Cisco places big bet on MPLS VPN push

Cisco Systems Ltd. claims to have the answers to the complexity and inflexibility of virtual private networks. Last month, the company held a seminar in Toronto to discuss its latest push into the world of MPLS VPNs, a technology not new in itself, but one that Cisco says will finally eliminate internetworking and scalability issues.

Multiprotocol label switching (MPLS) is a routing technology that assigns IP packets label headers that determine the priority level of the packet as well as its destination. As the packet is routed throughout the network, the header is taken off and is replaced by a new one and is handed over to the next router. According to Cisco, this routing simplicity carries over into MPLS VPNs.

“MPLS VPNs extend the definition further to include any-to-any connectivity between logically defined groups of users,” said Chris Bazinet, solutions manager for Cisco Systems Canada in Toronto. “MPLS VPN can deliver customers secure connectivity at a similar cost to traditional Frame Relay and ATM, but where these solutions are inflexible and require complex designs, MPLS VPN service delivers flexibility that service providers were unable to offer before.”

And, according to Cisco, the business benefits are countless. For example, Bazinet noted that because MPLS VPN is a Layer-3 offering, features such as different classes of service provide benefit because bandwidth can be offered on an “as- and when-” needed basis. Bazinet added that there is better traffic management over the WAN because at Layer 3, all traffic can be identified, prioritized and forwarded based on customer-defined policies to ensure that mission-critical data gets through.

“There was an obvious need for something that would scale better, especially for service providers, because they have their huge complex networks to maintain,” Bazinet said. “[IP] will enable much quicker adoption of applications if you have a single control pane. It is easier for customers to come up with applications without having to deal with complex protocols.”

Such is the case for one service provider that made its MPLS service available last year. Bell Canada said that as its customers were looking to run applications on converged networks, it needed to come up with a solution that would address customer needs as well as application and additional WAN needs on the same platform.

“MPLS offered carriers the ability to converge all types of traffic and requirements within their core network,” said Ashu Avasthi, portfolio director with Bell Canada in Toronto. “As new IP applications are developed for customers, there are greater bandwidth requirements and greater needs for open standards as well as routing, and once again MPLS offered us the ability to offer things like bandwidth-on-demand.”

Avasthi added that Bell wanted to offer customers a migration path to IP. He said that with Bell’s MPLS-based VPN e-service, customers on legacy applications or legacy networks now have a clear path ahead of them.

However, according to Marion Stasney, senior analyst with the Yankee Group in Austin, Tex., Bell Canada is ahead of the loop in terms of deploying MPLS services to its customers. Although she did note that MPLS VPN is a viable alternative to the way VPNs are utilized today using IPSec or Layer 2 Tunneling Protocol, she said that there is a well-founded perception in the user community that MPLS-based VPNs just aren’t mature and reliable yet.

“The only way to be 100 per cent certain that the confidentiality of a packet is maintained throughout a network is to encode it at the desktop as it leaves,” Stasney said. “MPLS VPNs have been around for about three years, and there are as many as five carrier networks that are deploying MPLS (in the U.S.), but they use it internally. They don’t use it for services yet. [Bell Canada] is pretty progressive, however the perception remains that MPLS VPN is not ready yet.”

And according to AT&T researcher and security guru Steve Bellovin, MPLS creates serious network challenges for Internet backbone providers. Even more dire are the warnings about potential security and privacy problems for companies that deploy MPLS VPNs.

“Most security holes are caused by human error. With MPLS VPNs there’s

potential for a network administrator doing the provisioning wrong and losing the privacy of the communication,” Bellovin said, pointing out that MPLS VPNs do not automatically encrypt data.

Bellovin prefers VPNs using IPSec, an Internet Engineering Task Force-developed tunnelling technology with built-in encryption. With IPSec, if a communication is sent to the wrong person, that person can’t read it, he added.

– With files from IDG News Service.