Service providers can also benefit from MPLS technical advantages. MPLS is deployed primarily in the core of a service provider's network, and is compatible with pure IP architecture as well as networks with a mix of IP and ATM and other Layer 2 technologies.

MPLS integrates the switching performance and traffic management capabilities of Data Link Layer 2 with the scalability and flexibility of Network Layer 3 routing. At the network edge, routers apply simple labels to data packets or frames. MPLS-enabled ATM switches or routers in the network core can then switch packets according to those labels with minimal lookup overhead.

Traffic engineering and class of service (CoS) are two key features of MPLS. Traffic engineering is enabled through MPLS mechanisms that direct traffic through a specific path, even if it is not the least-cost path. By using these mechanisms in the core network, engineers can implement policies to ensure optimal traffic distribution and improve overall network utilization.

The CoS features enable network administrators to provide differentiated services across the MPLS network by marking packets with a specific DiffServ Control Point (DSCP). With this technique, MPLS CoS supports packet classifications and improves capabilities for congestion avoidance and management.

MPLS VPN Service Description

MPLS-based VPNs can support an enterprise's basic communication needs today, as well as future value-added applications. MPLS-based VPNs also can create an intranet that links a corporate headquarters to remote offices over a shared, prioritized network and offer a cost-effective alternative to traditional leased-line, ATM, and Frame Relay technologies.

Extranet VPNs can link an enterprise's network resources with third-party vendors and business partners. MPLS provides the flexible, any-to-any connectivity that links any members of the VPN to each other, a requirement for the dynamic nature of extranets.

MPLS VPN Service Features

With a MPLS-based IP VPN, service providers can offer business customers a variety of service features, such as the following:

• A fully-managed network solution that encompasses customer premises equipment (CPE) and network services, with support for any access speed and any access technology. 
  
• Distinct classes of service for data, voice, video, and storage traffic with guaranteed service levels (determined by the service provider for each traffic type). 
  
• IP multicast, a technique for using bandwidth efficiently when sending routine or common information to multiple sites. Multicast sends a single packet stream once to a group address that encompasses all of the recipients. Without multicast, the network must replicate the packet stream multiple times to reach multiple destinations.
  
• Managed Internet access with security and privacy features such as integrated firewall and intrusion detection.
  
• Off-net calling for voice-over-IP (VoIP) service.
  
• Support for a customer's private IP addressing scheme, including network address translation (NAT) and Dynamic Host Control Protocol (DHCP) services.
  
• Automatic failover features to assure high network availability.

MPLS is an ideal solution for enabling a service provider to offer a site-to-site VPN service for business customers. This service can connect a customer's multiple branch offices and other small facilities into a single VPN over the service provider's shared infrastructure. A site-to-site VPN contrasts with a remote access VPN service, which is concerned largely with connecting individual teleworkers and mobile users.

Managed IP VPN services will yield US$20 billion in revenues worldwide by 2006 according to projections by IDC and Ovum. MPLS-based managed services will generate the majority of this revenue at $14 billion; the remaining $6 billion in revenue will be generated from IPSec-based VPN managed services.

Market Drivers

Several factors are driving the interest of business customers for MPLS-based VPN services:

• Growth in network traffic due to increasing business use of networked applications. 
  
• The need for businesses to connect more remote offices, teleworkers, business partners, and others to internal networks-over connections that are secure, reliable, and economical. 
  
• Interest in new applications, such as IP telephony, that can significantly simplify networks, reduce costs, and enable new levels of communication efficiency.

A 2002 survey of US network managers, conducted by Cisco, found the majority of responding companies either had or were planning to implement IP-based VPNs for applications such as e-mail, Web browsing, remote access to corporate databases, and exchange of mission-critical data. This finding suggests the promising revenue opportunities available to service providers today for VPN services such as enhanced security (for example, management of firewalls, encryption, and user authentication) and access to internal Ethernet LANs. In the future, service providers may gain incremental revenues as business customers choose VPN expansions and additional services such as redundancy, classes of service, and wireless access.

Market Segmentation

This document segments the VPN services market according to company size, a factor that differentiates service requirements and opportunities.

Large enterprises (500+ employees) are prominent candidates for IP-based VPN service offerings. In the face of continually rising IT expenses, many large enterprises see the financial advantages of outsourcing the communications infrastructure. These customers have complex requirements for VPN design, including domestic and international connectivity, strong security, and integration with an existing network infrastructure.

A service provider must be able to handle the required network scalability and complexity of a large enterprise, as well as seamless integration of the enterprise's legacy networking technologies and applications. Certain SLA parameters are also critical: service availability, network latency, packet loss, mean time to recovery (MTTR), and jitter.

Midsize businesses (100-500 employees and remote offices) are also prime candidates for IP-based VPNs. The requirements of these businesses for VPN services include: increased bandwidth for remote users, greater geographic coverage, the ability to add users quickly, strong security, and service quality backed by SLAs.

Small businesses (20-100 employees) face the challenges of rapid growth, lack of in-house technical expertise, and limited ability to keep pace with new applications. Because a VPN is likely to be the only wide-area network service deployed by these customers, they require an affordable and secure VPN solution that encompasses all necessary equipment, accessories, and network services. This solution must also reduce the costs of dialup access, equipment, and maintenance; increase network uptime; and assure quality with SLAs.

Trends and Opportunities
The analyst firm Gartner Dataquest describes several opportunities for service providers when deploying MPLS-based IP VPNs:

• Improved customer retention and increased profitability by offering cost-effective and flexible VPN services based on IP and MPLS.
  
• VPNs offer an entry point for selling managed IP services in addition to access, increasing long-term profitability. 
  
• The ability to customize VPN services for each business customer, increasing differentiation and adding value through bundled services for data, voice, video, network security, wireless access, and other options.
  
• Improved profitability through reduced costs for VPN service provisioning and network operation, as well as simpler management of a single network. 
  
• Flexibility to quickly change the internal network architecture for efficient resource use.
  
• MPLS supports network scalability for delivering customer-specific, on-demand services.

Cisco MPLS VPN Solutions
Cisco Systems is uniquely positioned to help service providers deploy MPLS networks that enable new, profitable revenue opportunities through VPN services. Cisco site-to-site MPLS VPN solutions encompass carrier-class network equipment, customer access devices, network management applications, and VPN features implemented in Cisco IOS software.

The Cisco MPLS VPN solutions offers secure data, voice, and video communications among corporate locations, with QoS guarantees. Service providers can leverage the MPLS solutions to deliver affordable VPN services to customers with a wide range of access technologies and speeds (from 64 kbps to STM-1 at 155 Mbps). Site-to-site MPLS VPN services can be offered as bundled (with managed CPE) or as an unbundled (without managed CPE).

All VPN services can be managed with the Cisco VPN Solution Center, which includes applications for fault management, security services, end-to-end provisioning of VPN services, and SLA monitoring.

Cisco IOS software, implemented in the core network routers and switches, supports Cisco MPLS for Managed Shared Services, a group of MPLS-enhanced networking features. This solution set includes VPN-aware Network Address Translation (NAT), On-Demand Address Pools (ODAP), and multicast capabilities. The VPN Select feature enables service providers to extend a customer's MPLS VPN service to remote users across broadband access networks, irrespective of the last-mile access provider. To boost the uptime of MPLS VPN services, the Cisco hot standby failover protocols support dual homing. Cisco Hot Standby Routing Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) can be used in MPLS provider edge (PE) routers to deliver this access-link redundancy.

Cisco MPLS VPN solutions go through a rigorous cycle of feature development, testing, early field trials, and deployment documentation. These testing and validation efforts give service providers assurance of solution quality that enables fast VPN service deployment and minimized operational costs.

Future Directions
Cisco's continued development of MPLS technology will enable service provider networks to deploy many new types of VPN services for competitive differentiation. New MPLS-based VPN developments are expected to offer enhancements in service features for off-net integration, class of service, multicast, and IP telephony.