What's the difference between internetworking and VPN in a microscopic view.

[lostinxlation]

As the title says...
Basically, VPN has the IP tunnel between the sites which shares the same interest,but I wonder how it is different from conventional internetworking. It just delivers the packet from one end of IP tunnel to the other end of it by using the same method as IP protocol, so that I'm not quite sure what is the peculiarity of VPN comparing to the internetworking from a microscopic view and what makes it more secured than the regular internet since IP packet is anyway going through the public network.
Could anyone explain the difference ?

 

[mgb_phys]

internetworking is connecting a LAN to the larger network.
VPN is connecting two (or more) LANS privately through an internetwork connection.

Generally the VPN would also be encrypted.

 

[lostinxlation]

internetworking is connecting a LAN to the larger network.
VPN is connecting two (or more) LANS privately through an internetwork connection.

Generally the VPN would also be encrypted.

Thanks, but my question is how does it make it privately. As you know, the IP datagram with VPN goes through the public networks along the way like the conventional IP and what makes it more secured, while the VPN uses the same IP protocol.
And as for encryption, how does all the routers in between can figure out where to forward if the entire packet was encrypted ? Or if only payload gets encrypted, the internetworking should be able to do the same thing as well, so I'm puzzled how it is the advantage over the internetworking.

 

[mgb_phys]

The bit that makes it a VPN is mostly the routers at each end so that local machine 1 calling local machine 2 doesn't need to know that the data goes over the internet.
This is really no different from a routers job on your local nework, your laptop on wifi connecting to your desktop doesn't need to know which cable it's on - the router handles that.

Only the packet contents are encrypted, the routing information is added by each step in the router chain, this isn't encrypted (there are ways of encrypting the routing but that's another story)

The advantage of just putting all your machines on the internet, is both security (the packets are encrypted) and using less internet address - you only need one gobal address for each LAN, not one for every single machine.

 

[lostinxlation]

The bit that makes it a VPN is mostly the routers at each end so that local machine 1 calling local machine 2 doesn't need to know that the data goes over the internet.

Does that mean the router to router on VPN is a direct connection without any other networks in between ? My understanding is the packet via VPN goes through a multiple netwoks(routers) placed along the way between the sending LAN and receiving LAN.

Only the packet contents are encrypted, the routing information is added by each step in the router chain, this isn't encrypted (there are ways of encrypting the routing but that's another story)
.

Shouldn't regular internetworking be able to do the same thing since payload has nothing to do with routing, and if so, what is the advantage of VPN encryption over the conventional IP ?

 

[mgb_phys]

Does that mean the router to router on VPN is a direct connection without any other networks in between ? My understanding is the packet via VPN goes through a multiple netwoks(routers) placed along the way between the sending LAN and receiving LAN.

Yes once the packet goes onto the internet it gets routed like any other packet.
The important part is that once it gets to the LAN at the other end, that router makes it look like it came from the same lan, and any traffic back to any of the machines on the same lan that are actually at the other site gets passed back through the router

Shouldn't regular internetworking be able to do the same thing since payload has nothing to do with routing

Yes, the VPN simply adds a bit more header to allow the destination to know details about the sender network, normally when you connect to PF the PF web server doesn't know (or need to know) anythign about your internal LAN - it only knows the route back to your router.

what is the advantage of VPN encryption over the conventional IP ?

So everybody else on the internet can't read the contents of those packets.
The VPN also allows connections to be identified once at the router so every program that uses the network, eg network printers, don't all need to be secured against everyone on the internet

 

[lostinxlation]

Thank you.

I just looked up the packet format of VPN and found that the packet is actually double wrapped. Inner packet is the conventional IP packet with IP address of the destination host in its header, and outer packet has the header that specifies the address of the target router. I found your second point makes sense because, with the VPN packet format, the inner packet can be encrypted and no one outside can see the detailed header info to the target host, let alone payload, except IP address of the target router.