The purveyors of the new information economy are pushing the edges of
business models, content, and communications with fresh new products and
ideas. But network service providers (NSP) and Internet service providers
(ISP) are grappling with a very old problem: How to differentiate services
and create new revenue from established customers.
It's a well-known marketing axiom that it's less expensive to "up
sell" an established customer than acquire a new one. Faced with
intense competition in the marketplace for network access dollars,
NSP/ISPs are casting about for new services and network features that
retain and improve revenue per customer. Many see the answer in an
emerging public network architecture built around embedding
"smart" switches into a service layer over and above the
network's basic transport level. This intelligent service layer allows
service providers to quickly and cost-effectively deliver new IP-based
services and increase revenue streams.
Value-Added IP Services
The new public network will make it easy to deliver a wide range of
value-added services. These services include:
- Network-based VPNs: Using the public network to deliver private
- Network-based firewalls: Protecting the consumer customer and small
businesses from new and changing threats (for example the recent
"Zombie" and Distributed Denial of Service (DDoS) attacks);
- Broadband access wholesaling: Simplified and cost-effective delivery
of broadband customers by access NSPs to ISPs and other value-added
- B2B communications: Building virtual trading and partner networks
with security and address management to support the burgeoning
- Content delivery: Secure, quality of service-based delivery of
entertainment, financial, meetings, and other high-value content;
- Converged services: Combining voice, video, and data in a seamless
network transparent to the users.
The real power of the new public network is its ability to quickly
deliver new services with minimal investment in equipment or installation.
Impediments To Service Rollout
While there is a clear need for service providers to roll out new
services, the current, prevailing technical architecture does not support
scalable, cost-effective service delivery. First-generation service
provider VPNs and outsourced firewall services are based on the same
customer premise equipment (CPE) architecture that enterprises have used.
The only difference is that the service provider now owns and operates the
equipment. This approach requires significant service provider investment
in equipment, provisioning manpower and ongoing maintenance and
management. From the customer's perspective, these services take a long
time to be delivered and are generally only incrementally less expensive
than alternatives like frame relay services.
To truly scale and meet customers' expectations, service providers need
a different network platform that provides improved services, quicker
delivery and costs less to deploy.
The IP Service Architecture
This new network architecture is the service layer architecture. The
service layer architecture provides an intelligent switching layer that
delivers new services from the network rather than from CPE equipment.
Figure 1, below, shows a simplified diagram of a new public network based
on the service layer architecture.
This architecture presents a new layer in the service provider network
that logically separates the access network from the core. This
architectural layer supports user-oriented, session-aware services and
processing. The service layer contains a new class of networking products
called IP service switches. Providers of these types of new generation
service platforms include Spring Tide Networks, CoSine Networks, and the
Shasta division of Nortel Networks for data services, and Sonus Networks
and Convergent Networks for converged voice services.
The IP service switch provides high speed, high touch packet processing
coupled with specialized hardware to perform security, QoS, voice gateway,
firewall, and other intensive processes. They have multiple types of
interfaces and rich protocol support to allow service providers to support
any customer interface and multiple access and core technologies. They
provide a highly granular packet classification and user classification.
Based on this classification, multiple services can be delivered from the
same user session. These services might include wholesaling of the user
based on RADIUS authentication, encryption services, address management
(Network Address Translation), state-aware firewall services, and QoS.
Tunnel switching is a new and important service that allows the conversion
of any tunneling technology to another. For instance, in a broadband
digital subscriber line (DSL) application, tunnel switching would conduct
conversion of point-to-point protocol over Ethernet (PPPoE) subscriber
sessions into layer two tunneling protocol (L2TP) or IP security (IPSec)
connections to allow secure remote access to a corporate intranet.
IP service switches have the high performance, scalability and
reliability necessary to support a carrier-based service. Typically, these
new switching platforms support tens of thousands to hundreds of thousands
of user and site connections. They operate at high performance levels and
concentrate the expensive processing elements in one location in the
network thus saving costs, maximizing efficiencies, and taking advantage
of the statistical properties of use in a network. These services are
hosted on highly reliable and redundant processing platforms that provide
automatic recovery operations.
The service layer concept greatly enhances service providers' ability
to quickly provision and control the use of their network resources. The
IP service switches, which comprise the service layer, are typically
provisioned using centralized policy servers and management platforms.
This provides a new, simplified, and consistent method for provisioning
and managing new services. In addition, the services can be automatically
downloaded into the switches based on the type and actions of the users
accessing the network.
These new switches use directory and policy platforms such as RADIUS,
LDAP, and CORBA to control the actions of the switch. These actions can be
granular to the individual user or application. IP service switches also
typically provide a rich set of statistics, call records and other billing
information to meter and monitor the use and performance of the services.
By using centralized policy services, IP service switches can support
"follow me" services. This allows a user to access the service
provider network through any access method (DSL, cable, dial-up, wirelessï¿½)
and obtain the same services. Figure 2, below, illustrates a typical user
session using policy-based provisioning.
Characteristics Of The New Public Network
To be successfully adopted, the new public network architecture built on
the IP service layer would have to be characterized by the following:
- Concentration of "high touch" packet processing in the
service layer to improve performance and lower overall network cost;
- Consistent service provisioning and delivery independent of access
- Session and user awareness allowing per-user and per-flow services.
Examples might be encryption services for certain applications,
improved QoS for premium users, and address translation for particular
users and networks;
- Simplified CPE equipment with less cost and complexity at the edge
that provides an even richer set of services;
- Rapid turn-up of new services by simply provisioning the IP service
switch with different policies for the user or site;
- High scalability and concentration, including support for tens of
thousands to hundreds of thousands of connections and users per
A Call To Action
The service layer architecture is a major step towards enabling a
"smart" network. The benefits and potential revenue enhancements
this architecture provides are extremely compelling. The advent of
broadband access technologies, outsourced service trends (witness the rise
of application service providers), and enhanced online content point to an
explosion of network-based services. The right network architecture and
infrastructure must be in place to meet the anticipated demand. Most of
the forward-looking ISPs, inter-exchange carriers (IXCs), incumbent local
exchange carriers (ILECs), and competitive local exchange carriers (CLECs)
are deploying or evaluating the IP service switch products and the service
layer architecture. The time is now for all service providers to evaluate
where and when the service layer architecture fits into their network.
Scott Hilton is director of product marketing at Spring
Tide Networks. He is responsible for the product management and
strategic positioning of the IP Service Switch product line. Spring Tide
Networks is a developer of carrier-class network equipment that enables
service providers to offer new revenue-enhancing value-added IP services.
By creating a new service layer in the public IP network infrastructure,
Spring Tide Networks delivers the network intelligence required for the
widespread deployment of network-based IP services such as virtual private
networks (VPN) and firewall services. Spring Tide Networks products will
evolve today's "best effort" Internet infrastructure into
tomorrow's business-quality public IP network supporting a rich set of IP
services for data, voice and video applications.