August 2000
|
Provisioned VPNs Versus Internet Consortium
VPNs
BY KENT LOWELL
As corporations use the Internet for more and more applications, their
dependency on the Internet also increases. When corporations depend on a
network for continued viability, their demand for service level guarantees
also increases. These trends have led to a surge in interest in Virtual
Private Networks (VPNs). However, not all VPNs are created equal. Smaller
ISPs provide local access services in defined geographical regions.
Corporations therefore may receive end-to-end service from multiple
suppliers in much the same way that X.25 and frame relay consortiums have
been operating for many years. This current method for linking multi-site
corporations over the Internet with some level of security via encrypted
tunnels can be called an "Internet consortium VPN." In contrast,
large-scale carriers or network service providers differentiate themselves
from consortiums, and other large carriers, by offering corporations
multi-site connectivity across a single backbone infrastructure. On this
single managed backbone, the carrier "provisions" the
corporation's VPN and can offer highly predictable performance and
consistent quality. The question is, which model will dominate
next-generation IP corporate networks of the future -- Provisioned VPNs or
Internet consortium VPNs?
VPN APPROACHES
Corporations with distributed locations -- with high needs for strict
security and strict network performance and predictability -- continue to
lease bandwidth and build and operate their own routed or switched private
networks. Yet at the same time, the market for outsourcing the corporate
network to a network service provider -- and creating a VPN-- is growing
fast. In terms of direct control over access, security, and deterministic
performance, building your own private network or outsourcing a VPN
architecture can yield quite different results. When we look closely at VPNs,
there are two major approaches. The first approach is to use ISPs for
Internet access local to the branch office and encrypt IP conversation pairs
from corporate location to location. The second approach is to use a single
carrier that can offer multi-site connectivity across a single backbone
infrastructure that is not used for general Internet traffic.
Recently, VPN has come to mean Internet-based communication, via
encrypted tunnels, but in reality, this is not the only form of VPN. Using a
single carrier and pre-defining locations to be connected, with agreed to
and engineered bandwidth and performance, is called a "provisioned VPN."
Internet-based VPNs have certain compelling advantages over provisioned VPNs,
but also have significant disadvantages. Internet-based VPNs use encryption
to create a form of "closed user group" security for the
enterprise across a public shared packet network, whereas provisioned VPNs
tend to use Layer 2 virtual circuits to create closed user groups. Internet
VPNs, with encryption, can have acceptable security, but have unpredictable
performance. Provisioned VPNs can have very excellent performance and
security, but are dependent on a single vendor to offer reach and breadth of
service offerings.
INTERNET VPNS
To form an Internet VPN, corporations typically use multiple ISPs that
collectively provide greater reach and local connectivity options no single
carrier can offer, and typically also at lower cost, at least in the U.S.
Local ISPs can sometimes offer more intimate support and responsiveness, but
may not have the level of experience or staff depth to fully address
business quality service levels. It is also true, by definition, that using
multiple suppliers creates a larger workload on the central network manager
or the CIO responsible for rolling out network-based applications. The
biggest problem with using multiple suppliers, however, is the inability to
define and meet consistent end-to-end bandwidth or performance objectives.
For a historical analogy, consider the consortium model. For many years,
X.25 and frame relay service providers have established NNIs (Network to
Network Interface) to expand their coverage and jointly offer connectivity
to customers. Typically, there is no end-to-end visibility, so when network
troubles arise, troubleshooting and trouble isolation are more difficult and
time consuming. In the Internet, these network-to-network interfaces are
called "peering points" and can be either public Network Access
Points (NAPs) with dozens of providers or private peering points between as
few as two service providers. These private peering points are, in effect,
IP NNIs.
There is general confusion -- typically created by IP service providers
-- in distinguishing between the Internet and provisioned networking. VoIP
vendors may seriously add to this confusion when they assert they are
offering "voice over the Internet." Usually, when you examine
their architecture and see where the traffic is flowing, the VoIP traffic
never traverses the general Internet. The VoIP traffic is parsed out of the
rest of the traffic and flows over dedicated connections serving only one
class of service, VoIP, and is handed from one ISP to the next via private
NNIs-- not through public peering points.
PROVISIONED VPNS
Provisioned VPNs, typically built on OSI layer 2 virtual circuits such
as frame relay and ATM, are provisioned by service providers based on
customer orders. Virtual circuits, based on pre-determined locations, create
closed user groups and work well to "carve out" a VPN in a public
shared network by limiting access and usage to the provisioned VPN
community. Pricing for virtual circuits is usually associated with bandwidth
commitments, such as frame relay Committed Information Rate (CIR), so
service providers can control or engineer their backbones. This approach is
really based on a leased-line replacement model. Frame relay
"virtual" circuits are purchased between locations where
previously "real" circuits would have been required. A mature
frame relay provider has the experience to know what level of over-booking
(selling the same bandwidth to several customers) they can engineer and
still offer tight service level agreements (SLAs). In this controlled
environment, availability, security, and performance can be well defined,
implemented, and reported.
ADVANTAGES OF THE PROVISIONED VPN
Will Internet VPNs replace both leased lines and leased line replacement
offerings, or will provisioned VPNs overtake Internet VPNs? The reality is
that they both have their place and will be used in combination. The
provisioned VPN, however, is the only viable way to replace leased lines
carrying mission-critical and time-sensitive applications. Internet VPNs
will grow more attractive as IP QoS mechanisms are deployed, but it will
take many years for IP DiffServ (IETF IP Differentiated Services) to be
implemented and widely available. Even so, most proposed IP QoS
architectures are based on prioritization of traffic flows. Priority-based
networks only provide relative performance and are not based on absolute
performance mechanisms such as guaranteed bandwidth. Without guaranteed
bandwidth -- when and where needed -- available instantaneous real-time
flows, such as VoIP, will suffer quality degradation when contention exists.
Prioritization gives you a higher probability that your traffic will get
through, but cannot guarantee it. Multi Protocol Label Switching (MPLS) is
also receiving a great deal of attention as an IP-VPN architecture that can
support QoS. MPLS is used in the core of a carrier network to remove scaling
and addressing issues associated with large numbers of virtual circuits and
is also based on customer orders. Therefore, MPLS, in practice, is used in a
provisioned application and, today, should be considered part of the
provisioned VPN model and not part of the Internet VPN model.
No CIO will move time-sensitive revenue applications to an Internet VPN
when his or her job depends on making end users happy. The CIO will
architect the corporate computing model to meet the corporation's business
objectives and will architect the corporate network to meet the
user-specific performance objectives for the applications users require.
Cost savings are not a compelling reason to pull mission-critical,
time-sensitive applications from leased lines to Internet VPNs. However,
cost savings and guaranteed end-to-end performance with measured and
reported SLAs can be important enough to pull mission-critical and
time-sensitive applications to provisioned VPNs.
Internet VPNs will dominate for traveling users, because of the
ubiquitous connectivity offered by the Internet. Internet VPNs will also
likely succeed for distributed locations that do not require any real-time
applications. On the other hand, provisioned VPNs will beat out Internet
VPNs whenever users require real-time applications or frequent access to
centrally located corporate computing facilities. Provisioned VPNs can also
provide combined intranet and Internet access. With intelligent customer
premises equipment (CPE) that can control the allocation of bandwidth by IP
traffic flow, the provisioned VPN can offer both guaranteed performance and
the Internet's ubiquitous connectivity.
Kent Lowell was a co-founder of QWES.com, which was recently acquired
by Natural MicroSystems, and he currently serves as director of IP services
management. Natural MicroSystems designs, develops, and supplies
network-quality hardware and software components and provides design and
customization services. For more information, visit the company's Web site
at www.nmss.com.
[ return
to the August 2000 table of contents ]
|
|
IP Telephony -- Extending The Enterprise
BY WILLIAM RICH
There is no shortage of solutions aimed at the telecommuter market. But
most fall short when it comes to telephony features. Can IP telephony
finally deliver on the promise of the remote virtual office? The answer is a
resounding: "Yes!"
The recent deployment of IP local exchange products coupled with
low-bandwidth, high-quality voice compression creates a solid foundation for
extending business telephone service to telecommuters at home or on the
road. The efficiencies of IP packet technology coupled with G.723.1 voice
compression at 6.4 Kbps provide enough bandwidth for road warriors and SOHO
workers to have a complete "virtual office" over a standard 56
Kbps Internet modem connection back to the office. Your current location is
your office. When someone calls your extension at work, your IP phone rings
wherever you are.
To ensure adequate QoS, telecommuters require a managed, private IP
network. While many people consider the use of IP telephony to be limited to
the Internet, private IP telephony networks are rapidly emerging. Consider
the differences between IP telephony over private networks versus the
Internet:
- IP Telephony over Private Networks (Calls made over
private WANs using IP telephony protocols): Since the network is
private, service is reliable because the network owner can control how
resources are allocated to various applications, such as telephony
services. Today, billions of dollars are being spent to create these
private IP telephony networks that will soon span the globe.
- IP Telephony over the Internet (Calls made over the
public Internet using IP telephony protocols): The Internet is a public,
largely unmanaged network that offers no reliable service guarantee.
Calls placed over the Internet can be low in quality, but given the low
price, some find this solution attractive. A major use of voice over the
Internet is for international long-distance calls.
Once the private IP network is in place, software in the form of an IP
local exchange is required to provide the PBX voice features that are
demanded by today's telecommuters. Why should telecommuters settle for less
feature functionality than their co-workers back at the office? Basically,
an IP local exchange is a carrier-class product that resides in the service
provider network, providing PBX-like telephony service to multiple business
and telecommuter customers. Call agent software runs on mirrored, redundant
UNIX servers to ensure maximum availability of the call processing function,
while JAVA-based administrative software allows system managers to configure
and maintain all voice services from a browser anywhere on the network.
End-user voice services are delivered via IP-Ethernet phones or analog
telephones (via Ethernet-to-analog adapters). Typically, enterprise
customers rent the service from the service provider and the service
provider is responsible for administering and maintaining the service.
A packet connection is required from the IP local exchange to the
telecommuter. Choices range from a standard dial-up modem connection all the
way up to a T1 line. CATV, xDSL, and wireless connections are also
completely acceptable. In a managed network, QoS issues are resolved by
prioritizing the voice bits ahead of the "data" bits via software
algorithms.
Today, the telecommuter has three choices for an IP phone: A standard
"POTS" phone, a PC "soft" phone, and an IP-Ethernet
telephone. All three have their advantages and disadvantages.
- A POTS phone is a standard, off-the-shelf analog telephone. Its
advantages are availability and low price. But POTS phone users suffer
greatly because POTS phones do not have the convenient buttons for call
features and voice mail that most business users are accustomed to.
Also, to actually use phone features on a POTS phone, a complicated
system of numeric entry must be used. In addition, the low-price
advantage of a POTS phone is offset by the requirement for a relatively
expensive Ethernet-to-analog adapter to interface the POTS phone to the
IP network.
- A "soft" phone is software that runs on the user's PC. Most
"soft" phones graphically resemble a business telephone set.
One advantage is low price, but most users today are still reluctant to
give up their traditional telephone set. Also, since a "soft"
phone relies on the PC sound card, many users experience volume level
problems after configuring the "soft" phone and then switching
back to other PC applications that also use the sound card.
- An IP-Ethernet phone looks and works just like a traditional
multi-line business display phone, but it plugs into an Ethernet RJ-45
wall jack instead of the traditional RJ-11 analog telephone jack. The
IP-Ethernet phone has all the call feature buttons that are enjoyed by
business users. Currently, IP-Ethernet phones are priced similar to
traditional PBX phones ($300 and up), but emerging "IP phone on a
chip" technologies promise dramatically lower prices in the
not-too-distant future. What the world needs is a $100 off-the-shelf,
open-standards-based IP-Ethernet phone.
As the demand for quality telecommuter applications increases, both
businesses and service providers can benefit greatly from the
application-driven IP local exchange. By moving now to this next-generation
solution, providers can strengthen their positions in the increasingly
competitive business telecom marketplace by easily extending all enterprise
voice features to telecommuters. c
William Rich is CEO of VocalData. VocalData is a leader in the rapidly
emerging IP local exchange market. The company provides a complete solution
of call agents, customer premise equipment (CPE), and network hardware that
allows service providers to offer fully featured business and residential
telephone service over data networks. For more information on the company's
products and services, please visit their Web site at www.vocaldata.com.
[ return
to the August 2000 table of contents ]
|
|
It's Time To Take A Look At Private IP
Networks
BY DOUG LAURIN
There is good reason for today's organizations to add private IP to their
enterprise-wide telephony options. Global network providers are driving
their owned and managed converged voice, data, and native IP platforms to
performance and reliability levels that leave the public Internet, not to
mention the public switched telephone network (PSTN), far behind. These new
IP platforms give enterprises a viable and cost-effective alternative to the
traditional networks.
Increasingly, there is a meaningful choice when it comes to IP networking
through these "private IP" transport platforms that can be
deployed enterprise-wide. New IP routing protocols permit enterprises to
integrate voice, fax, and data traffic over global private IP networks. In
addition, Internet access and managed firewall services can be incorporated
into the solution. Access speeds of 155 Mbps and 45 Mbps enable
multi-service networks without paying for the Committed Information Rates
(CIR) needed on frame relay networks to assure acceptable performance
levels.
There is a significant difference between these private IP networks and
the public Internet. Most use the term "pure IP" to describe the
enhanced infrastructure and support, which results in highly secure virtual
private networks (VPNs) that emulate a private wide-area network and are
operated with end-to-end equipment management, IP address administration,
managed Internet security, and 24x7 services monitoring. These private IP
networks also provide secure public Internet access that extends the reach
of the network worldwide with a variety of access technologies and pricing
to customers, suppliers, remote sites, and business partners. These
extranets create significant cost savings for corporations that deploy them.
In addition, the enhanced applications now being deployed for IP make
private IP networks a desirable option to the PSTN. In a recent report
entitled "Global IP Telephony Service Markets," Frost &
Sullivan acknowledged the importance of enhanced applications in IP
networking, noting that the decline of the PSTN makes value-added features
take on "increased significance." In particular, the report cites
unified messaging, presence management, and click-to-talk applications for
call centers as "the most prominent enhanced applications," adding
that "recently introduced Internet call waiting and virtual second-line
applications will be added to this list."
SMARTER AND CHEAPER THAN SWITCHED VOICE
What is pulling corporate networks into private IP is the chance to do
packetized voice right the first time. There is no doubt that a converged
voice and data network is cheaper than switched voice -- and much more
versatile. The flexibility of VoIP is combined with the quality and
reliability of traditional data transport on a single platform that has the
bonus of the Web's convenient browser-type interface. To initiate a voice
call from a handset, one simply dials the number and a virtual PBX routes
the call over the private IP network. When the call is initiated from a PC,
all that's required is to click on voice call buttons on intranet/extranet
pages or on a corporate telephone directory. Either way, the technology
underlying these voice calls, because of the clarity and lack of latency
that private IP delivers, is transparent to end users when making both
on-net and off-net calls from any type of calling device.
Given that the 5,500 largest multinational enterprises alone spent over
$9 billion on international voice services last year, according to a Yankee
Group "Europe 100" survey, the savings perspective is compelling.
The cost benefit of running voice services over a private IP network is
obvious in the form of 20 percent or more savings on international
long-distance as compared to traditional voice services. The savings versus
calls over the public Internet are not measured by comparing costs, but by
comparing usage. The improved quality of voice over private IP as compared
to Internet-based telephony results in widespread end user acceptance. This
immediately translates into lower switched voice costs because perceived
resistance to IP calling is eliminated.
Call center operations are also prime candidates for private IP networks.
Increasingly, these operations are being fully integrated with Web and
intranet/extranet access. The end user wants to complete the online
experience with a voice communication. For this type of application, private
IP offers the best underlying transport technology because it allows open
routing of the call from any point in the network to any other point.
Innovative software and hardware companies have refined PSTN-to-IP gateways
and Internet dialers so as to resolve prior performance issues.
IMPROVING NETWORKING ROI
Return on investment (ROI) is an accounting concept that is becoming one
of the newer terms in the network manager's vocabulary. No longer is the
enterprise network viewed by top management as a cost of doing business.
Increasingly, they view it as a strategic investment. As private IP network
deployment increases, ROI will improve. The primary reason is that network
resources and application requirements can be more closely matched. It will
no longer be necessary to over-provision bandwidth to meet the needs of
mission-critical applications only at certain peak periods. Instead, the
private IP network delivers priority routing on demand.
This is accomplished by class of service options enabled by multiprotocol
label switching (MPLS) or related technologies over the private IP backbone.
There is a choice of three levels of performance for each application (e.g.,
voice, intranet, Internet access). The highest level is reserved for top
priority, low latency traffic such as voice, interactive business
applications, and SNA, and is the highest performing class of IP networking
available today. Another level is optimized to transport multiprotocol
applications that are less sensitive to delay. The third level transports
all other traffic while still providing performance and security that are
superior to the public Internet.
A PROACTIVE PAYOFF
The ideal candidates for private IP networking are enterprises with
integrated intranet/Internet traffic over highly meshed enterprise networks
and a need for Internet-type, any-to-any pricing without incurring added CIR
costs. With private IP, these enterprises receive a network that is easy to
order and configure since there is no CIR sizing and/or pricing involved.
Additional value is realized through Internet gateways to build extranets
with business partners and complete internal security with 24x7 managed
firewalls. Later on, the private IP backbone can be easily migrated to the
Internet, or its successor, as new technologies in the areas of class of
service, security, and applications emerge that resolve existing performance
and security issues that are now inherent in using a public IP network.
The payoff for private IP is that today's network managers can execute a
proactive, ROI-driven converged networking strategy that removes the cost
and administrative concerns required to maintain both a public switched
voice and IP data networking configuration. On top of this, the private IP
network is totally scalable and future-proof while delivering superior
performance and reliability today. Given all of these factors, adding
private IP to an enterprise's networking platform is an alternative whose
time has come.
Doug Laurin is director of IP business services for Infonet Services
Corp. Infonet is an independent, single-source supplier of global networking
services to multinational enterprises. For more information, visit Infonet's
Web site at www.infonet.com, or contact
him at [email protected]
[ return
to the August 2000 table of contents ]
|
|