TABLE OF CONTENTS In Figure 7.11, we see an example of what is called the customer-equipment-to-customer-equipment model (CE to CE); it is also referred to as the overlay model. IP VPN traffic is overlaid onto end-to-end tunnels. Frame Relay (FR) and ATM services are two examples of the overlay model. The IP protocol is tunneled from CE to CE (or overlaid) on top of Layer-2 carriers, where these carriers maintain virtual backbones for the VPNs. In Figure 7.11, we see how customer sites 1, 2, 3, and 4 (Blue) are connected via tunnels. The data is encapsulated so that the IP data is not exposed across the networks.
In Figure 7.12, we see that if we add an additional customer (Bold) that a level of complexity is added. Configuration engineers and network managers must keep the traffic of the Blue customer separate from the traffic of the Bold customer and vice versa.
The overlay model can offer the ultimate in security, but it is not without its challenges:
A company has two choices when using this option: to manage and maintain its own tunnels or to allow its service provider to manage its tunnels for them. In either case there is a cost for maintaining the tunnels and encryption keys.
As the number of sites grows within the network grows, the complexity of hardware and software increases, which in turn increases the cost of...
