Johna Till Johnson: Crafting service-level agreements for IP VPNs

Eye on the Carriers

Carriers are rolling out a plethora of IP VPN services, and these can serve as enhancements to – or replacements for – conventional frame relay/ATM services. But before a network executive signs off on an IP VPN contract, he or she should nail down a solid set of service-level agreements (SLA) to ensure effective delivery and support.

Here are a few key elements that are essential to include in every SLA:

1. Provisioning time. As with frame relay and ATM, a key factor in the effective delivery of IP VPNs is the time it takes for the service to be provisioned. For network-based VPNs, this period includes two distinct phases: local-access provisioning, during which the local loop is connected to the customer site; and service provisioning, during which the IP VPN service is configured and “turned on.”

(For customer premises equipment-based VPNs, the delivery, configuration and installation of the CPE-based device constitutes a third phase.)

The optimal scenario from a user’s perspective is for the IP VPN services to be provisioned across an existing local access link. In that case, provisioning should require no more than a week and sometimes considerably less. If the local loop must also be provisioned, time frames of six to eight weeks are more common.

Bottom line: Provisioning times that exceed the agreed-upon period – regardless of cause – should carry severe penalties, up to and including contract cancellation at the user’s option.

2. Performance. The key component effecting performance of IP VPNs is latency, which has a direct impact on end-user application response time. The catch is that service providers typically measure latencies across their networks, but the really meaningful metric is per-tunnel latency measured from the user’s site. Otherwise, delays such as buffering in the customer’s CPE router or VPN device could hurt application performance.

SLAs should always specify how latency is measured – including, if possible, the specific tools that will be used – and include severe penalties for exceeding agreed-upon thresholds.

3. Security. Not all IP VPNs are equally private. Some rely on encryption technologies, such as IP Security, which ensure a high degree of privacy even for tunnels that operate across the Internet. Others use Multi-protocol Label Switching, which may or may not include encryption, depending on how the service provider has opted to architect the network.

Bottom line: To avoid unpleasant surprises, users should be clear on the level of privacy they require and ensure that definition is reflected accurately in the SLAs.

4. Availability. Most service providers are happy to offer network availability statistics, which always seem to be five nines or greater. But from a user’s standpoint, the relevant metric is the availability of the user’s network, that is, the cumulative availability of all the user’s site-to-site links.

As with performance, it’s essential to include a clear definition of availability, including, if possible, a description of the specific tools that will be used to measure it.

Johnson is senior vice-president and CTO for Greenwich Technology Partners, a network consulting and engineering firm. She can be reached at