47 are a fact of life for any network. Where remote-to-central connections are concerned WAN and VPN, the additional failure point is the telco provider. These are beyond the network administrators control, for the most part, and the selection of a telco provider that communicates problems and planned downtimes to its customers is the best bet. VPNs strength is not its stability, in a general sense. VPNs are a new technology, running on an inherently unreliable technology the Internet. When dealing with Internet routing issues, communication between various platforms, encryption processes and the like, you can expect a less robust system. But as the world moves more to an interconnected society and as real standards emerge protocols, hardware, etc., VPNs will have a stabler base on which to operate. The real differences between the VPN and the WAN come to light when scalability is considered. Moving from our simple smallmedium to a large WAN requires a serious investment in equipment, workforce, and telco lines, especially when adding multiple networks across a nationwide organization. The main cost difference would be line charges for the upgrade. If the central office had to upgrade to a T1 with all the equipment necessary for this, the remote sites would likewise need at least a fractional T1 with the equipment necessary to make this work. With the VPN, initially only the central network would need an upgrade in bandwidth and equipment, even to accept connections from multiple networks. Then, boosting the VPN servers capacity becomes minuscule when compared to the equipment and line upgrades on the WAN solution.

3.2.2 Large Solutions

Large WAN or VPN scenarios can encompass many different configurations, from multiple large interconnected networks to a central network connecting many smaller networks. For simplicitys sake, we present the two scenarios in Figure 3-5 . 48 Figure 3-5. Telephone lines for WAN and VPN connections

3.2.2.1 Telco

A large WAN needs substantial bandwidth. To connect multiple medium-to-large networks to a large corporate network, nothing less than a fractional T1 at each site suffices. At the central network, we suggest multiple incoming T1s, a single T3, or an ATM connection, depending on incoming bandwidth requirements. Telco costs related to these connections include initial setup fees, local loop charges for the line from the local telco central offices to the various sites, and recurring transit fees for the lines. Costs can be significantly reduced by choosing frame relay connections, but if guaranteed bandwidth is required, frame relay is not the best choice. Frame relay networks compete in the frame cloud for bandwidth, and most connections are not guaranteed to achieve their full speed end to end. For more reliable bandwidth, the more expensive option is a leased point-to-point connection. The hardware described later in this section supports either frame relay or point-to-point connections. A VPN has similar bandwidth needs. Both the central network and the various satellite networks need high-speed connections to the Internet simply to support their outgoing traffic. However, these connections are typically to a local Internet service provider, thus reducing the local loop and possibly the recurring line costs. Try to keep options for easy upgrades available. A scalable fractional T1, T3, or ATM connection is best, depending on the size and activity of the network in question. The real strength of the VPN, however, is the variety of connection options available to the satellite offices. Note in Figure 3-5 that the three remote networks connect to the Internet via ISDN, fractional T1, and full T1. This is a clear advantage over a WAN, where only specific types of connections are available, depending on the solution chosen for the entire network i.e., fractional point-to-point T1s, multiple incoming ISDNs, etc..