Subscribing to a Managed Layer 3 MPLS VPN Service

One main goal when considering a managed Layer 3 MPLS VPN-service offering is ensuring that the service is aligned with customer expectations and requirements. The two key aspects to qualifying a service provider are business and technical. For business, contractual factors, such as billing, reporting, and service-level management, highlight discussion points between a service provider and an enterprise customer. Technical discussion points can include setting up a customer edge router that can communicate with an MPLS-enabled service provider core. What role does routing play? Most of the routing protocolsincluding Routing Information Protocol (RIP), EIGRP, OSPF, eBGP, and static routesare supported by Cisco. With the exception of EIGRP, these protocols are also supported in the IETF.

If a customer runs a different routing protocol from that which is supported by a service provider, redistribution is required on a customer edge router. Customer edge to customer edge, IPSec, or generic routing encapsulation (GRE) tunnels are also supported. Thus, nothing much changes on a customer edge router, and no additional functionality needs to be enabled on a customer edge router.

For a basic topology, a customer should confirm that a provider supports the following:

• Partial-to-full mesh and hub and spoke implementations.

• Routing protocol supported by the customer's network.

• Whether the service provider has a full MPLS or partial MPLS core and whether the traffic will ever traverse non-MPLS regions. If this is the case, how are SLAs and security guaranteed when traffic traverses a third-party SP network, and/or a non-MPLS network? Additionally, which tools are used for billing, managing, and troubleshooting? Which mechanisms are available to an enterprise customer to validate billing? Order a new service? Check a report? How can an enterprise customer police its SLAs?

Therefore, some key questions to ask the service provider include the following:

• What is the technical know-how of the architecture and engin-eering support staff for the development and deployment of Layer 3 (BGP-VPN) services?

• Which technologies is the service provider using to support critical enterprise applications, such as QoS, multicast, and service description?

• Does a service level agreement description exist? This is often perceived as a marketing paper by enterprises. More specifically, how do service providers implement "tight" SLA guarantees?

• Does the service provider subscribe to its own service? An example of this is the deployment of a service provider's customer care organization as an internal Layer 3 MPLS VPN to the managed service?

• Is the provider relying on a private infrastructure or the public Internet for service deployment?

• What is the number of managed Layer 3 MPLS VPNs (customers and routers, for example)?

• What are the customer references?

• What is the service provider's geographical reach? (This is a concern for multinational corporations.)

• How do service providers implement end-to-end quality of service guarantees while spanning multiple providers internationally?

• What is the Layer 3 MPLS VPN roadmap of the service provider (for example, remote access, Internet access, and so on)?

• Does the service provider support shared services while providing business unit separation? What are the valued services offered (for instance, integrated Internet in the cloud, VoIP, video, IP telephony, messaging, and security)?

• How is IPSec implemented with Layer 3 service based on BGP-VPN, therein providing any-to-any connectivity?

• Is Interior Gateway Protocol (IGP) supported between the PE and CE routers?

• What support does the service provider offer to minimize the renumbering of addresses and parallel implementation of the existing WAN, such as LAN-Interconnect over Frame Relay until a migration from Layer 2 to Layer 3 is completed? How does the service provider manage "backdoor" links?

• What is the migration plan from the service provider?

• For the security implementation, how do service providers detect and diagnose against LSP mismerging? Which mechanisms are in place to ensure that a misconfiguration by the service provider will not expose an end customer (for example, VPN leaking from one customer VPN to another)?

• How does the service provider implement Internet access and security firewalls? Does the managed service include access to multiple service providers?

• What are the service redundancy and recovery mechanisms? How is load-balancing implemented?

• How scalable is the managed service offering? What is the number of supported routes per VPN? What is the maximum number of VPNs supported?

• How is the managed service packaged and priced such that there is beneficial TCO for the enterprise?

• Could the enterprise customer pilot the service?

• Does the service provider offer training workshops with enterprise IT and networking specialists?

• How viable is the service provider's business?

• Finally, does the service provider align its services (present and future) to the enterprise customer's requirements/roadmap (present and future)?

In addition to the previous questions, you need to determine whether the service provider understands the customer business and operational issues. For example, does the service provider inquire about the customer's applications and expectations concerning the user experiences with these applications when deploying over a Layer 3 MPLS VPN? Aligning customer expectations to the new Layer 3 MPLS VPN service offering should be part of the discussion between the service provider and the customer. Also, does the service provider have any awareness of the regulatory issues that might affect the customer? In the United States, for example, Sarbanes-Oxley legislation or the Health Insurance Portability and Accountability Act (HIPAA) and others must be considered. HIPAA has two sections: HIPAA Title I deals with protecting health insurance coverage for people who lose or change jobs. HIPAA Title II includes an administrative simplification section that deals with the standardization of healthcare-related information systems. In the information technology industries, this section is what most people mean when they refer to HIPAA. HIPAA establishes mandatory regulations that require extensive changes to the way that health providers conduct business.

HIPAA seeks to establish standardized mechanisms for electronic data interchange (EDI), security, and confidentiality of all healthcare-related data. The act mandates the following: standardized formats for all patient health, administrative, and financial data; unique identifiers (ID numbers) for each healthcare entity, including individuals, employers, health plans, and healthcare providers; and security mechanisms to ensure confidentiality and data integrity for any information that identifies an individual.

A service provider who can discuss these areas with the customer is more likely to provide a compliant service than one who simply asks, "How much bandwidth do you want?"

The list is not final but certainly represents best practice guidelines toward outsourcing for Layer 3 services.

Overall, the service provider experience in deploying managed Layer 3 MPLS VPN and the service fit to customer requirements are the most critical elements in assessing a service provider. Chapter 15 highlights these key aspects in the case study examples.