1998 [7] we get and
understand that “although IPSec is more of a
site-to-site tunnelling protocol that doesn't
require any ISP intervention both PPTP and
L2TP [on the other hand] provide ISP(s) with
an opportunity to provide value-added
services for a VPN.”
He mentions for instance the case of providing
special access concentrators to initiate tunnels
on behalf of remote callers.
Another important trend is that of
“Multiprotocol Label Switching” (MPLS) and
for that matter a salient feature in MPLS
VPNs' future is that of monitoring LSP
availability in MPLS networks [8].
One important protocol sometimes mentioned
along the subject of communications is also
that of a HTP (Human Telephonic Protocol),
that basically establishes common-senses like
for instance “Hi!” or “Hello” to start a
conversation. “Wer geboren zuerst?” (WBF)
is a little more complicated, but is likely that
4
Einstein would get along it better than Walt
Disney. Who born first, basically.
And don't forget – just as a remark – there is a
tool called “stud finder” that may avoid you
problems and accidents if you ever dare to drill
a hole in a wall! Is always good to know.
Also considered for our new ideas and
innovations were the authentication methods.
And if you like acronyms – along what our
approach – here you have other three, to add
up to our investigations, that you may find
quite worth having a look:
• Remote Authentication Dial In User
Service (RADIUS)
• Online Certificate Status Protocol
(OCSP)
• Challenge Handshake Authentication
Protocol (CHAP)
Along the "Virtual Private Networks
Identifier" methodology (RFC 2685), there are
two salient features in VPNs, and because
RFCs are of inherent public nature I will freely
quote from it : “(1) Because a VPN is private,
it may use a private address space which may
overlap with the address space of another VPN
or the Public Internet.
(2) A VPN may span multiple IP Autonomous
Systems (AS) or Service Providers.”
New Idea – Ubiquitous ready machines

Our new idea is very simple and can be stated
very clearly: to use VPNs so that the end user
will be able to have ready machines with
different licensed operating systems and
software, of any kind and sort, provided that
he has a service provider for that matter, that
can after all provide that product and services
with a pay-once and life-time guarantee.

Conclusion

The future of proprietary and open source
Operating Systems is still an unknown, but
trends in server-side software, cloud
computing and all along buying/renting/hiring
of licensed products and services is very likely
to keep loving the idea of Plug-and-Play
(PnP), and, maybe even more of pay-once.
And finally, the future VPNs may foster the
future of digital cash, that despite being in
demand for a long time by many individuals as
been made postponed because of security
issues and its costly implementation. With new
authentication methods and more reliability on
privacy and more integration of QoS, there is
likely that digital cash may become a reality in
our present space and time existence.
The reasons why VPNs have been dismissed in
so many up-to-date books on the subject of
computer networks is a bit odd, meanwhile it
may be even more stranger to find out that
most LEDs are red and/or that blue LEDs
should be named BLEDs instead.

References

[1] BEZANOV, Goran 2007 , 'Computer Networks – An Overview Series Publication'

[2] COMER, Douglas 2007 Internet Book, The: Everything You Need to Know About Computer
Networking and How the Internet Works, 4/e

[3] BEZANOV, Goran 2007 , 'Computer Networks – An Overview Series Publication', pp. 166

5
[4] HUSTON, Geoff & FERGUSON, Paul , 1998, 'What is a VPN?', viewed October 2009
<http://www.potaroo.net/papers/1998-3-vpn/vpn.pdf>

[5] RODRIGUEZ, Erik , 2008, 'Types of VPNs', viewed October 2009

<http://www.skullbox.net/vpn.php>

[6] SOLINAS, Jerome , 2007, 'IKE and IKEv2 Authentication Using the Elliptic Curve Digital
Signature Algorithm (ECDSA)', viewed October 2009, <http://www.rfc-editor.org/rfc/rfc4754.txt>

[7] KOSIUR, Dave , 1998, 'Building and Managing Virtual Private Networks', JohnWiley & Sons,
Inc, England

Appendix 1– Relevance and reliability of sources

References number [1] and [3] are of the same book and should be listed only one. The reason we
use two items for this reference is that the latter also has the page indication.
We consider it a very useful text and it helped us understand the topic area in context. Is also
reliable because the author is a professor and is one of our teachers.
Refrences number [2] and [4] also very useful and reliable because they are very specific books
related to our topic areas and can be found in many of the University libraries visited.
Refrence number [6] is a RFC, so it is a bit self-explanatory why it is relevant and can be reliable.
Finally, reference number [5] was one of the most useful websites visited.