Most enterprises are located at multiple sites where each site has its own local area network (LAN). A site is defined as anything from a head-quarter, or an affiliation company site, to a single employee's remote office site. Some kind of communication infrastructure is then used to interconnect the different sites. The Internet evolution can roughly be categorised into two main areas:
a) Internet as the global communication infrastructure. Traditionally, companies used so called leased lines, provided by telephone companies to interconnect their sites. Separated firewall solutions were used for accessing the Internet. During the last years, companies are no longer using Internet only for external communication, more and more companies are trying out new network solutions that enables them to also use Internet for company-internal communication. Internet has become their site-to-site interconnecting medium.
b) Broadband Internet access. In parallel with the above, more and more broadband access solutions are rolled out by different network access providers. This enables anyone to upgrade their access to Internet from a traditional dial-up PSTN/ISDN (Public Switched Telephone Network/Integrated Services Digital Network) access solution to a broadband solution, e.g. ADSL (Asymmetric Digital Subscriber Line), Cable or Ethernet, with direct access to Internet. Apart from the obvious broadband benefits, the network access user is also able to always be connected to the Internet.
The common name for most of the network solutions that interconnects multiple sites over Internet is “virtual private networks” (VPN). VPNs can be implemented in numerous ways, this is well explained in e.g. the IETF by B. Gleeson et. al, “A Framework for IP Based Virtual private Networks”, RFC 2764, February 2000, IP meaning Internet Protocol. A VPN is a private network that is configured within a public network For years, common carriers have built VPNs that appear as private national or international networks to the customer, but physically share backbone trunks with other customers. VPNs enjoy the security of a private network via access control and encryption, while taking advantage of the economies of scale and built-in management facilities of large public networks. Today, there is tremendous interest in VPNs over the Internet, especially due to the constant threat of hacker attacks. The VPN adds that extra layer of security, and a e huge growth in VPN use is expected. In general, the different VPN solutions can be categorized into two main groups; customer premises equipment (CPE) based solutions or network based solutions.
Internet is a public data network based on network paradigms such as equal and best effort traffic treatment. All traffic crossing the Internet is public and insecure resulting in a number of problems that need to be solved, e.g. end-to-end security communication between enterprise sites. Some problems have solutions supported by several VPN system vendors, such as encrypted IP tunnelling between end-users using the IPSec architecture described by S. Kent and R. Atkinson in “Security Architecture for the Internet Protocol”, RFC 2401, November 1998, or stand-alone firewall solutions, desktop software VPN clients. e.g. Microsoft® VPN, etc. A PC that is connected to Internet can, not easily but it is possible, be used as a transit node by a hacker, e.g. the hacker could use a Trojan horse program to get inside the PC. Well inside, the Trojan horse program may be adapted to release application software that will act as some authenticated software installed by the owner of the PC. It is very difficult for layer 2 and 3 firmware/software to detect this kind of malicious applications. Therefore, it is recommendable to have VPN control and management software and firmware functions and end-user applications, such as service login software, “authenticated” software applications that in some way uses the network infrastructure provided by the VPN service, separated on different hardware platforms. What generally should C be avoided, is having PC clients that are responsible for configuring the actual VPN setup, i.e. having access to the lookup-table for other VPN members public IP addresses, having access to information on how to authenticate, perform integrity C check and encrypt traffic aimed for the VPN etc.
When a Virtual Private Network (VPN) is implemented as an emulated LAN on top of a standard IP network such as Internet, one have to provide for the broadcast functionality that is a basic (intrinsic) function on a level-2 media such as Ethernet A number of broadcast based services are defined on the link-level. Examples are service discovery protocols and the layer-2 Address Resolution Protocol (ARP). The broadcast functionality could be implemented in different ways. Examples of different architectures are:                Broadcast functionality implemented as a centralized server;        Broadcast functionality implemented using IP multicast;        Broadcast functionality implemented using emulated multicast.        
ATM Forum's LANE (LAN Emulation) standard is an example of centralised server architecture. This server emulates the broadcast functionality on the LAN. When a LAN Emulating Client (LEC) sends a broadcast, the broadcast is sent to the BUS (Broadcast and Unknown Server) that relays this message to all of the other clients on the emulated LAN.
The technical problems with the described architecture are related to scalability and reliability. When a large number of LAN emulating clients are sending broadcasts to the broadcast server each client will experience a performance degradation of the broadcast service due to the load on the broadcast server. The traffic load on the link connecting the broadcast server will also increase with a large number of LAN clients. This will ultimately becomes a bottleneck. This bottleneck will further reduce the broadcast performance experienced by the LAN clients. In addition to the performance problem, a single broadcast server will also be a single point of failure for broadcast based services offered by the emulated LAN.
When the broadcast functionality is implemented by using IP multicast, the LAN emulating clients joins a multicast network. This network constitutes the broadcast medium for the emulated LAN. Obviously, to be able to use IP multicast as the broadcast medium, the clients have to interact with a multicast service offered by underlying IP network. This interaction could be done via a LAN emulating server, the management system of the emulated LAN or by other means. A technical problem with this solution is the dependency of the IP multicast functionality in the IP backbone and the need for the emulated LAN to interact with IP backbone.