{"id":3244,"date":"2023-02-24T10:43:52","date_gmt":"2023-02-24T09:43:52","guid":{"rendered":"https:\/\/blog.init7.net\/standortvernetzung\/"},"modified":"2024-11-28T15:57:56","modified_gmt":"2024-11-28T14:57:56","slug":"standortvernetzung","status":"publish","type":"post","link":"https:\/\/blog.init7.net\/en\/standortvernetzung\/","title":{"rendered":"VPNs, VLLs and VPLSs \u2013 enabling companies to connect several sites"},"content":{"rendered":"\r\n\r\n\r\n<section id=\"res-cat-date-block_813b956ae8214892b8c951e1b32199d6\" class=\"res-block res-cat-date py-2\" style=\"background: transparent;\">\r\n\t<div class=\"inner-container container-off\" data-aos=\"res-fadeIn\">\r\n\r\n\t\t<div class=\"the_category_content\">\r\n\t\t\t<div class=\"the_category\"><ul class=\"post-categories\">\n\t<li><a href=\"https:\/\/blog.init7.net\/en\/story\/init7-en\/\" rel=\"category tag\">Init7<\/a><\/li>\n\t<li><a href=\"https:\/\/blog.init7.net\/en\/story\/technology\/\" rel=\"category tag\">Technology<\/a><\/li>\n\t<li><a href=\"https:\/\/blog.init7.net\/en\/story\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a><\/li><\/ul><\/div> <span class=\"d-none d-sm-block\">|<\/span> <div class=\"the_date\">24.02.2023<\/div><div class=\"the_change_date ml-sm-auto\">last updated on 28.11.2024<\/div>\r\n\r\n\t<\/div>\r\n\t  \r\n\t<\/div>\r\n<\/section>\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<h1 class=\"wp-block-heading\" id=\"uberwachung-im-internet-wen-durfen-die-behorden-wann-uberwachen-transparenzbericht-2021\">VPNs, VLLs and VPLSs \u2013 enabling companies to connect several sites<\/h1>\n<\/div>\n<\/div>\n\n\n\n<p><strong>For companies with multiple branches, efficient collaboration across various sites is crucially important. To ensure this, the sites must be networked with one another. The most common networking setups are virtual private networks (VPNs), virtual leased lines (VLLs) and virtual private LAN services (VPLSs). When selecting the appropriate method, it is important to take into account the advantages and disadvantages of each alternative, not to mention the security, quality and cost requirements.<\/strong><\/p>\n\n\n\n<p>Companies with more than one site need to ensure smooth data and communication transfer between the individual sites. If employees at site A are to have access to the same documents as employees at site B, the two sites must be networked with one another. This network can be implemented in various ways. Each method has its own advantages and disadvantages.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Site networking over a virtual private network (VPN)<\/strong><\/h2>\n\n\n\n<p>Networking over a virtual private network (VPN) is a common method of site networking. A VPN establishes a secure connection between the sender and the recipient by encrypting the data packets using what is known as a tunneling protocol, packing them into another data packet and transmitting them over the internet. Basically, it constructs a tunnel through the public internet that is not visible from the outside.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"382\" src=\"https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/vpn.jpg\" alt=\"\" class=\"wp-image-2700\" style=\"width:491px;height:293px\" srcset=\"https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/vpn.jpg 640w, https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/vpn-300x179.jpg 300w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><figcaption class=\"wp-element-caption\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-cyan-bluish-gray-color\">Virtual Private Network; source: community.fs.com<\/mark><\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">The advantages and disadvantages of site networking over a VPN<\/h3>\n\n\n\n<p>VPN encryption protects the connection from public access. However, this requires a great deal of processor power and the associated energy consumption is high. Inexpensive VPN gateways also have limited data throughput. Despite common 10 Gb internet connections, data throughput often dwindles to just megabits as soon as the VPN is switched on. Higher-performance VPN gateways, which can have very complex configurations, are correspondingly expensive.<br><\/p>\n\n\n\n<p>While a VPN works across providers, its performance depends on the quality of the interconnection between the providers involved. If the data packets are not transported from A to B in the best possible way (suboptimal routing), this can negatively impact the experience that users have of the VPN.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Site networking over a virtual leased line (VLL)<\/h2>\n\n\n\n<p>A virtual leased line is a dedicated point-to-point connection between two sites that is facilitated by a single provider. The two sites can communicate with one another as if they were connected by a direct line.<\/p>\n\n\n\n<p>A VLL connection acts like a very long, direct Ethernet cable. If several sites are connected, several VLLs are used and a main site is usually defined.<\/p>\n\n\n\n<p>One part of the VLL connection is implemented over a physical line, while the other is established over a virtual line. A physical line is leased between the sites and the provider\u2019s nearest point of presence (PoP). This is usually an optical fiber from the local FTTH infrastructure.<\/p>\n\n\n\n<p>The part between the PoPs (i.e. the majority of the route) is implemented over a virtual line on the provider\u2019s network (more precisely, on the backbone). What makes this \u2018virtual\u2019 is the fact that part of the provider\u2019s network capacity is virtually assigned to the VLL.<\/p>\n\n\n\n<p>Suppose a company has two sites (one in Zurich, and another in Geneva) and it would like to connect them with a VLL solution from Init7. In this case, Init7 provides the company with a physical line from the Zurich site to the nearest Init7 point of presence (PoP) in Zurich and from the Geneva site to the nearest Init7 PoP in Geneva. The connection between the two PoPs (i.e. between Zurich and Geneva) is established over a virtual line. For the sites, however, this works as though they were connected directly over a LAN.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"724\" src=\"https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/grafik_vll_de_matt-1024x724.jpg\" alt=\"\" class=\"wp-image-2753\" style=\"width:718px;height:507px\" srcset=\"https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/grafik_vll_de_matt-1024x724.jpg 1024w, https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/grafik_vll_de_matt-300x212.jpg 300w, https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/grafik_vll_de_matt-768x543.jpg 768w, https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/grafik_vll_de_matt-1536x1086.jpg 1536w, https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/grafik_vll_de_matt-2048x1448.jpg 2048w, https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/grafik_vll_de_matt-1300x919.jpg 1300w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-cyan-bluish-gray-color\">Site networking over a VLL. The connection between the PoPs (Init7 backbone) is established over a virtual line.<\/mark><\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Routing is not always optimal<\/h3>\n\n\n\n<p>Data transfer usually works something like this: The data (e.g. an email) that someone sends is divided into small data packets. Each data packet is given a header. The header contains information that is relevant for processing the packet. For example, it defines the sender and destination addresses.<\/p>\n\n\n\n<p>The data packets pass through multiple routers until they reach their destination. Each router reads the packet\u2019s headers, before forwarding the packets to the next router using a routing table.<\/p>\n\n\n\n<p>This type of routing is \u201cdestination-based\u201d. In other words, the sender of the data cannot determine which path their packets will take. So, often, data packets are not forwarded along the best possible path (suboptimal routing). For example, data packets between Winterthur and Zurich might take a detour via London. In technical jargon, this is often cynically referred to as \u201cscenic routing\u201d. VPN connections can be negatively affected as a result.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">VLL based on multiprotocol label switching (MPLS)<\/h3>\n\n\n\n<p>This is not the case with multiprotocol label switching (MPLS). Here, the path that the data packets take is defined in advance by the provider.<\/p>\n\n\n\n<p>Labels that specify a specific path (a label-switched path (LSP)) are assigned to the data packets. This information is packed into a header above the \u201cnormal\u201d header. The routers in the provider\u2019s backbone only read this MPLS header and forward the packets to the next correspondingly predefined router.<\/p>\n\n\n\n<p>Because MPLS only runs within the provider network, the provider has control over the connection quality. Accordingly, very high data throughput can be expected.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"566\" src=\"https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/genf-zurich-1024x566.png\" alt=\"\" class=\"wp-image-2761\" style=\"width:669px;height:369px\" srcset=\"https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/genf-zurich-1024x566.png 1024w, https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/genf-zurich-300x166.png 300w, https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/genf-zurich-768x425.png 768w, https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/genf-zurich.png 1085w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-cyan-bluish-gray-color\">Multiprotocol label switching; source: artofnetworkengineering.com<\/mark><\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption is not required for VLL to meet normal needs<\/h3>\n\n\n\n<p>Unlike VPNs, VLLs are not encrypted. However, as the data only flows across the provider\u2019s infrastructure and not through the public internet, it is adequate to engage a trustworthy VLL provider.<\/p>\n\n\n\n<p>As mentioned above, the data transmitted over an MPLS is marked with a label and it arrives at the destination address only. It is like luggage on an airplane. The suitcase label defines the destination, but the airline (the provider) can (in theory \u2013 this does not happen in practice) view the contents of the suitcase using an X-ray machine.<\/p>\n\n\n\n<p>In the worst-case scenario, incorrect configuration might mean that the labels are confused, and the data packet arrives at the wrong destination. But this would be noticed immediately due to the resulting malfunction. So there is only a low security risk.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">High-security encryption possible over a VLL<\/h3>\n\n\n\n<p>For local connections with stricter security requirements, for the likes of banking purposes, encryption using additional devices is possible. Special encryptors that completely encode the data traffic are connected to the VLL connections. This type of encryption is as secure as if a bank card\u2019s PIN was changed every minute. In this case, the company does not even have to trust its VLL provider anymore.<\/p>\n\n\n\n<p>However, high-performance encryptors with no loss of data throughput are expensive and cost a five-figure sum for each pair. On the other hand, they can run practically maintenance-free over several years. A market overview of encryptors was published some time ago by inside-it.ch. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Combining with internet access is a sensible move<\/h3>\n\n\n\n<p>In addition to site networking, it is also possible to combine an internet connection with the VLL solution. For example, in the diagram above, it would look something like this: The Zurich site would be connected to the internet, but the Geneva site would not.<\/p>\n\n\n\n<p>When an employee in Geneva accesses a web page, the traffic first of all goes through the VLL to Zurich, from there to the public internet, and then back through the VLL from Zurich to Geneva.<\/p>\n\n\n\n<p>Although this increases latency (delay time) by a few milliseconds, it also cuts costs because money only needs to be invested in the firewall infrastructure at a single site. In addition, security is increased as the attack vectors are minimized.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The advantages and disadvantages of site networking over a VLL<\/h3>\n\n\n\n<p>VLLs offer a high degree of flexibility and scalability, as they are easy to set up. From a user\u2019s perspective, it is a plug-and-play solution without a complicated configuration. Very often, VLLs are more affordable than conventional dedicated leased lines, since less infrastructure has to be procured. The areas of use for the local FTTH infrastructure are increased.<\/p>\n\n\n\n<p>Another advantage of site networking over a VLL is the fact that the individual sites are connected to one another as if they were connected by a 1 or 10 Gb direct attach cable. Unlike with VPNs, data throughput is not negatively affected.<\/p>\n\n\n\n<p>However, there is a risk that the VLL provider\u2019s backbone will become overloaded, causing data bottlenecks. Bottlenecks do not occur with reputable providers during normal operations. Compared to a conventional VPN solution, a VLL is always much more powerful. However, the VLL provider must be trustworthy, because a VLL is not encrypted unless additional measures are taken.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Site networking using a virtual private LAN service (VPLS)<\/strong><\/h2>\n\n\n\n<p>With VPLS networking, all of a company\u2019s different sites are networked with one another. Every single site is connected to every other one. As is the case with the VLL solution, the sites are networked as if they were connected directly over a LAN.<\/p>\n\n\n\n<p>Unlike networking over a VLL, VPLS solutions are not managed. In other words, the provider only provides the connection. The company has to route the data traffic itself.<\/p>\n\n\n\n<p>A VPLS is like an Ethernet cable with more than two ends. The company must ensure itself that the data arrives at the right place.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"940\" height=\"635\" src=\"https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/VPLS-Network.png\" alt=\"\" class=\"wp-image-2712\" style=\"width:480px;height:324px\" srcset=\"https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/VPLS-Network.png 940w, https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/VPLS-Network-300x203.png 300w, https:\/\/blog.init7.net\/wp-content\/uploads\/2023\/02\/VPLS-Network-768x519.png 768w\" sizes=\"auto, (max-width: 940px) 100vw, 940px\" \/><figcaption class=\"wp-element-caption\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-cyan-bluish-gray-color\">VPLS network; source: www.fiber-optic-tutorial.com<\/mark><\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">The advantages and disadvantages of site networking over a VPLS<\/h3>\n\n\n\n<p>Compared to a VLL, configuring a VPLS is more complex for both the company and the provider. A VPLS is typically suitable for networking a few sites. It is less appropriate when a large number of different sites need to be connected. The routing logic has to be provided by the company itself, making networking much more complex.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Site networking with Init7<\/h2>\n\n\n\n<p>We connect our customers\u2019 sites with flexible and scalable VLLs that boast unrivaled low-cost pricing. They are suitable for both small and large companies. We do not offer VPLSs due to the disadvantages mentioned above.<\/p>\n\n\n\n<p>If customers require several sites to be networked, we use several VLLs. While this boosts the reliability, it does not increase the costs, because our billing model is calculated per site and not per connection. We offer 1\u00a0Gb and 10\u00a0Gb VLLs at the same price, in line with our MaxFix guarantee. So the bandwidth selected only depends on the customer\u2019s LAN equipment.\u00a0<a href=\"https:\/\/www.init7.net\/en\/offer\/site-networking\/\">Find out more on our website<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Site networking ensures that the different locations of a company can work together efficiently. We explain the most common networking methods &#8211; Virtual Private Network (VPN), Virtual Leased Line (VLL) and Virtual Private LAN Service (VPLS) &#8211; and highlight the advantages and disadvantages of each method.<\/p>\n","protected":false},"author":2,"featured_media":2797,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[202,210,11],"tags":[544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559],"class_list":["post-3244","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-init7-en","category-technology","category-uncategorized","tag-init7-standortvernetzung-en","tag-init7-vll-en","tag-mpls-vs-vll-en","tag-mpls-vs-vpls-en","tag-mpls-vs-vpn-en","tag-standortvernetzung-methoden-en","tag-standortvernetzung-mpls-en","tag-standortvernetzung-vll-en","tag-standortvernetzung-vpn-en","tag-unternehmen-verbinden-en","tag-virtual-leased-line-en","tag-virtual-private-lan-service-en","tag-virtual-private-network-en","tag-vll-vs-vpls-en","tag-vll-vs-vpn-en","tag-vpn-vs-vpls-en"],"acf":[],"_links":{"self":[{"href":"https:\/\/blog.init7.net\/en\/wp-json\/wp\/v2\/posts\/3244","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.init7.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.init7.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.init7.net\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.init7.net\/en\/wp-json\/wp\/v2\/comments?post=3244"}],"version-history":[{"count":2,"href":"https:\/\/blog.init7.net\/en\/wp-json\/wp\/v2\/posts\/3244\/revisions"}],"predecessor-version":[{"id":3976,"href":"https:\/\/blog.init7.net\/en\/wp-json\/wp\/v2\/posts\/3244\/revisions\/3976"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.init7.net\/en\/wp-json\/wp\/v2\/media\/2797"}],"wp:attachment":[{"href":"https:\/\/blog.init7.net\/en\/wp-json\/wp\/v2\/media?parent=3244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.init7.net\/en\/wp-json\/wp\/v2\/categories?post=3244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.init7.net\/en\/wp-json\/wp\/v2\/tags?post=3244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}