Cisco VPN service makes move to nets

Cisco Systems Inc. last week announced enhancements to its routing software designed to let service providers reap more revenue from their VPN services.

Called Managed Shared Services, the upgrades are intended to let IP VPN services move into the service provider network, where they can be shared, as opposed to replicating the services at each corporate customer’s VPN. Cisco says the result will be increased network efficiency, reduced traffic loads and simplified management for service providers through assumption of customers’ VPN operations and new offerings beyond providing connectivity.

Cisco’s ability to help service providers create value-added services was a theme of CEO John Chambers’ keynote last month at SuperComm.

Bell Canada was listening. The carrier offers managed IP VPN services using Cisco equipment, says Ashu Avasthi, portfolio manager for Bell Canada’s IP broadband solutions. Now in its 2003 service planning cycle, the carrier will examine Cisco’s Managed Shared Services to see if there’s a fit, he says.

Managed Shared Services support Multi-protocol Label Switching (MPLS)-based VPNs and include multicast, network address translation (NAT), On Demand Address Pools (ODAP) and VPN Select. These services, once housed inside the corporate network, now can migrate into the service provider’s network for new outsourcing revenue potential.

By reducing packet replication in the MPLS network, multicast VPNs are designed to minimize configuration time and complexity, increase network scalability and provide the ability to build services such as virtual multicast networks.

The NAT enhancements extend address translation for private IP addressing to the service provider network, allowing access to shared services from any VPN without losing the VPN association or compromising connectivity, Cisco says. ODAP automates the expansion of IP address pools contained in Dynamic Host Configuration Protocol servers, letting service providers more easily manage IP address spaces across multiple VPNs through a shared, network-based DHCP server, Cisco says.

VPN Select is designed to support broadband access to the MPLS VPN network. VPN Select lets remote users with high-speed links connect to corporate VPNs irrespective of their access providers, Cisco says.

VPN Select works much like route-control products, which try to steer traffic to the least-congested or least-costly route in a multihomed network. But instead of snooping or monitoring link performance like route control products, the service directs traffic from remote broadband users to a particular ISP’s VPN based on the user’s IP address and VPN association.

Analysts say Managed Shared Services is a good tactical first step, but that Cisco needs to provide a broader service strategy.

“I didn’t get their vision of future services carriers will be developing,” says Todd Hanson, an analyst at Gartner. If I’m on the fence, what is going to lead me to be a Cisco champion based on this announcement and show me the technology to support the business case?”

All the Managed Shared Services enhancements will be available in Cisco IOS later this year.

Cisco is online at