An industry standard to facilitate corporate VPNs that cross multiple carrier networks could be ready for a vote by year-end.
The MFA Forum, meeting in Ottawa, last month moved closer to an agreement about how carriers whose networks support Multi-Protocol Label Switching (MPLS) can give customers guarantees from network to network. Different carriers are doing their own QoS models to support corporate [MPLS] VPNs, says Andy Malis, chairman and president of the forum and a Tellabs employee.
“But,” he noted, “they don’t necessarily match up with each other.”
The standard, formally called an implementation agreement, will likely be voted on by MFA membership later this year, he says.
The MFA Forum is an industry group resulting from the merger of the MPLS & Frame Relay Alliance and the MPLS Forum last year.
The agreement will also address keeping business traffic private as it crosses network boundaries.
“The end customers need to feel secure that no other customer of the service provider is able to snoop in and see any of the packets they are transmitting through what really is a common network,” says Rick Wilder, MFA’s vice-president of technology and an employee of Alcatel.
Within one carrier network it is simple to demonstrate that kind of privacy, but it is not so easy when multiple networks and multiple privacy schemes are involved, he says. “Customers want to have that same level of assurance when their packets are going between service providers,” he says.
This can be accomplished by defining what information service providers share, making sure it is secure as it passes between MPLS networks and making sure the parties sharing the information are who they say they are, Malis says.
For example, carriers must share some information to link their networks, and the standard will set limits so each carrier can maintain privacy, he says.
“There are policies that quantify exactly how much routing information you’re allowed to have go across the interface,” Wilder says. “Very often the details for the routing protocols within one network are felt to be proprietary information that you don’t want to leak out into a competitor’s network.”
The draft of the standard calls for authenticating all control sessions that have to do with configuring services to prevent hackers from posing as trusted carrier partners trying to set up a VPN, for example, Malis says.
Currently, there isn’t much interconnection among MPLS carriers, but a standard will make it simpler and more attractive for them to cooperate, Wilder says. “Carriers do compete with each other and so they don’t completely trust each other,” Wilder says.