Cisco to move VPN services into providers’ networks

Cisco Systems Inc. this week enhanced its routing software to enable service providers to reap more revenue from their VPN service offerings.

The additions, called Managed Shared Services, are intended to allow IP VPN services to move into a service provider network where they can be shared, versus replicating the same services to each individual corporate customer’s VPN. The result, Cisco claims, will be increased network efficiency, reduced traffic loads, simplified management and increased revenue opportunities for service providers through assumption of customers’ VPN operations and new service offerings.

Indeed, Cisco’s ability to help service providers create “value-added services” above and beyond basic connectivity was a theme drummed home by Cisco CEO John Chambers at last month’s SuperComm 2002 show in Atlanta.

Bell Canada is listening. The carrier currently offers managed IP VPN services using Cisco equipment, says Ashu Avasthi, portfolio manager for Bell Canada’s IP broadband solutions. The carrier is now in its 2003 service planning cycle and will examine Cisco’s Managed Shared Services to see if there’s a fit for next year’s offerings, Avasthi says.

Managed Shared Services support MPLS-based VPNs and include multicast, Network Address Translation (NAT), On Demand Address Pools (ODAP) and VPN Select. These services, once housed inside a corporate network, can now migrate into the service provider’s network for new outsourcing revenue potential.

By reducing packet replication in an MPLS network, multicast VPNs are designed to minimize configuration time and complexity, increase network scalability, and provide the ability to build services such as virtual multicast networks. Without native multicast support, many existing networks cannot handle wide-scale distribution of large data, voice, and video streams for applications such as multimedia, financial transactions and telecommuting, Cisco says.

The NAT enhancements extend address translation for private IP addressing to a service provider network, allowing access to shared services from any VPN without losing the VPN association or compromising connectivity, Cisco says. ODAP automates the expansion of IP address pools contained in Dynamic Host Configuration Protocol (DHCP) servers, enabling service providers to more easily manage IP address spaces across multiple VPNs through a shared, network-based DHCP server, the company claims.

NAT and ODAP for MPLS VPNs are designed to ensure the integrity and functionality of existing corporate addressing schemes once they migrate into a service provider network.

VPN Select is designed to support broadband access to the MPLS VPN network. VPN Select allows remote users with high-speed links to connect to a corporate VPN irrespective of their access providers, Cisco says.

In essence, VPN Select works much like route-control products, which attempt to steer traffic to the least congested or least expensive route in a multihomed network. But instead of snooping or monitoring link performance like route-control products, VPN Select steers traffic from remote broadband users to a particular ISP’s VPN based on the user’s IP address and VPN association.

Analysts say Managed Shared Services is a good tactical first step, but Cisco needs to provide a broader service strategy.

“I’m excited about the greater commitment to MPLS and the creation of MPLS-based services,” says Todd Hanson, an analyst at Gartner Group. “But I didn’t get their vision of future services carriers will be developing. If I’m on the fence, what is going to lead me to be a Cisco champion based on this announcement, and show me the technology to support the business case?”

All of the Managed Shared Services enhancements will be available in Cisco IOS later this year.