Broadband VPN bandwidth issues

However, broadband VPN does pose some problems, and one of the key areas that must be addressed is bandwidth. Broadband Internet connections, while costing much less than a private line connection, do not provide high-bandwidth options. In addition, the broadband connection ultimately connects to the public Internet, which utilizes best effort delivery of IP traffic. In other words, your business traffic will be competing with Joe Shmoe who may be downloading games from the Internet.

There are other issues as well. You are now sending traffic over the public Internet, therefore the traffic will need to be encrypted over a tunnel (IPsec, L2TP, etc). This is standard operating procedure, as you have to tunnel the traffic over the Internet. However, encapsulation of traffic into a tunnel has an impact on performance. Many folks equate performance to bandwidth restrictions, but this is an incorrect assumption concerning tunnel encapsulation. Performance issues can be resolved by ensuring that the VPN solution you purchase supports rapid encryption at wire speed.

If you have a site-to-site VPN you can control the bandwidth at the hub-and-spoke end if the technology allows it. This requires a VPN platform or VPN-capable router sitting between the users and the broadband connection to the Internet. In most site-to-site VPN solutions, there are bandwidth-control mechanisms that allow you to control how much bandwidth each user can get, and some provide the granularity to support Quality of Service (QoS) for prioritizing applications. If you have a router that supports QoS, you can take matters in your own hands, but this scenario is not cost effective if you have to purchase VPN gear and a router to enable bandwidth management.

More on this topic The QoS scam: Paying for reduced bandwidth Guide to bandwidth measurement and management More VPN tips

The most difficult bandwidth problem to solve is a scenario where an end user has VPN client software loaded on their PC and a standard broadband connection to the Internet. This is common for remote sites that are small (five-10 employees) and do not warrant a router or VPN device deployed at the site. It's just 10 folks with a broadband Internet connection. They utilize the Internet connection intermittently to connect back to corporate, but when they need the bandwidth, they need the bandwidth. This scenario requires the VPN client to support bandwidth controls in coordination with the VPN concentrator. This allows the administrator to allocate bandwidth constraints to the users to prevent the Internet surfer from hogging the business bandwidth.

All of the scenarios above relate to a do-it-yourself model. However, most carriers today offer VPN (site-to-site and remote-access) solutions that should be investigated prior to any final decision. Most carriers will offer some form of bandwidth management to assist the customer in utilizing the service effectively.

The bottom line is that VPN bandwidth is a serious challenge when the VPN is set up over broadband Internet connections rather than using a private VPN. Vendors and carriers tout the ability to provide bandwidth controls and QoS. However, you must keep in mind that the traffic will be going over the Internet. Unless you have purchased a VPN that provides QoS as a part of the package, your mission-critical traffic will be in the same queue as any other Internet traffic. You can only control the traffic as it leaves your sites. This must be considered when evaluating broadband VPN (i.e. over the Internet) versus traditional VPN (private line, leased-line mesh).

About the author:
Robbie Harrell (CCIE#3873) is the National Practice Lead for Advanced Infrastructure Solutions for SBC Communications. He has more than ten years of experience providing strategic, business and technical consulting services. Robbie resides in Atlanta, and is a graduate of Clemson University. His background includes positions as a Principal Architect at International Network Services, Lucent, Frontway and Callisma.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Wide Area Networks WAN optimization: A market update Remote Desktop troubleshooting How the NetFlow protocol monitors your WAN Network design: Five ways to lower your costs Remote office backup, archiving and disaster recovery for networking pros Troubleshooting WAN performance issues Cisco CCIP MPLS certification: Introduction Distribution of labels -- Cisco CCIP MPLS certification: Lesson 3 Label imposition -- Cisco CCIP MPLS certification: Lesson 4 Configuring MPLS -- Cisco CCIP MPLS certification: Lesson 5 VPN Troubleshooting How to maintain corporate VPN connection while printing to a private network. Can I set up a VPN on my wireless router? How can I get our VPN to work on Windows Vista? To set up a VPN server, do you need two NIC cards? How do I connect to our VPN with authentication ID? What causes my overseas VPN connection to slow during the day? Why has the terminal server ended my connection? How can I access each device from my network while keeping the companies' networks secure? VPN operating system interoperability -- Configure VPNs with Windows, Checkpoint VPN operating system interoperability -- configure VPNs with Unix VPN Products and Services To simulate voice over IPSec VPNs which simulators work? Creating Remote Access and Site-to-Site VPNs with ISA Firewalls: from 'The Best Damn Firewall Book Period, Second Edition' How can I get our VPN to work on Windows Vista? To set up a VPN server, do you need two NIC cards? How do I connect to our VPN with authentication ID? SonicWall acquisition could hurt Aventail users What equipment do I use to connect two LANs in different cities? What are the steps? Remote access keeps physicians connected Security Spotlight: SSL VPN appliances simplify secure access MPLS transport options RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary virtual systems management  (SearchNetworking.com) VPN appliance  (SearchNetworking.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.