* Honda Raffle - Click Here *


MPLS-Based IP VPN Service

Businesses of all types and sizes are facing the challenge of integrating data, voice, and video traffic in easily managed, scalable, economical, and flexible networks. Virtual private networks (VPNs) have emerged as a fundamental solution for meeting this challenge and business customers are now looking to service providers for value-added, cost-effective VPN services. By outsourcing VPNs to a service provider, business customers gain the advantages of reduced capital and personnel costs, simpler network management, "and pay-as-you-grow" scalability.

To deliver VPN services profitably, service providers want to leverage the efficiencies of Multiprotocol Label Switching (MPLS) technology. MPLS-based IP VPN services offer a tremendously appealing revenue opportunity for service providers. Predictions from the market-research firms IDC and Ovum indicate that by 2006, MPLS-based services will represent a US$14 billion opportunity worldwide.

"MPLS VPNs offer an entry for managed IP services," says Todd Hanson, principal analyst at Gartner, a technology research and advisory firm based in Stamford, Connecticut. "The clever service providers will base their business models and long-term profitability on value-added services, not exclusively on access."
This document describes how service providers can benefit from MPLS-based IP VPNs and MPLS solutions from Cisco Systems.

The Advantages of MPLS

By deploying MPLS technology, service providers can reduce the complexity and costs of delivering VPN services to a diverse base of large, small, and midsized businesses. MPLS simplifies deployment of IP VPNs because service providers can reduce the cost and effort of provisioning individual virtual circuits. In addition, network routes can be restricted to only member routers of the VPN, meaning service providers can ensure privacy and security equal to that of Layer 2 networks. (More information on VPN security is provided in the report on testing conducted for Cisco by Miercom; this report is available at http://www.cisco.com/offer/sp/ pdfs/vpn/MPLS-VPNs.pdf.)
MPLS technology enables service providers to deliver differentiated VPN services to numerous enterprise customers over a single, shared network infrastructure (Figure 1).

Figure 1 - MPLS enables delivery of VPN services on a single, shared network infrastructure.

Service providers also gain other immediate business benefits by adding Cisco MPLS technology to their networks, such as the following:

  • Seamless integration of voice and data networks under one network infrastructure 
  • Differentiated, end-to-end IP services with simpler configuration, management, and provisioning 
  • Scalable, any-to-any connectivity that can encompass multiple customers 
  • Simpler requirements for provider-managed networks with support for service-level agreements (SLAs) 
  • The ability to provide advanced quality of service (QoS) features that ensure network priority for mission-critical traffic 
  • Guaranteed bandwidth for streaming services such as multimedia, voice, videoconferencing, and e-learning 
  •  A standards-based technology; MPLS is an Internet Engineering Task Force (IETF) standard designed to ensure interoperability in multivendor networks 
  •  Integration with Cisco IOS(r) software in Cisco routers, switches, and other network elements

Service providers can also benefit from MPLS technical advantages. MPLS is deployed primarily in the core of a service provider's network, and is compatible with pure IP architecture as well as networks with a mix of IP and ATM and other Layer 2 technologies.

MPLS integrates the switching performance and traffic management capabilities of Data Link Layer 2 with the scalability and flexibility of Network Layer 3 routing. At the network edge, routers apply simple labels to data packets or frames. MPLS-enabled ATM switches or routers in the network core can then switch packets according to those labels with minimal lookup overhead.

Traffic engineering and class of service (CoS) are two key features of MPLS. Traffic engineering is enabled through MPLS mechanisms that direct traffic through a specific path, even if it is not the least-cost path. By using these mechanisms in the core network, engineers can implement policies to ensure optimal traffic distribution and improve overall network utilization.

The CoS features enable network administrators to provide differentiated services across the MPLS network by marking packets with a specific DiffServ Control Point (DSCP). With this technique, MPLS CoS supports packet classifications and improves capabilities for congestion avoidance and management.

MPLS VPN Service Description

MPLS-based VPNs can support an enterprise's basic communication needs today, as well as future value-added applications. MPLS-based VPNs also can create an intranet that links a corporate headquarters to remote offices over a shared, prioritized network and offer a cost-effective alternative to traditional leased-line, ATM, and Frame Relay technologies.

Extranet VPNs can link an enterprise's network resources with third-party vendors and business partners. MPLS provides the flexible, any-to-any connectivity that links any members of the VPN to each other, a requirement for the dynamic nature of extranets.

MPLS VPN Service Features

With a MPLS-based IP VPN, service providers can offer business customers a variety of service features, such as the following:

  • A fully-managed network solution that encompasses customer premises equipment (CPE) and network services, with support for any access speed and any access technology. 
  • Distinct classes of service for data, voice, video, and storage traffic with guaranteed service levels (determined by the service provider for each traffic type). 
  • IP multicast, a technique for using bandwidth efficiently when sending routine or common information to multiple sites. Multicast sends a single packet stream once to a group address that encompasses all of the recipients. Without multicast, the network must replicate the packet stream multiple times to reach multiple destinations.
  • Managed Internet access with security and privacy features such as integrated firewall and intrusion detection.
  • Off-net calling for voice-over-IP (VoIP) service.
  • Support for a customer's private IP addressing scheme, including network address translation (NAT) and Dynamic Host Control Protocol (DHCP) services.
  • Automatic failover features to assure high network availability.

Cisco Systems offers service providers exceptional network solutions for delivering these service features of MPLS VPNs (Figure 2).

Figure 2 - MPLS VPN Service Features

Market Opportunity

MPLS is an ideal solution for enabling a service provider to offer a site-to-site VPN service for business customers. This service can connect a customer's multiple branch offices and other small facilities into a single VPN over the service provider's shared infrastructure. A site-to-site VPN contrasts with a remote access VPN service, which is concerned largely with connecting individual teleworkers and mobile users.

Managed IP VPN services will yield US$20 billion in revenues worldwide by 2006 according to projections by IDC and Ovum. MPLS-based managed services will generate the majority of this revenue at $14 billion; the remaining $6 billion in revenue will be generated from IPSec-based VPN managed services.

Market Drivers

Several factors are driving the interest of business customers for MPLS-based VPN services:

  • Growth in network traffic due to increasing business use of networked applications. 
  • The need for businesses to connect more remote offices, teleworkers, business partners, and others to internal networks-over connections that are secure, reliable, and economical. 
  • Interest in new applications, such as IP telephony, that can significantly simplify networks, reduce costs, and enable new levels of communication efficiency.

A 2002 survey of US network managers, conducted by Cisco, found the majority of responding companies either had or were planning to implement IP-based VPNs for applications such as e-mail, Web browsing, remote access to corporate databases, and exchange of mission-critical data. This finding suggests the promising revenue opportunities available to service providers today for VPN services such as enhanced security (for example, management of firewalls, encryption, and user authentication) and access to internal Ethernet LANs. In the future, service providers may gain incremental revenues as business customers choose VPN expansions and additional services such as redundancy, classes of service, and wireless access.

Market Segmentation

This document segments the VPN services market according to company size, a factor that differentiates service requirements and opportunities.

Large enterprises (500+ employees) are prominent candidates for IP-based VPN service offerings. In the face of continually rising IT expenses, many large enterprises see the financial advantages of outsourcing the communications infrastructure. These customers have complex requirements for VPN design, including domestic and international connectivity, strong security, and integration with an existing network infrastructure.

A service provider must be able to handle the required network scalability and complexity of a large enterprise, as well as seamless integration of the enterprise's legacy networking technologies and applications. Certain SLA parameters are also critical: service availability, network latency, packet loss, mean time to recovery (MTTR), and jitter.

Midsize businesses (100-500 employees and remote offices) are also prime candidates for IP-based VPNs. The requirements of these businesses for VPN services include: increased bandwidth for remote users, greater geographic coverage, the ability to add users quickly, strong security, and service quality backed by SLAs.

Small businesses (20-100 employees) face the challenges of rapid growth, lack of in-house technical expertise, and limited ability to keep pace with new applications. Because a VPN is likely to be the only wide-area network service deployed by these customers, they require an affordable and secure VPN solution that encompasses all necessary equipment, accessories, and network services. This solution must also reduce the costs of dialup access, equipment, and maintenance; increase network uptime; and assure quality with SLAs.

Trends and Opportunities
The analyst firm Gartner Dataquest describes several opportunities for service providers when deploying MPLS-based IP VPNs:

  • Improved customer retention and increased profitability by offering cost-effective and flexible VPN services based on IP and MPLS.
  • VPNs offer an entry point for selling managed IP services in addition to access, increasing long-term profitability. 
  • The ability to customize VPN services for each business customer, increasing differentiation and adding value through bundled services for data, voice, video, network security, wireless access, and other options.
  • Improved profitability through reduced costs for VPN service provisioning and network operation, as well as simpler management of a single network. 
  • Flexibility to quickly change the internal network architecture for efficient resource use.
  • MPLS supports network scalability for delivering customer-specific, on-demand services.

Cisco MPLS VPN Solutions
Cisco Systems is uniquely positioned to help service providers deploy MPLS networks that enable new, profitable revenue opportunities through VPN services. Cisco site-to-site MPLS VPN solutions encompass carrier-class network equipment, customer access devices, network management applications, and VPN features implemented in Cisco IOS software.

The Cisco MPLS VPN solutions offers secure data, voice, and video communications among corporate locations, with QoS guarantees. Service providers can leverage the MPLS solutions to deliver affordable VPN services to customers with a wide range of access technologies and speeds (from 64 kbps to STM-1 at 155 Mbps). Site-to-site MPLS VPN services can be offered as bundled (with managed CPE) or as an unbundled (without managed CPE).

All VPN services can be managed with the Cisco VPN Solution Center, which includes applications for fault management, security services, end-to-end provisioning of VPN services, and SLA monitoring.

Cisco IOS software, implemented in the core network routers and switches, supports Cisco MPLS for Managed Shared Services, a group of MPLS-enhanced networking features. This solution set includes VPN-aware Network Address Translation (NAT), On-Demand Address Pools (ODAP), and multicast capabilities. The VPN Select feature enables service providers to extend a customer's MPLS VPN service to remote users across broadband access networks, irrespective of the last-mile access provider. To boost the uptime of MPLS VPN services, the Cisco hot standby failover protocols support dual homing. Cisco Hot Standby Routing Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) can be used in MPLS provider edge (PE) routers to deliver this access-link redundancy.

Cisco MPLS VPN solutions go through a rigorous cycle of feature development, testing, early field trials, and deployment documentation. These testing and validation efforts give service providers assurance of solution quality that enables fast VPN service deployment and minimized operational costs.

Future Directions
Cisco's continued development of MPLS technology will enable service provider networks to deploy many new types of VPN services for competitive differentiation. New MPLS-based VPN developments are expected to offer enhancements in service features for off-net integration, class of service, multicast, and IP telephony.



ECOS Research, Inc.