Huawei v200r001 II. According to the layer where the tunnel is, III. According to service purpose

The maintenance function of VPN is allocated to be completed by to ISP (the users are allowed to manage and control services to some extent) and VPN functions are mainly fulfilled on the equipment at network side. This practice reduces the investments of the users, increases the flexibility and scalability of services and brings new incomes to the operators.

II.According to the layer where the tunnel is

1)Layer 2 tunneling protocol

Layer 2 tunneling protocol starts from NAS (Network Access Server) and ends on the equipment at user side. All the PPP frames are encapsulated in the tunnel. The current layer 2 tunneling protocol mainly includes Point-to-Point Tunneling Protocol (PPTP) (supported by Microsoft, Ascend and 3COM, and also in Windows NT 4.0 above), Layer 2 Forwarding Protocol (L2F) (supported by Cisco and Nortel), and Layer 2 Tunneling Protocol (L2TP) (drafted by IETF and aided by Microsoft, integrating the advantages of the above two protocols, and thus accepted by the industry as standard RFC). L2TP can be used for not only dial-up VPN services but also VPN services of leased line.

2)Layer 3 tunneling protocol

Layer 3 tunneling protocol starts from and ends in ISP. PPP session ends in NAS and only layer 3 messages are carried in the tunnel. The current layer 3 tunneling protocol mainly includes General Route Encapsulation Protocol (GRE) and IPSec. GRE and IPSec are mainly used for VPN services of leased line.

Comparing with layer 2 tunnel, layer 3 tunnel is safe, scalable and reliable. In terms of security, as layer 2 tunnel usually ends on the equipment at user side, there exist great challenges for the security and firewall technical of user’s network. But layer 3 tunnel usually ends on ISP gateway and does not impose any threat to the security of user’s network.

In terms of scalability, all the PPP frames are encapsulated in layer 2 IP tunnel and transmission efficiency may be degraded. And PPP session will be run through entire tunnel and end on nodes or servers of user’s network. So the gateway at user side must save a great deal of the status and information of PPP session, which will add to system load and affect scalability considerably. In addition, as LCP and NCP negotiations of PPP are very sensitive for time, the efficiency of IP tunnel will result in such a series of problems as PPP session timeout. As layer 3 tunnel ends in ISP gateway and PPP session ends in NAS, it is unnecessary for the gateway at user side to manage and maintain the status of respective PPP session, thus minimizing the system load.

Generally, layer 2 and 3 tunneling protocols are independently used, however, reasonable combination of the two layers of protocols will provide better security for the users (e.g. use L2TP together with IPSec protocol).

III.According to service purpose

1)Intranet VPN

In Intranet VPN, respective locations of enterprises are interconnected through public network, which is the extension or alternative of traditional leased line networks or other enterprise networks.

2)Access VPN

Access VPN has two structures: Client-initiated VPN connection and NAS-initiated VPN connection.

3)Extranet VPN

1-3