« July 1997 | Main | September 1997 »
You might notice that a rash of these pages appeared out of the
blue, many after the fact. I can blame that on several things.
First, I'm lazy. Two, I wrote up some of them and forgot to
put them up on the web (see #1). Three, I have disk problems
on my Linux box. Four, people who write paragraphs with
numbered sentences should go back and read Strunk & White.
Fell free to complain - that's the whole point.
What's a VPN? A Virtual Private Network. A misnomer really,
or more of an anacranism. In the old days if you strung two
T1 lines between two sites you had a Private network, or "PN".
Now days if you run a 'tunnel' or encapsulated link between two
sites it forms a 'virtual' T1 or Virtual Private Network.
Lots of people seem to be convinced that this is the next wave
of "remote access". To me it looks like a giant extension cord
from my house to the office. To my ISP it looks like more traffic.
To Microsoft it looks like a way to sell more NT servers. To the
VC's it's just another gamble. I wonder what the corporate IS guys
think...
As the corporate firewall becomes a VPN server, more and more
Internet traffic will be via encrypted, authenticated tunnels.
Perhaps some day all Internet traffic will via virtual circuits
which are brought up and down on demand. Like phone calls,
only authenticated and encrypted. Sounds like ATM, huh? Don't
tell anyone I said that.
The world needs more VPN client tools. It sounds like Cisco and
Ascend are venturing into this world. No doubt others are too.
I use "PPTP" from Microsoft currently for NT systems and "ssh"
and the commercial "F-Secure" product from DataFellows (www.datafellows.com)
for Unix. I really like ssh. I found PPTP to be ok, but it's rather
complex and required me to hack code to get my firewall to pass the
GRE encapsulated traffic. Obscure point: VPN technology that does
not use TCP or UDP protocols may not work with off-the-shelf firewalls
or routers. If the VPN protocol (like the new L2TP protocol) uses UDP,
it's reasonably easy to convince a firewall or router to pass it.
Don't ask why. It has to do with recognizing protocol headers and
the fact that TCP and UDP headers have similar structure.
In something akin the "Bride of Frankenstein" I read about someone
porting SS7 software to Windows NT. SS7 is the protocol which
giant phone switches (like the AT&T 5ESS) use to talk to other
phone switches. So, why would you want to connect your NT server
to a giant phone switch with SS7? You wouldn't. But, you might want
to *replace* some of the functionality of the giant multi-million-dollar
phone switch from New Jersey with a much, much cheaper Windows NT box
if you were not so concerned about reliability or employing thousands
of engineers. Ever wonder why AOL is always in the news for their
outages? Just kidding.
Seems like a trend that people will be trying to do flanking maneuvers
around these giant phone switches for all sorts of reasons, including
toll reduction, call diversion, remote access, etc... Interesting
stuff. I always wondered how giant phone switches talk to each other
and now I can run it on my pentium at home.