7.5 Virtual Networks

Carrier-provided networks that function like private networks are referred to as VPNs. Although VPNs today are often thought of in terms of tunneling data through the Internet, the term originally applied to sending private voice traffic through a software-defined network. Under that concept, corporations can minimize the operating costs and staffing requirements associated with private networks. In addition, they obtain the advantages of dealing with a single carrier, rather than the multiple carriers and vendors that are normally involved in setting up and maintaining a large private network.

The first VPNs were voice-oriented and later data capabilities were added over the same switched-network infrastructure. Eventually, frame relay and ATM technologies provided the basis for data-oriented broadband VPNs, with the IP providing an increasingly popular low-cost alternative.

AT&T introduced the first VPN service in 1985. Its software defined network (SDN) is a voice-only service offered as an inexpensive alternative to private networks comprised of leased lines. In essence, this is a custom-switched telecommunications service that permits companies to establish communications paths between PBX systems using uniform dialing plans. The service relies on access lines to designated AT&T central offices. Intrastate SDN Service is an add-on to interstate SDN Service.

MCI followed up with Vnet and Sprint with VPN Service. These networks included PBX interconnectivity, global reach, calling cards for on-net calls from any location, calls made from cellular phones, and low-speed data—all combined under a single discount plan and single service umbrella with expanded opportunities for cost savings.

7.5.1 Advantages of VPNs

VPNs came to be a viable alternative for obtaining private network functionality without the overhead associated with acquiring and managing leased lines. VPNs offered several other advantages as well, including the following:

• The ability to assign access codes and corresponding class-of-service restrictions to users; these codes can be used for internal billing, to limit the potential for misuse of the telecommunications system, and to facilitate overall communications management.

• The ability to consolidate billing, resulting in only one bill for the entire network.

• The ability to tie small remote locations to the corporate network economically, instead of using expensive dial-up facilities.

• The ability to meet a variety of needs (e.g., switched voice and data, travel cards, toll-free service, international and cellular calls) using a single carrier.

• The availability of a variety of access methods, including switched and dedicated access, 700- and 800-dial access, and remote calling card access.

• The availability of digit translation capabilities that permit corporations to build global networks using a single carrier. Digit translation services can perform seven-to-ten-digit, ten-to-seven-digit, and seven-to-seven-digit translations, and can convert domestic telephone numbers to international direct distance designator (IDDD) numbers via ten-to-IDDD and seven-to-IDDD translation.

• The ability to have the carrier monitor for network performance and reroute around failures and points of congestion.

• The ability to have the carrier control network maintenance and management, reducing the requirement for high-priced in-house technical personnel, diagnostic tools, and spares inventory.

• The ability to configure the network flexibly, via on-site management terminals that enable users to meet bandwidth application needs and control costs.

• The ability to access enhanced transmission facilities, with speeds ranging from 56 Kbps to 384 Kbps and 1.536 Mbps, and plan for the migration to broadband services.

• The ability to combine network services pricing typically based on distance and usage with pricing for other services to qualify for further volume discounts.

• The ability to customize dialing plans to streamline corporate operations. A dealership network, for example, can assign a unique four-digit code for the parts department. Then, to call any dealership across the country to find a part, a user would simply dial the telephone number prefix of that location.

7.5.2 VPN Architecture

The architecture of the VPN makes use of software-defined intelligence residing in strategic points of the network. AT&T’s SDN, for example, consists of access control points (ACPs) connected to the PBX via dedicated or switched lines. The ACPs connect with the carrier’s network control points (NCPs), where the customer’s seven-digit on-net number is converted to the appropriate code for routing through the virtual network (see Figure 7.6).

Figure 7.6: The architecture of AT&T’s Software Defined Network.

Instead of charging for multiple local access lines to support different usage-based services, carriers allow users to consolidate multiple services over a single T1 access line. A user who needs only 384 Kbps for a data application can, for example, can fill the unused portion of the access pipe with 18 channels of voice traffic in order to justify the cost of the access line. At the carrier’s cross-connect system, the dedicated 384-Kbps channel and 18 switched channels are split out from the incoming DS1 signal. The 384-Kbps DS0 bundle is then routed to its destination, while the voice channels are handed off to the carrier’s Class 4 switch, which distributes the voice channels to the appropriate service.

VPN service providers offer a variety of access arrangements targeted for specific levels of traffic, including a single-voice frequency channel, 24 voice channels through a DS1 link, and 44 voice channels through a T1 link equipped with bit-compression multiplexers. Providers also offer a capability that splits a DS1 link into its component 64-Kbps DS0s at the VPN serving office for connection to off-net services.

The same DS1 link can be used for a variety of applications, from 800 service to videoconferencing, thereby reducing access costs. Depending on the carrier, there may be optional cellular and messaging links to the VPN as well. Even phone card users can dial into the VPN, with specific calling privileges defined for each card. All of a company’s usage can be tied into a single invoicing structure, regardless of access method.

7.5.3 VPN Features

VPNs allow businesses and government agencies to define their own networks by drawing on the intelligence embedded in the carrier’s network. This “intelligence” is actually derived from software programs that reside in various switch points throughout the network. With services and features defined in software, users are afforded greater flexibility and cost savings in configuring their networks than is possible with hardware-based services. In fact, a customer’s entire virtual network can be reconfigured simply by changing the operating parameters in a network database. The following options are available:

• Flexible routing: Enables the telecom manager to reroute calls to alternate locations when a switch node experiences a problem or during peak-hour traffic congestion. This feature can also be used to extend customer service business hours across multiple time zones.

• Location screening: Allows the telecom manager to define telephone numbers that cannot be called from a given VPN location. This helps contain call costs by disallowing certain types of outbound calls.

• Originating call screening: Gives the telecom manager the means to create caller groups and screening groups. Caller groups identify individuals who have similar call restrictions, while screening groups identify particular telephone numbers that are allowed or blocked for each caller. Time intervals can also be used as a call screening mechanism, allowing or blocking calls according to time-of-day and day-of-week parameters.

• Exchange number (NNX) sharing: Allows VPN customers to reuse NNXs at different network locations to set up seven-digit on-net numbering plans. This provides dialing consistency across multiple corporate locations.

• Partitioned database management: Enables corporations to add subsidiaries to the VPN network while providing for flexible, autonomous management when required by the subsidiaries to address local needs. The VPN can even transparently interface with the company’s private network or the private network of a strategic partner. In this case, the VPN caller is not aware that the dialed number is a VPN or private network location because the numbering plan is uniform across both networks.

• Automatic number identification (ANI): Allows telephone numbers of incoming calls to be matched to information in a database; for example, the computer and telecommunications assets assigned to each employee. When the call comes through to the corporate help desk, the ANI data is sent to a host, where it is matched with the employee’s file. The help desk operator can have all relevant data available immediately to assist the caller in resolving the problem.

7.5.4 Billing Options

One of the most attractive aspects of VPN services is customized billing. Typically, users can select from among the following billing options:

• The main account can obtain all discounts under the program. In some cases, even the use of wireless voice and data messaging services can qualify for the volume discount.

• Discounts can be assigned to each location according to its prorated share of traffic.

• A portion of the discount can be assigned to each location based on its prorated share of traffic, with a specified percentage assigned to the headquarters location.

• Usage and access rates can be billed to each location, or subsidiaries can be billed separately from main accounts.

• Billing information and customized reports can be accessed at customer premises equipment (CPE) or provided by the carrier on diskette, microfiche, magnetic tape, tape cassette, or CD-ROM, as well as in paper form.

• A name substitution feature allows authorization codes, billing groups, telephone numbers, master account numbers, dialed numbers, originating numbers, and credit card numbers to be substituted with the names of individuals, resulting in a virtually numberless bill for internal distribution. This prevents sensitive information from falling into the wrong hands.

In addition, VPN service providers offer rebilling capabilities that can use a percentage or flat-rate formula to mark up or discount internal telephone bills. Billing information can even be summarized in a number of graphical reports, such as bar and pie charts. Carrier-provided software is available that allows users to work with call detail and billing information to generate reports in a variety of formats. Some software even illustrates calling patterns with maps.

7.5.5 Network Management

Management and reporting capabilities are available through a network management database that enables telecom managers to perform tasks without carrier involvement. The network management database contains information about the network configuration, usage, equipment inventory, and call restrictions. Once the telecom manager gains access to the database, he or she can set up, change, and delete authorization codes and approve the use of capabilities such as international dialing by caller, workgroup, or department. The telecom manager can also redirect calls from one VPN site to another to allow, for example, calls to an East Coast sales office to be answered by the West Coast sales office after the East Coast office closes for the day. Once the telecom manager is satisfied with the changes, they can be uploaded to the carrier’s network database and take effect within minutes.

Telecom managers can access call detail and network usage summaries, which can be used to identify network traffic trends and assess network performance. In addition to being able to download traffic statistics about dedicated VPN trunk groups, users can receive 5-, 10-, and 15-minute trunk group usage statistics an hour after they occur; these statistics can then be used to monitor network performance and carry out traffic engineering tasks. Usage can be broken down and summarized in a variety of ways, such as by location, type of service, and time of day. This information can be used to spot exceptional traffic patterns that may indicate either abuse or the need for service reconfiguration.

Via a network management station, the carrier provides network alarms and traffic status alerts for VPN locations using dedicated access facilities. These alarms indicate potential service outages (e.g., conditions that impair traffic and could lead to service disruption). Alert messages are routed to customers in accordance with preprogrammed priority levels, ensuring that critical faults are reviewed first. The system furnishes the customer with data on the specific type of alarm, direction, location, and priority level, along with details about the cause of the alarm (e.g., signal loss, upstream failed signal, or frame slippage). The availability of such detail permits telecom managers to isolate faults immediately.

In addition, telecom managers can request access-line status information and schedule transmission tests with the carrier. The network management database describes common network problems in detail and offers specific advice on how to resolve them. The telecom manager can submit service orders and trouble reports to the carrier electronically via the management station. Also, telecom managers can test network designs and add new corporate locations to the VPN.

7.5.6 Local VPN Service

A more recent development in the voice-oriented VPN market is the emergence of local service whereby some regional Bell operating companies allow corporate customers to manage their in-region calls using the public network as if it were their own private network. This allows customers to do such things as access their voice network remotely, make business calls from the road or home at business rates, originate calls from remote locations while billing them to the office, and block calls to certain telephone numbers or regions. Uniform pricing and billing plans can also be arranged for all of the customer’s locations to reduce the administrative costs involved with reviewing billing statements, even if each location uses a different carrier.

The service allows large business customers to configure components of the public-network like a customized private network without the expense of dedicated lines or equipment. The service is also compatible with Centrex services, PBX systems, or other CPEs.