New WAN Technologies for Consideration by Acme

Previous page
Table of content
Next page

Acme's current business priorities are certainly not uncommon. As Acme becomes more close-knit as a global enterprise, its IT department must be prepared to handle a dramatic shift in its application load. The network architect at Acme should consider several technologies to achieve the business goals that Acme has set out.

Acme should start by considering Layer 3 (L3) IP/MPLS VPNs. This technology allows Acme to effectively outsource the core of its WAN; eliminate the effort necessary to plan and build a complex, distributed-hub architecture; and take advantage of a service provider's network scale. This type of service typically brings significant cost savings for a full-mesh network, the cornerstone of large-scale enterprise collaboration. Without L3 IP/MPLS VPNs, Acme may find itself working very hard to manage an optimum-latency network.

L3 IP/MPLS VPNs permit the SP core to perform traffic routing based on the customer's IP routing information.

Another technology that Acme could consider is the use of Layer 2 (L2) VPN services. These services, when built on an IP/MPLS network, let Acme retain complete control over the L3 routing within its network, because the service provider does not exchange IP routing information. Acme has its choice between a couple of L2 VPN services, a point-to-point service based on Virtual Private Wire Service (VPWS), and a multipoint emulated LAN based on Virtual Private LAN Service (VPLS). Acme may look to consolidate some metropolitan-area sites into a VPLS-based metropolitan-area network (MAN) and then uplink the MAN into the L3 IP/MPLS VPN WAN.

The following sections contain more-detailed descriptions of these services.

Layer 3 IP/MPLS VPN Services

Acme's network architect believes that L3 IP/MPLS VPN services are precisely what it wants to provide a foundation for its enterprise WAN and to support its business initiatives.

The IP/MPLS VPN solution is based on IETF RFC 2547. This mechanism has wide industry support for network-based VPNs and is quickly becoming a common standard across the globe for IP connectivity.

IP/MPLS VPN Service Topologies and Provisioning

L3 IP/MPLS VPN virtualizes the core of the service provider network, allowing the network cloud to route traffic to its destination based on the enterprise's IP routing table, shared with the SP network. This means that the enterprise is no longer required to design and maintain a mesh of hub locations and interconnecting links. Instead, every site is an end site on the cloud, and the enterprise needs to manage only a single port to the cloud. L3 IP/MPLS VPN also simplifies the capacity planning that an enterprise must perform on its network.

Figure 1-4 shows the enterprise's role in engineering networks based on existing time-division multiplexing (TDM), ATM, or Frame Relay technology. Figure 1-5 shows the role in L3 IP/MPLS VPN-based networks. The dashed, curved portions of the network detailed in Figure 1-4 represent PVCs that the enterprise must engineer, provision, and manage for capacity. In contrast, this requirement of the enterprise is eliminated in the L3 IP/MPLS VPN, where intelligent routing takes the place of the PVC provisioning. Also note the bandwidth provisioning; instead of determining point-to-point capacities, the enterprise network staff needs to maintain only capacity planning on a site-by-site basis.

Figure 1-4. Layer 2 Network Provisioning


Figure 1-5. Layer 3 IP/MPLS VPN Network Provisioning


To the enterprise network engineer, the connection from a site to the L3 IP/MPLS VPN cloud looks like a connection to another router in the enterprise's network. External routing protocols such as BGP, or internal routing protocols such as OSPF, RIP, or EIGRP, exchange routing information with the service provider's provider edge (PE) router. The routes are then carried across the service provider's IP/MPLS network in multiprotocol BGP.

In addition, many of the required enterprise network capabilities, such as QoS and IP multicast, can be supported by the IP/MPLS VPN service. These services are provisioned natively, like routing protocols, and appear as if another enterprise router were on the other side of the link.

The key difference between this technology and a typical outsourced WAN is that a single service provider network built once with L3 IP/VPN technologies can be sold many times to many customers, as opposed to a service provider or outsourcer designing an individual WAN for each customer. This results in an economy of scale, which translates into higher value and overall lower WAN costs to the enterprise customer.

Access to the L3 IP/MPLS VPN service can be via any Layer 2 technology. Between the customer edge (CE) router located at the enterprise site and the PE router at the service provider, traditional technologies such as leased line, ATM, and Frame Relay may be used. Alternatively, newer access technologies such as metro Ethernet may be used. The availability of Frame Relay or ATM access to an L3 IP/MPLS VPN service provides a very smooth migration path from an existing network to L3 IP/MPLS VPNs.

The L3 IP/MPLS VPN service also eliminates the enterprise's need to lease facilities and rack space for network equipment in hub locations. Because the intelligence is built in to the service provider network, the enterprise need not interconnect point-to-point PVCs or circuits on its own network equipment and key routing points in the network.

IP/MPLS VPN: A Foundation for Network Services

L3 IP/MPLS VPN technologies offer a better integration capability for advanced network services. Instead of designing special connectivity for a service provider-offered service, such as VoIP gateways to the PSTN, a service provider may be able to integrate the service simply by importing the enterprise routes to and from the customer's VPN into the service VPNs.

IP/MPLS VPN Transparency

One of the most important aspects that must be considered in an L3 IP/MPLS VPN service is its transparency. Enterprises such as Acme that have operated a network for some time have established key parameters for the operation of their networks. Items such as classes of service and their associated Differentiated Services Code Point (DSCP) values, the routing protocol used across the network, and IP multicast capability are required in Acme's network, and the introduction of L3 IP/MPLS VPN service should not force Acme to reengineer its network to make the service fit. One could say that there is a good reason to call it a virtual private networkthe idea that it needs to look very much like Acme's own private network.

IP/MPLS VPN Network Management and SLAs

In Layer 2-based networks, enterprises have control over the entire L3 network, allowing unrestricted troubleshooting capability across the network. In L3 IP/MPLS VPN services, there is now a shared responsibility for the L3 aspects of the network between the enterprise and service provider, which can make management and monitoring more complex.

One of the hottest topics between enterprises and their service providers today is the service-level agreement (SLA). As enterprises grow increasingly dependent on a converged communications infrastructure, the enterprise network manager expects more from his service providers. Technologies such as voice, video, and storage networking place strict demands on certain characteristics of a data network, such as delay and jitter. Before the IP network adopted these traffic types, delay and jitter requirements were fairly loose. Because L3 IP/MPLS VPN focuses on delivering QoS, the proper capabilities and toolsets for managing SLAs with these characteristics are available and are a key part of the network service.

Finally, enterprises must consider the management of the service. In most cases, the service provider offers a fully managed service or an unmanaged service or both. In the case of the fully managed service, the service provider supplies and fully manages the configuration, monitoring, and troubleshooting of the CE router and attached WAN connectivity using its tools and procedures. An unmanaged service allows the enterprise to maintain the configuration and management of the CE routers, leaving the service provider to manage only the PE routers. The former (fully managed service) is slightly less flexible to the enterprise but allows the service provider to offer a more complete SLA, having control over the entire wide-area portion of the network. The latter allows the enterprise more control to use its measurement and monitoring tools. Later chapters discuss the differences between the models and introduce some hybrids between the two, depending on enterprise and service provider requirements.

Enterprise Vendor Management Approach

The selection of L3 IP/MPLS VPN will most likely change an enterprise's approach to vendor selection, or the choice of multiple vendors versus a single vendor. An enterprise leveraging L3 IP/MPLS VPNs essentially pushes some of the tasks formerly performed by the enterprise into the service provider cloud. Working with a single service provider within an L3 IP/MPLS VPN environment is more advantageous than working with multiple service providers.

L3 IP/MPLS VPN technologies are designed to allow for some interprovider communication for VPNs; however, service providers must address the major impacts associated with sharing customers in a multiprovider mesh:

  • Who is responsible for being the customer's primary contact?

  • How can the service providers partner without risking future business?

  • How will multiple providers agree on common handling of specific QoS types across the multiprovider mesh?

  • How many provider interconnects are necessary to maintain an optimal network mesh?

The challenges of engineering the number and location of physical meet points, as well as the QoS and other handoff parameters, make it difficult for service providers to offer provider interconnection points as a general-purpose service. In most cases, these interconnection points require the same, or even additional, overhead when compared to an enterprise site performing the handoff between networks. As service providers begin to conquer some of the business challenges facing them with regard to interprovider IP/MPLS VPNs, a solution for a global, multiprovider IP/MPLS VPN mesh may be viable and may be the best choice for the enterprise.

Extranet Integration in IP/MPLS VPN Networks

IP/MPLS VPN services also let a service provider offer an extranet service for enterprise networks. This service can be extremely valuable in the integration of enterprises participating in communities of interest. For example, Acme is one of many machine and tool manufacturers participating in a parts supply exchange operated by key manufacturing customers. The L3 IP/MPLS VPN allows Acme's network to interconnect with others in the community of interest and exchange data securely. The security of this arrangement must be carefully engineered, however, so that partners (who may be competitors) on the same network cannot access each other's networks through the VPN service.

Layer 2 IP/MPLS VPN Services

In addition to the L3 IP/MPLS VPN service targeted for large-scale WAN deployments, IP/MPLS networks also enable two Layer 2 VPN services: VPWS and VPLS. Depending on enterprise requirements, these services can be used for point-to-point requirements or metropolitan-area aggregation.

The technology used by the service provider that offers VPWS- and VPLS-based services is usually hidden from the enterprise customer. To the enterprise, these services look like other standard interconnection technologies: private-line, ATM, Frame Relay, or Ethernet.

One of the primary benefits of VPWS- and VPLS-based services is that they allow the service provider to converge its independent networks. Instead of maintaining separate ATM, Frame Relay, Synchronous Optical Network (SONET), and IP networks and maintaining customer interfaces to each network, service providers can now focus on a single IP/MPLS network as a base infrastructure and offer many different customer services from that network. This results in a lower cost for the service provider infrastructure and ultimately is reflected in the service price to the customer.

VPWS

A service based on VPWS technology offers point-to-point connectivity, much like leased line, ATM, and Frame Relay. VPWS-based services can be delivered in any number of common Layer 2 methods: direct high-level data link control (HDLC) or PPP (emulated private line), ATM or Frame Relay, or Ethernet VLANs.

An additional advantage of the flexibility of VPWS-based services is that the access method used on one side of the service does not have to be the same as the other. For example, an enterprise's HQ location may utilize metro Ethernet as an aggregation technology to connect many branch sites that use HDLC or PPP encapsulation on T1s.

An enterprise typically uses VPWS-based services in the same fashion it would use other WAN technologies. After all, to the enterprise network administrator, the service is transparent and actually looks like a leased line, ATM, Frame Relay, or Ethernet trunk.

The enterprise's primary benefit (cost) is indirectly realized through an economy of scale offered to the service provider. Service providers now can build a single IP/MPLS network to offer these services that formerly required independent dedicated networks. However, this technology does not offer any reductions in the effort required to manage and operate the enterprise network. Because these services are presented to the enterprise like any other WAN technology, the enterprise must still focus on laying out a WAN topology design and perform capacity planning with point-to-point circuits or virtual circuits.

Figure 1-6 shows possible uses of VPWS-based services by an enterprise.

Figure 1-6. Sample Enterprise Use of VPWS-Based Services


Some service providers are looking at offering provisionless VPWS-based services, where the network automatically generates a full mesh of VCs between endpoints in a service. This removes the need for the service provider to implement a specific enterprise's VC layouts. Instead, the service provider offers all remote locations in individual VLANs, DLCIs, or ATM VCIs, and the enterprise is responsible for building and configuring a hub-and-spoke, partial-mesh, or full-mesh topology. It offers unlimited flexibility in network layout for an enterprise; however, this can lead to suboptimal networks.

One immediate concern is the number of routing protocol adjacencies created on individual subinterfaces for a full-mesh VPWS network. Most IGP routing protocols face scalability problems as the number of locations grows in such a network. One local route update may quickly multiply into tens or even hundreds of route updates into the VPWS cloud as each remote CE neighbor is notified, affecting router CPU and QoS queues and possibly even dropping route update packets.

Additionally, if an enterprise does not understand its service provider's fiber paths and topology, it may choose to establish backbone links between two locations that are not well connected in the service-provider topology. Consider Figure 1-7. In this topology, you can see that the enterprise has built a backbone link for its network from San Francisco to Boston. The path for this VPWS service across the service provider network, however, is from San Francisco to Los Angeles to Atlanta to Boston. When the enterprise connects its branch office in San Diego to the San Francisco backbone site, and its branch office in Miami to the Boston backbone site, the traffic experiences significant backhaul latency. Traffic between San Diego and Miami must flow over the service provider network from San Diego to San Francisco via Los Angeles, from San Francisco to Boston via Los Angeles and Atlanta, and from Boston to Miami via Atlanta. Much of the traffic takes the same route twice.

Figure 1-7. Enterprise Provisioning Paths


VPLS

VPLS-based services extend the functionality of VPWS to create a multipoint network, emulating LAN functionality to the enterprise. VPLS-based services are used to create a virtual LAN among the sites attached to the service. The service provider network PE routers make forwarding decisions based on Layer 2 addresses (for example, MAC addresses on Ethernet).

VPLS services offer the enterprise some of the same benefits as L3 IP/MPLS VPNs. Because it is a multipoint architecture, the enterprise need not be concerned with the capacity management or provisioning of individual point-to-point links. Adding a site to a network is as simple as turning a new site's port into the VPLS-based service.

However, the scalability of VPLS-based services is fairly limited, for a few reasons:

  • Because VPLS-based services emulate a Layer 2 segment between sites, routing protocols such as RIP and EIGRP require all enterprise routers attached to the service to form routing protocol adjacencies with each other. As the number of routers grows, some routing protocols can experience higher route convergence times. This can have a noticeable impact on real-time applications.

  • Because VPLS-based services are a full-mesh emulation of a Layer 2 multiaccess network, a failure of an individual pseudo-wire can result in a split topology or a loss of connectivity to a site on the network.

  • IP multicast across the emulated Layer 2 mesh is broadcast to all sites on the service, not just those that want the traffic. Because VPLS services rely on an automatically generated full mesh of VPWS connections as transport for the traffic, each service provider PE router must send multicast and broadcast packets n times for n sites, resulting in wasted bandwidth.

  • The service provider network uses Layer 2 (MAC) addresses to decide where traffic should be forwarded. In some designs, the number of MAC addresses used by an enterprise may overwhelm the service's capabilities (such as when a VPLS-based service is used to bridge remote LANs containing workstations and servers). If the service provider limits MAC addresses to a maximum number, the enterprise might experience intermittent connectivity or have difficulty troubleshooting the problem. In addition, the enterprise may find it has to pay surcharges for the service provider to accept a larger number of MAC addresses. In addition, there is no way to indicate MAC addresses that may be of a higher priority, and the network drops traffic indiscriminately.

For these reasons, it is anticipated that VPLS-based services will be used on a limited basis. Enterprises will likely use these services primarily in MANs where a smaller number of enterprise sites are connected and bandwidth is plentiful and inexpensive. L3 IP/MPLS VPNs will be used for larger networks because of their scalability.



Previous page
Table of content
Next page
Selecting MPLS VPN Services
Selecting MPLS VPN Services
ISBN: 1587051915
EAN: 2147483647
Year: 2004
Pages: 136
Authors: Chris Lewis, Steve Pickavance
BUY ON AMAZON
Lotus Notes and Domino 6 Development (2nd Edition)
Java How to Program (6th Edition) (How to Program (Deitel))
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
What is Lean Six Sigma
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy