A VPN solution is a communication network that connects different private regions through another network. There are two types of VPNs: IP VPNs and IPSec VPNs. An IP VPN is a dedicated network service using a provider's private network as the transport means. For instance, MPLS-based solutions are IP VPNs. An IPSec VPN is a network that leverages a public infrastructure like Internet as the transport mechanism. As it runs over a public network, the data is encrypted by the VPN devices as they exit the regions using ciphering techniques like IPSec protocol to ensure privacy and man-in-the-middle attacks.
VPNs comprise of two components as shown on FIG. 2: the hubs and the spokes. The hubs have the roles of aggregating and authenticating all the members connecting to the same VPN network. The spokes are the members of that VPN network. Spokes encrypt the traffic before sending it to another member over the public network. When traffic encrypted is received from the Internet, the spokes decrypt the traffic and hand it off to the private networks.
IP VPNs have lots of advantages like strong Service Level Agreements (SLA) or good performance but they are very expensive as well. In the other hand, IPSec VPNs are cheap alternative to these IP VPN solutions. But they are far from providing the same level of service due to the technology limitations. They are most of the time based on a network topology that requires the traffic to always transit via a central point before reaching any destination.
Multimedia traffic is not handled easily as quality of service (QoS) is not supported (because when the traffic gets encrypted, it can't be classified by QoS capable devices along the way and therefore is treated in a best effort manner). Also, IPSec VPNs are using devices that are deployed using a per-customer basis. They can't be shared between customers. IPSec VPN devices can only be members of one IPSec VPN network. Finally, Internet-based VPN networks also introduce a significant network performance degradation compared to IP VPNs.
This can affect time sensitive applications from running correctly, impacting the user experience, especially in a worldwide deployment.
Skilled artisans will appreciate that elements in the figures are illustrated for simplifying and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help improve understanding of embodiments of the present invention.