Service Provider, Dedicated, and Access VPNs

In the old world, service providers emphasized lower-layer transport services, such as leased lines and Frame Relay. In the new world, service providers work with business customers to meet their networking requirements through the use of VPNs. The service provider VPNs, otherwise called provider dependant VPNs, are one of the key technologies that service providers will use to stay competitive in the years ahead. VPNs deliver enterprise-scale connectivity that is deployed on a shared infrastructure with the same policies that are deployed in a private network. A VPN can be built on the Internet or on a service provider's IP, Frame Relay, or Asynchronous Transfer Mode (ATM) infrastructure.

Today, this solution is known as a dedicated VPN. It is related to legacy VPNs, and is built on virtual leased lines.

Another service offering is called Remote Access to Multiprotocol Label Switching Virtual Private Network (RA to MPLS VPN), ^[1] which enables remote users to connect to the corporate network. This service handles remote access connectivity for mobile users, telecommuters, and small offices through dial, ISDN, DSL, cable, and wireless technologies. This solution is also known as an access VPN. It is shown in Figure 19-1.

From the standpoint of the service provider, the MPLS is typically a full or partial mesh or hub and spoke topology, depending on how the customer wants to connect their sites. From the standpoint of the potential user, MPLS is typically offered by a service provider as a site-to-site VPN service. The provider builds a private IP-based network, and offers multiple customers IP connectivity between their sites across this network. The technology allows individual customers to view the MPLS service as if they had a private IP network connecting their sites. This scenario offers customers the same advantages of a Layer 2 private network, such as Frame Relay or ATM, but with the scalability and the manageability of a Layer 3 network. Also, because MPLS runs across a private IP-based network rather than the Internet, the service provider can provide differentiated levels of service (quality of service [QoS]) and service-level agreements (SLAs) to its customers. However, because MPLS is based on a service provider's private network, the reach of the service is limited to locations where the provider operates.

The RA to MPLS VPN solution provides flexible options to the existing MPLS VPN. Currently, a service provider can create a scalable and efficient VPN across the core of its network for each customer with MPLS VPN through dialup, DSL, and Data-over-Cable Service Interface Specifications (DOCSIS).

NOTE

In January 2002, Cisco received notification that its uBR7246VXR Universal Broadband Router passed CableLabs qualification for DOCSIS 1.1. Based on this qualification, the Cisco uBR7246VXR is the first Layer-3 routed cable modem termination system (CMTS) to receive DOCSIS 1.1 qualification.

With the introduction of RA to their MPLS VPN service, the service provider can now integrate various additional access methods into their VPN services. This permits the service provider to offer an extended bundle of end-to-end VPN service to its Internet service provider (ISP) or enterprise customers. Major new directions are new media, such as wireless and satellite, and multiprotocol VPNs. The newly announced Cisco Any Transport Over MPLS (AToM)^[2] integrates Layer 2 tunneling and MPLS networks. By using IP-based MPLS with IPSec/Layer 2 Tunnel Protocol (L2TP) solutions, providers can create virtual leased lines that improve scalability, and implement QoS features that are typical for MPLS.