Printer Friendly

Carriers expand IP VPN outsourcing options: multiple offerings allow for greater customization. (Netcom Update).

Enterprises that want to outsource their IP virtual private networks (VPNs) have a growing number of options. During 2001, more carriers began offering IP VPN services, and the services were enriched with a number of new features and capabilities. Several carriers now have multiple IP VPN implementation offerings, including firewall-, router- and network-based versions, as well as services based on customer premises equipment.

Enterprises can use IP VPN services to replace leased lines for interconnecting company sites, or to provide telecommuters and mobile workers with remote access to the corporate LAN. Additionally, they can use the IP VPN services to extend the reach of their corporate intranets, or to create extranets for communications and sharing information with suppliers, customers or business partners.

Outsourcing some or all of the IP VPN to a carrier or service provider avoids the cost and complexity of purchasing, integrating and maintaining the required hardware and software. The carrier or service provider shoulders the responsibility for implementation and end-to-end management.

In a recent survey of 400 WAN managers at large and midsize companies, IDC found that one-quarter of the respondents who opted for a carrier IP VPN service cited lack of internal resources as the primary reason for their decision. Previous survey results had already shown that companies were having difficulty deploying and supporting IP VPNs themselves, and outsourcing these functions to a carrier had been a welcome solution. For this and other reasons, IDC expects spending on carrier IP VPN services in the U.S. to grow from $1.8 billion in 2001 to $5.3 billion in 2006, a compound annual growth rate of 24.4%.

For 2001, Genuity enjoyed the largest share of this spending, with 14.1% of the IP VPN service revenue. It was closely followed by WorldCom, with AT&T a more-distant third. Many of the 7,000-plus Internet service providers (ISPs) in the U.S. offer business services, and a sizeable number of small and midsize enterprises obtain their IP VPN services from their local and regional ISPs.

Genuity offers a variety of site-to-site and remote access IP VPN services based around different hardware, including Nortel Contivity switches, Cisco routers, and Check Point and WatchGuard firewalls. Its global IP backbone includes 17,500 miles of OC-192 (10 Gbps) SONET rings, with more than 1,000 dial points of presence (PoPs) in the U.S. and more than 400 in the rest of the world.

Genuity's VPN Advantage for Contivity comes with a choice of three switches to support 100, 400 or 5,000 simultaneous users. The service includes Genuity's 24x7 monitoring, maintenance and management, with integrated digital certificates and IPSec-encrypted tunnels for authentication and security.

VPN Service for Cisco supports site-to-site and hub-and-spoke topologies to extend secure intranet and extranet access to multiple domestic and international locations. The service uses VPN-enabled Cisco 2620 and 7204 routers to provide 30 and 500 managed IPSec tunnels, respectively, with DES and 3DES encryption. With the dedicated Internet access option, the service guarantees 99.97% availability, less than 1% packet loss, and a monthly average round-trip latency of 6.5 msec for intracontinental use, 110 msec for U.S.-Europe operation, and 170 msec for U.S.-Japan use.

WorldCom's IP VPN Select Access allows enterprises to design and manage their own VPNs utilizing the carrier's global IP network and Cisco hardware. With the Cisco Secure Policy Manager, enterprises can define, distribute, enforce and audit network-wide security policies from a central location. Access to Cisco's SmartNet also provides for control and management of network operations. WorldCom also offers fully managed IP VPN services for site-to-site and remote access connectivity via 2,500 PoPs around the world.

AT&T has recently upgraded its dedicated- and dial-VPN services and provided links with its 18 Internet data centers (IDCs) for access to hosted and managed applications. AT&T's Dedicated Site-to-Site IP VPN service uses IPSec technology to connect midsize and large corporate sites to the enterprise IP VPN via a highly secure, dedicated Internet access link at speeds to T-1 and above.

AT&T's global remote-dial IP VPN service is accessible from 2,200 PoPs in more than 850 cities in 60 countries. With the IDC links, telecommuters, road warriors and small- and home-office users can utilize the service to access applications hosted in the data centers.

AT&T also announced that it would support three classes of service--high priority, low priority and best effort--with its private IP VPN service to help network managers accommodate voiceover-IP and videoconferencing applications, and make more efficient use of network bandwidth. The classes of service are based on the DiffServ protocol.

Equant is targeting multinational companies with its flagship IP VPN service, which can now be reached from 220 countries and territories, with local support in 145 countries, following its merger with Global One and integration of their two networks. It claims to have 445 customers and 10,000 corporate sites for the service.

Cisco MPLS technology allows the service to carry voice, corporate data and Internet traffic over a single, private connection. With a T-1 link, for example, an enterprise could set up a partner extranet, an employee intranet, a VoIP network and a public Internet link, and save costs by reducing the number of connections and customer premises devices needed. To support the converged services, Equant offers four distinct, end-to-end classes of service, with SLAs for availability, latency, packet delivery, mean time to repair and jitter.

In October, it announced a number of IP VPN service enhancements resulting from the Global One merger, including expanded VoIP features, IP videoconferencing transport and call-center services. Equant has deployed Hewlett-Packard/ NetCentrex gatekeepers to support the VoIP service, which is available initially in 58 countries. Other new IP VPN features include a wider selection of access methods, new IP VPN plug-ins and additional contingency solutions.

Sprint offers a choice of site-to-site and remote access IP VPN solutions using Cisco routers, Nortel Contivity switches or Check Point firewalls. It supports IPSec tunneling with DES and 3DES encryption, and authentication via RADIUS servers, security tokens or digital certificates. Besides providing a fully managed IP VPN service, Sprint supports users with technical consulting, design and implementation services for customizing their VPNs. End-to-end SLAs cover availability, backbone delay and busy-free dial access.
Carrier share of U.S. spending on IP VPN services in 2001

Other including: 65.8%
 SBC, 3.1%
 Infonet, 2.7%
 C&W, 1.9%
 Broadwing, 1.8%
 Savvis, 1.3%
Genuity 14.1%
Worldcom 12.3%
AT&T 7.7%
Equant 5.2%
Sprint 3.7%

Note: Table made from pie chart.

Source: IDC 2001

Understanding IP VPN service options

IP VPN services provide secure transport of private traffic over the public Internet or the carrier's dedicated IP network. To make dedicated, secure and authenticated paths, or tunnels, available through the shared IP network infrastructure, the carriers combine so-called tunneling protocols with encryption, authentication and access control technologies.

The most comprehensive tunneling protocol--IP security protocol, or IPSec--works by encapsulating the original IP data packet into a new one that is fitted with headers, so the remote end can authenticate and decrypt the data. Since it does not specify a proprietary way to perform authentication and encryption, it can work with many systems and standards, enabling interoperability among different vendors. Other alternatives include Microsoft's Point-to-Point Tunneling Protocol (PPTP), and L2TP, which combines PPTP with the similar Cisco Systems' Layer 2 Forwarding Protocol.

To address user concerns over performance, carriers are starting to use traffic prioritization schemes, such as multiprotocol label switching (MPLS). MPLS prioritizes traffic by attaching e label to the IP header to enable routers to forward packets based on specified quality-of-service (QoS) levels. The label is added by an MPLS-enabled router at the edge of the network and removed when the packet reaches its destination.

Critics claim that adding the label can create scalability problems. Other options include differentiated services (DiffServ), which is a standard backed by the Internet Engineering Task Force, and class-based queuing (CBQ). DiffServ marks the IP packet header with a type-of-service field, which allows delay-sensitive traffic to be assigned a higher priority than delay-tolerant traffic.

With CBO, traffic can be prioritized by IP address, application or protocol type, and other variables, by using a traffic-management algorithm at the network edge. CBO allocates unused bandwidth more effectively than the other mechanisms. It uses priority tables to give the more critical applications access to unused bandwidth.

Support for the QoS mechanisms, however, is far from universal. In the meantime, carriers are responding to customer performance concerns with a variety of service-level agreements (SLAs).Typically, the SLA guarantees a certain level of network availability and a maximum latency, and automatically credits the customer when performance drops below the guaranteed level.

Edwards manages communications and network consulting for IDC, a global IT market research and consulting firm headquartered in Framingham, MA. Send comments to
COPYRIGHT 2002 Nelson Publishing
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2002 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Comment:Carriers expand IP VPN outsourcing options: multiple offerings allow for greater customization. (Netcom Update).
Author:Edwards, Morris
Publication:Communications News
Geographic Code:1USA
Date:Mar 1, 2002
Previous Article:Reflector antenna. (New Products).
Next Article:The fax of life: don't ignore this staple of communications in your cost-cutting plans and e-business strategies. (The Bottom Line).

Related Articles
Tunneling the Internet.
Is it time to turn your network over to a carrier?
Enterprises embrace IP VPNs: new products and improved services spur growth. (Netcom Update).

Terms of use | Privacy policy | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters