Manualshelf

Installation guide

ManualsBrandsShoreTel ManualsComputer equipmentShoreWare
61626364656667686970
Performance Network Requirements and Preparation
3
ShoreTel 14.2 Planning and Installation Guide 61
PPTP (Point-to-Point Tunneling Protocol): PPTP includes compression and encryption
techniques. This protocol was introduced by Microsoft to support secure dial-up access for its
desktop, which corresponds to a large share of the desktop market.
L2F (Layer 2 Forwarding): Introduced by Cisco Systems, L2F was primarily used to tunnel traffic
between two Cisco routers. It also allows IPX traffic to tunnel over an IP WAN.
L2TP (Layer 2 Tunneling Protocol): L2TP is an extension the PPP (Point-to-Point Protocol) that
merges the best features of L2F and PPTP. L2TP is an emerging IETF (Internet Engineering Task
Force) standard.
IPSEC: This is a collection of security protocols from the Security Working Group of the IETF. It
provides ESP (Encapsulating Security Payload), AH (Authentication Header), and IKE (Key
Exchange Protocol) support. This protocol, mature but still technically in a draft format, is currently
considered the standard for encryption and tunneling support in VPNs.
For PPTP, IP VPN tunneling adds another dimension to the tunneling. Before encapsulation takes
place, the packets are encrypted so that the data is unreadable to outsiders. Once the encapsulated
packets reach their destination, the encapsulation headers are separated, and packets are decrypted
and returned to their original format.
The L2TP tunneling protocol does not encrypt before encapsulation. It requires the IPSEC protocol to
take the encapsulated packet and encrypt it before sending it over the Internet.
Performance
In the context of an IP VPN’s performance, encryption can be a CPU-intensive operation. Therefore,
an enterprise must answer two questions about encryption when it evaluates VPN products:
With encryption, does the maximum throughput substantially decrease?
With encryption, can the network have a consistent level of throughput?
Typically, a business considers the tradeoffs between performance, price, and the characteristics of
software-based and hardware-based encryption.
Integrated Security Appliances
A number of major vendors provide integrated broadband security appliances to eliminate security
concerns. These devices use custom ASICs to deliver wire-speed firewall, Triple DES IPSec VPN, and
traffic shaping in an easy-to-deploy, cost-effective solution. Installing a security appliance, such as a
NetScreen-5, eliminates the need to deal with complex PC software installations and allows IT to
centrally manage the security policies of these remote offices and teleworkers. The firewall protection
secures sensitive data at the remote site and can prevent both U-turn attacks and the launching of
denial-of-service attacks from these computers. By combining broadband access technologies with an
integrated security appliance, enterprises and service providers can safely and securely capitalize on
all of the benefits of the broadband Internet.
Note
Although a VPN is useful for data, for VoIP a VPN might not offer enough protection against latency
and packet loss.