Service providers have various options in the way in which they can offer outsourced IP virtual private network (VPN) services to customers.
The original service offerings were mostly customer premises equipment (CPE)-based. In such services, service providers deploy and manage CPE VPN gateways (in other words, dedicated VPN appliances or VPN-enabled routers/firewalls) at customer sites. IPSec tunneling is used to provide the required security for communication between sites over public Internet infrastructure.
Most major VPN service providers are now also offering one or more network-based IP VPN services. There are three types of network-based VPN services:
- Network-based IPSec
- MPLS (Multi-Protocol Label Switching)
- Virtual routers over an ATM backbone
In network-based IPSec service, the service provider initiates and terminates IPSec tunneling at network VPN gateways located at edge POPs. IP service switches or edge routers with VPN service capabilities are used as network VPN gateways. Qwest was the first service provider to deploy network-based IPSec service in the U.S., and continues to pursue this strategy globally. MPLS services and virtual router services are other forms of network-based services that are implemented over a service provider's closed or private IP network. With these services, the customer can access the network edge POP with a single frame relay or ATM PVC, and the network VPN gateway provides the routing intelligence enabling any-to-any connectivity between sites. Security is equivalent to a layer 2 frame relay or ATM VPN service, and IPSec tunneling/encryption is not typically used.
The key motivator for service providers to adopt network-based VPN services is that they gain considerable capital and operational cost savings over deploying CPE-based service. Economies of scale are achieved in using one network VPN gateway to provide service for multiple customer sites in an area. Operational cost savings are derived from the service provider not having to make truck rolls to install or repair CPE, and the ability to centrally provision services. Another advantage of network-based services is that additional services, such as, classes of service for different priority applications, can also be offered. Equant was one of the first service providers to deploy an MPLS service with classes of service.
In-Stat/MDR expects network-based services to grow rapidly in popularity. Most service providers are recognizing the strategic advantages of such services, and end users will be attracted by the lower prices and new service options available.
Network-Based Services Become Key IP-VPN Offering
First published on August 9, 2002
By Henry Goldberg
Are network-based IP VPN services reason enough to outsource your VPN needs? TalkBack below or e-mail us with your thoughts.
