Chapter 8. MPLS VPN Network Management | Selecting MPLS VPN Services

This chapter covers the following topics:

Overview of the Main Implications for Network Management When an MPLS VPN Is Introduced
Guidelines for the Enterprise in Evaluating Service Provider Management Capability
Managing the VPN from an Enterprise Perspective
Guidelines for the Service Provider on How to Meet and Exceed Enterprise Expectations
Case Study: Troubleshooting a Problem with the Acme, Inc. VPN

So far, this book has concentrated on the technology and service offerings associated with Multiprotocol Label Switching (MPLS) virtual private networks (VPNs). All of this is of little value, however, if the service is not effectively managed from both enterprise and service provider perspectives. This chapter aims to educate both parties on the implications with network management when an MPLS VPN is introduced. As an introduction, it is useful to present an overview of network management before and after introducing the VPN.

In traditional WAN technologies, a VPN is created using what is termed the "overlay model" (see Figure 8-1). Branch offices and headquarters establish point-to-point links with one another. From a provisioning perspective, adding a new site typically involves experienced operators updating router-and-switch configurations at all other sites. This can be a time-consuming and error-prone process.

Figure 8-1. Overlay VPN

In contrast, MPLS-based VPNs use a peer model and Layer 3 connectionless architecture (see Figure 8-2). Provisioning a new site simply requires "peering" with a provider edge (PE) router as opposed to all other customer edge (CE) routers in the same VPN. In addition, the connectionless architecture allows for the creation of VPNs at Layer 3, eliminating the need for point-to-point tunnels or circuits.

Figure 8-2. MPLS VPN

Although the newer service may still require some manual intervention, it is clearly a more scalable model.

From a performance management perspective, the main differences emanate from the service-level agreements (SLAs) that are defined, particularly if quality of service (QoS) is being employed. QoS in a fully meshed connectionless architecture introduces specific requirements because the enterprise no longer controls the potential bottlenecksthis is now the responsibility of the service provider. For example, the PE-CE links could become saturated with traffic, which ultimately leads to degraded performance for end-user applications. To avoid this and to ensure that specific traffic types, such as voice, receive priority treatment, the service provider must provision QoS on the PE-CE links, and the enterprise must map its traffic onto this QoS model. Both parties also require specific monitoring techniques to ensure that SLAs are being met.

Fault management is probably the area of greatest impact to the service provider (and hence should be of great concern to the enterprise). With overlay VPNs, the main consideration is circuit availability. This can be monitored using techniques provided in the Layer 2 technologies (such as ATM Operation, Administration, and Maintenance [OAM]). MPLS VPNs are built on IP, which is a connectionless technology. In addition, the (relative) lack of maturity of MPLS and configuration requirements of VPNs at the PEs increase the risk of connectivity problems. New developments within the MPLS protocol suite are pivotal for maximizing network uptime and must form part of the enterprise and service provider strategies.