is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger network (e.g., the Internet) instead of by physical wires. The link-layer protocols of the virtual network are said to be tunneled through the larger network when this is the case. One common application is secure communications through the public Internet, but a VPN need not have explicit security features, such as authentication or content encryption. VPNs, for example, can be used to separate the traffic of different user communities over an underlying network with strong security features.
A VPN may have best-effort performance, or may have a defined service level agreement (SLA) between the VPN customer and the VPN service provider. Generally, a VPN has a topology more complex than point-to-point.
A VPN allows computer users to appear to be editing from an IP address location other than the one which connects the actual computer to the Internet.
Categorization by user administrative relationships
The Internet Engineering Task Force (IETF) categorized a variety of VPNs, some of which, such as Virtual LANs (VLAN) are the standardization responsibility of other organizations, such as the Institute of Electrical and Electronics Engineers (IEEE) Project 802, Workgroup 802.1 (architecture). Originally, network nodes within a single enterprise were interconnected with Wide Area Network (WAN) links from a telecommunications service provider. With the advent of LANs, enterprises could interconnect their nodes with links that they owned. While the original WANs used dedicated lines and layer 2 multiplexed services such as Frame Relay, IP-based layer 3 networks, such as the ARPANET, Internet, military IP networks (NIPRNET,SIPRNET,JWICS, etc.), became common interconnection media. VPNs began to be defined over IP networks . The military networks may themselves be implemented as VPNs on common transmission equipment, but with separate encryption and perhaps routers.
It became useful first to distinguish among different kinds of IP VPN based on the administrative relationships, not the technology, interconnecting the nodes. Once the relationships were defined, different technologies could be used, depending on requirements such as security and quality of service.
When an enterprise interconnected a set of nodes, all under its administrative control, through an LAN network, that was termed an Intranet . When the interconnected nodes were under multiple administrative authorities, but were hidden from the public Internet, the resulting set of nodes was called an extranet. Both intranets and extranets could be managed by a user organization, or the service could be obtained as a contracted offering, usually customized, from an IP service provider. In the latter case, the user organization contracted for layer 3 services much as it had contracted for layer 1 services such as dedicated lines, or multiplexed layer 2 services such as frame relay.
The IETF distinguishes between provider-provisioned and customer-provisioned VPNs . Much as conventional WAN services can be provided by an interconnected set of providers, provider-provisioned VPNs (PPVPNs) can be provided by a single service provider that presents a common point of contact to the user organization.