There is no doubt about the flexibility, security and scalability of MPLS IP VPN networks. Thousands of enterprises are moving from the old and expensive leased-line solutions to the much cheaper MPLS VPN alternative for all the reasons mentioned previously in my MPLS VPN tutorial and MPLS IP VPN encryption article.
While MPLS networks have gained popularity during these last years, ATM IP VPN networks —referred to as "DSL VPNs" from now on—are starting to gain considerable attention to the point where they are offered as an alternative to MPLS VPNs.
DSL VPN advantages
DSL VPNs rely on the enterprise’s direct Internet connection to create a VPN IPsec tunnel between two endpoints. A typical scenario is a WAN with two sites that require connectivity between each other. Both sides are equipped with a fast DSL connection using static IP addresses. The configuration is performed on the Customer Edge (CE) routers to create an IPsec tunnel between the two sites.
In most cases, the end result is pretty much the same as with any MPLS network, but one could argue about the security offered by such a setup, especially when the CE routers are directly connected to the Internet. Tests performed by large vendors such as Cisco Systems have proven that the security provided in these solutions is directly comparable with the security of an MPLS VPN, considering, of course, that proper configuration of the CE routers has been performed.
The advantages offered by DSL VPNs are that the costs are extremely low, and the costs are also equal to that of each side’s connection to the Internet. Companies seeking to cut costs on data telecommunication services are already moving to this new trend, which has become extremely popular in Europe and Asia.
DSL VPN disadvantages
Despite the DSL VPN advantages, one must keep in mind the following disadvantages of DSL VPNs:
- In order to obtain high VPN speeds between sites, both CE routers must connect to the same Internet service provider (ISP) so they run on a common backbone.
- CE routers are directly exposed to the Internet and therefore are vulnerable to Denial of Service (DoS) attacks.
- Quality of Service (QoS) is not usually guaranteed. Because packets are routed through the ISP backbone using the same path and priority that other Internet users have, there is no QoS guarantee.
- DSL VPNs have limited scalability. A site-to-site DSL VPN is great for up to a few sites. Depending on the amount of users located on each site, more than one DSL connection might be required per site.
→ In our ADSL VPN primer we will examine DSL VPNs in much greater depth, including DSL VPN requirements, security encryption mechanisms, QoS methods, backup methods and much more. You can also compare the ADSL IP VPN advantages and disadvantages or visit Firewall.cx's network protocol section to learn more about VPN encryption.
Dig deeper on VPN design