A battle between Microsoft and Cisco Systems will heat up this week over rival protocols for letting remote users burrow through the Internet to establish secure links to corporate LANs.
The Internet Engineering Task Force (IETF) is today scheduled to review the Point-to-Point Tunnelling Protocol (PPTP) backed by Microsoft and Layer 2 Forwarding (L2F) backed by Cisco. Meanwhile, equipment vendors will be holding their breath over the outcome, hoping the protocol they support becomes the industry standard.
"IETF approval is vitally important," says Laura Howard, director of product management at Shiva, which supports L2F. But she says the key is that a single standard emerge so virtual private networks (VPN) can be built without regard to vendor equipment.
Cisco and Microsoft will likely get together to establish a compromise so that the two approaches interoperate, says Jeff Price, a product manager for Microsoft's Windows NT Server.
But some vendors are charging ahead without an IETF ruling. For example, Ascend Communications has built PPTP code as well as its own tunneling code, Ascend Tunnel Management Protocol, into its Pipeline and MAX access products, says Steve Thomas, Ascend's director of product marketing.
And Northern Telecom plans to announce next week that it will support L2F in its Rapport Dialup Switch in the fourth quarter. But the company is concerned about IETF approval. "It makes a lot of difference to us," says Peter Brockmann, senior manager of Internet solutions at Nortel.
Nortel found L2F to have more features than PPTP, and also found it to be more open. "With PPTP, the corporate access server has to be a Windows NT server. Theres only one company that markets software for that, Brockmann says.
While both PPTP and L2F perform the same function, they are based on different underpinnings. PPTP must run over IP, while L2F is based on User Datagram Protocol (UDP) and can run over any transport.
With both schemes, traffic through the Internet is encapsulated into tunneling protocol frames that are stripped off once the frames have been accepted by the corporate server.
In the Microsoft scenario, the tunneling protocol is generated by the remote client. With L2F, the Internet service provider's (ISP) access server performs the encapsulation. In both cases, the corporate access server must run the tunneling software.
Security procedures can be performed by the ISP and the corporate server. Microsoft and Cisco are working on encryption to go with their schemes.
So far, no service providers have offered an Internet VPN service because the tools are not available yet. Microsoft will not issue PPTP support on Windows NT Server and NT Workstation until later this quarter. Windows 95 will support it by year end. Cisco plans to roll out L2F in September.