Implementing Voice-Ready VPNs
BY STEVE VOGELSANG
The popularity of VPNs (virtual private networks) is exploding due to
their ability to dramatically reduce the cost and complexity associated with
connecting remote sites and users. However, VPNs have to date lacked the
ability to deliver delay-sensitive traffic such as voice and video with the
same QoS (Quality of Service) as networks based on private lines, ATM, or
Frame Relay. That limitation has led corporate administrators who are
interested in carrying voice traffic over their data infrastructure to
second-guess VPN migration.
With the advent of service enabling technologies including MPLS (multiprotocol
label switching) and service edge routers, network administrations can now
deploy voice-ready IP VPNs with confidence. Voice-ready VPN technology takes
advantage of the reduced cost and complexity of IP networks as a delivery
mechanism while maintaining the high levels of QoS previously associated
only with dedicated ATM and Frame Relay service.
Before examining voice-ready VPNs, itï¿½s helpful to briefly review the
ATM technology that forms the basis of the ATM and Frame Relay service used
to deliver packetized voice traffic with low latency and jitter.
A Review: Voice over Private Networks
ATM networks are connection-oriented, and were designed with multimedia
requirements in mind. ATM uses connections to reserve backbone bandwidth and
separate voice and data traffic on each interface, thereby guaranteeing low
latency delivery of voice packets. On backbone trunks, each connection is
mapped into one of three service queues (CBR, VBR, or UBR) with strict
priority scheduling of traffic from the service queues. This ensures that
voice (CBR) is prioritized and separated from less delay-sensitive traffic,
such as data (UBR).
To avoid congestion among the voice connections that share a service
class and queue, the edge ATM switches perform call admission control (CAC)
and usage parameter control (UPC). CAC is performed on each new connection
to ensure that there is sufficient backbone capacity before accepting the
connection. By only accepting the amount of traffic the backbone can handle,
the voice queues will not experience congestion. UPC ensures that incoming
traffic on each accepted connection does not exceed the guaranteed rate and,
therefore, protects the backbone queues from excessive traffic. ATM also
uses a fixed, 53-byte cell size to reduce delay variation (a.k.a. jitter) on
MPLS Brings Multi-Service Capabilities to IP Networks
In contrast, IP networks are connectionless. Instead of establishing
connections in advance, each packet is individually addressed for its
destination. Each network router (hop) looks at the address of incoming IP
packets and routes the packet to an output interface using a dynamic routing
table. Unlike ATM, the path through the network is non-deterministic and is
computed on a hop-by-hop basis. This makes it very difficult to control the
amount of traffic on each backbone trunk leading to congestion and delays.
Enter a new class of router, the service edge router, which adds
bandwidth control and service awareness to the edge of IP service networks.
Service edge routers use MPLS technology in the IP core to reserve backbone
bandwidth on pre-established Label Switched Paths (LSPs) that are analogous
to ATM connections. The service edge routers then use the reserved bandwidth
on LSPs to ensure low-latency delivery of voice traffic through the backbone
Beyond bandwidth reservations, the service edge router must also perform
service classification, packet marking, UPC, and CAC. The UPC and CAC
functions are the same functions which are performed by an edge ATM switch,
only in the case of a service edge router they are performed on flows
instead of connections. Service classification and packet marking are unique
to IP and are used to identify and indicate the (voice) flows within a
stream of packets. When a service edge router receives packets from a
customer it uses ï¿½code pointsï¿½ in the packet such as the IP Type of
Service (TOS) byte to separate packets into flows and then assigns each flow
to a service class such as CBR, VBR, or UBR. The service edge router
communicates flow and service class information to backbone routers using
similar code points in the IP or MPLS packet header.
With service edge routers and MPLS technology, service providers can now
offer voice-ready IP VPN services.
VPNs: One Choice for Voice
VPNs come in a dizzying array of choices, most of which are not suitable
for carrying voice traffic. The flavors of VPNs include: CPE-based which are
managed by the end users, remote access VPNs, and finally network-based MPLS
(also known as provider-provisioned) VPNs.
CPE-based VPNs (such as IPSec) are controlled and managed by network
administrators at corporate and remote sites. Since these VPNs are defined
on CPE equipment and are transparent to the service provider, it is
difficult for the service provider to guarantee service delivery of traffic
(such as packetized voice) across the wide area due to this lack of control
and knowledge of the type of traffic traversing the network.
To guarantee voice traffic delivery, a network-based VPN is required
where the service provider creates the VPN, is aware of the mix of data and
voice traffic and can therefore control and guarantee delivery of voice
traffic. Using service edge routers this approach provides the same
guarantees as provided by ATM services today.
BGP/MPLS or Layer 3 VPNs: Voice Ready
One type of network-based VPN, referred to as either a BGP/MPLS or Layer
3-based VPN, is suitable for carrying voice traffic. Layer 3 VPNs use MPLS
to carry customer VPN traffic and, therefore, can take advantage of the
bandwidth reservation inherent to MPLS.
These capabilities are possible because BGP/MPLS VPNs create a unique set
of LSPs for each customer VPN. While provisioning the VPN, the service
provider can take into account the amount of voice traffic (real-time) the
customer has requested and ensure that the LSPs are routed across paths with
sufficient reserved bandwidth to guarantee delivery of all the real-time
How IP DiffServ is Preserved in MPLS VPNs
Once an LSP is created, service providers can use Layer 3 VPNs to
deliver packetized voice over the wide area, by applying labels to IP
traffic and prioritizing and isolating voice traffic from other traffic
within the service providerï¿½s network using an IETF technology called
DiffServ defines specific code points in the TOS field of IP packet
headers that indicate the type of traffic contained in the packet. The
customer can configure the CPE router to mark voice and data packets with
specific DiffServ code points. Service edge routers separate incoming
traffic on customer interfaces into flows based on the DiffServ code point.
Each flow is metered (a.k.a. UPC) to ensure that it is within the committed
rate and then assigned to a service class. This allows service providers to
offer VPNs with a range of basic service classes:
- Real-Time: For delay-sensitive traffic such as voice/video.
- Premium: For premium Internet access or Layer 2 transport
- Best-Effort: For best-effort Internet access.
Incoming packets are guaranteed low latency delivery across the backbone
network by indicating the service class in the MPLS label and being mapped
onto LSPs with reserved bandwidth. Core routers maintain the service classes
using such techniques as Strict Priority Queuing or Weighted Fair Queuing (WFQ).
The result is guaranteed, low-latency, low-jitter delivery for voice
across an IP backbone network that was once limited to private line
Voice Ready Adoption
VPNs are providing a level of flexibility and network simplicity that
has led to a rapid adoption throughout the world. MPLS-based Layer 3 VPNs
are exploding in popularity, particularly in regions outside of the U.S.
that did not adopt Frame Relay service at the same rate of U.S.-based
corporations. Network administrators looking to transport voice traffic over
their data network should seriously consider MPLS-based Layer 3 VPNs due to
their ability to deliver a range of delay-sensitive traffic, including voice
and video, across the Internet backbone with guaranteed low levels of
latency and loss required for widespread corporate adoption.
Steve Vogelsang is vice president and cofounder of Laurel Networks,
Inc. Laurel Networks is a leading provider of service edge routers designed
and developed specifically for the edge of IP/MPLS networks. Please visit
their Web site at www.laurelnetworks.com.
To The July 2002 Table Of Contents ]