VPNs: Answers to Six Burning Questions
VPNs are well established as essential tools for corporate communications, but they are not all created equal. Here are six questions and their answers that can help you make decisions about which VPN technology to use.
1. Are Multi-Protocol Label Switching (MPLS) VPNs he Way to Go?
For many corporate network needs the answer is yes, absolutely, and the transition to MPLS is well underway.
Look at the data. MPLS VPNs have been eating away at frame relay for years, and within the next 18 months there will be more MPLS VPN connections than frame relay connections in the United States. according to Vertical Systems Group. By 2011, there will be more than 1 million MPLS VPN connections in the United States, Vertical says.
That means that businesses -- in many cases prompted by their service providers -- are buying MPLS connections as their connectivity needs expand and they need to connect new sites. But even more of them are migrating from frame relay altogether as the providers themselves make the transition to MPLS, says Rosemary Cochrane, an analyst with Vertical Systems Group. The number of frame relay connections in use is actually declining.
Worldwide, MPLS services reaped US$13 billion last year, a growth of 20% in revenues, according to Infonetics.
The reasons are many. MPLS VPN services offer fully meshed networks as a matter of course; any site connects to any other site. To do the same with frame relay means expensive virtual circuits laid out between every site and every other site. MPLS lets customers shed complexity and cost.
MPLS also supports multiple qualities of service at varying prices to give business customers options to buy less-expensive VPN services for less-critical traffic.
Sprint has just announced it is installing a 40Gbps optical backbone to carry its increasing load of IP traffic that is generated by MPLS services and Internet traffic, the company says.
2. Will MPLS VPNs Save Me Money?
Probably not. If you do an even swap-out MPLS for frame relay, the costs of the lines may in fact drop, says Cochrane, but not the price of the service in aggregate. "When companies make that switch the overall price might not go down but the ability to connect to more sites and the flexibility to manage the network may go up," Cochrane says. "We do not see tremendous price declines in going to MPLS from frame, simply because you're using T-1 access and then you start adding on features like security and management and voice."
T-1 access costs about $435 per month in the United States, according to Nemertes Research, but other access methods can cut that price significantly. For instance, New Edge Networks offers DSL service to carrier MPLS backbone networks that support five qualities of service and business-class service-level agreements for about $240 per month. Repair-time guarantees and symmetrical bandwidth are more readily available with T-1 services, but the price difference may be worth the trade-off.
"Companies like these services because they offer considerably more bandwidth with little or no increased WAN costs compared to their legacy counterparts -- frame relay, ATM, private lines," says Michael Howard, principal analyst with Infonetics.
That is prompting customers to boost the bandwidth they buy for their MPLS VPN connections above the T-1 speeds that are typically the top size for frame relay connections.
"The demand for higher speeds is going up, and that's a function of availability and pricing, depending on who the provider is," Cochrane says. "Is it an incumbent that is cannibalizing its own [frame relay base] or is it a competitive provider offering lower-price access?"
Hands-on customers stand to save more on monthly bandwidth costs building their own MPLS VPNs and shopping around for the best bandwidth costs, she says. "In that case because you're not limited to one provider, you can shop for the best price in each of your locations and then make the connections yourself with hardware and software you own," Cochrane says.
3. Should I Build My Own VPN?
If you do, you won't be alone, but prepare to spend time and develop expertise in-house.
According to Cochrane, more WAN connections are made over build-your-own VPNs -- where businesses buy their own VPN gear and attach it to WAN connections they have purchased separately -- than are made over MPLS VPN services.
This can range from installing and configuring MPLS gear at each site -- an expensive proposition -- or using site-to-site IPSec equipment that is often packaged with firewalls and is generally less expensive.
The trade-off vs. VPN services is the do-it-yourself part. Businesses have to provide the time and expertise to design, install, maintain and troubleshoot the VPN, says Mark Lewis, a networking design consultant and blogger for Network World. And that means training. Without it, troubleshooting VPNs can be "random, time consuming, and will often not resolve your problem at all -- it might even exacerbate it," he writes.