Network based (layer 3) IP VPNs is a growing service and Skanova has a solution today which has received a lot of customer attention. The service is called VPN Flex and offers the customers secure communication between their different offices while supporting different traffic classes with a guaranteed maximum delay, jitter, and packet loss. VPN Flex has been a success so far in terms of the number of customers that have signed up for it in the short time it has been on the market. VPN Flex is realized over an IP network on Skanova's ATM backbone.
Meanwhile Multi Protocol Label Switching (MPLS) has attracted a lot of attention and is considered to have a lot of nice features; the most import being the ability to provide layer 2 and layer 3 IP VPNs. The MPLS solution for providing network based layer 3 IP VPNs is described in RFC 2547, also called BGP/MPLS VPNs. It has become the de-facto standard for providing network based layer 3 IP VPNs. Skanova's VPN Flex service is provided by a partly Nortel proprietary solution using IP tunneling instead of MPLS tunneling which is used in RFC 2547.
The purpose of this paper is to evaluate which network (i.e. link layer technology; specifically a frame based or a cell based media) and which network based IP VPN solution is most suitable to provide a network based layer 3 IP VPN service that supports different traffic classes so that Skanova's customers can use this VPN service to send best effort traffic, mission critical applications, IP Telephony, and Video Conferencing services between their different offices using a single layer 3 VPN solution.
In my evaluation I have looked at the technology behind the VPN solution, the ability to provide delay, jitter, and packet loss guarantees as well as what it costs to produce the service along with the security and expected reliability. The purpose of having a master’s thesis student looking at this problem is that I would be objective and not have any predetermined conclusions.
The result of the study is that the two different network based VPN solutions are not different with regard to the service they provide for the customers. However, there are some differences that affect the operator deploying and running the service. RFC 2547 is a more flexible solution with less manual configuration and better support for Inter-AS VPNs. It is possible to realize an RFC 2547 solution in either an ATM network or an IP network and the services will be implemented in much the same way. Both solutions could use Label Distribution Protocol (LDP) signaling and EXP Inferred PHB Scheduling Class LSPs (ELSPs), realizing traffic classes using the MPLS EXP bits. Which network to base the solution on, is a matter of QoS support, costs, and security. The ATM network today has better QoS support (such as more transmission queues and efficient schedulers). However, at the link speeds used in today’s backbones the fixed size cell of ATM is not a reason to use the ATM network instead of a frame based IP network.
The cost of using Packet Over Sonet (POS) and ATM is the same. However, using Ethernet the port cost is less than half of either POS or ATM, which favors using an IP network in the A comparative study of two different network based IP Virtual Private Network solutions future. The security of a network based layer 3 IP VPN is mostly in the hands of the operator configuring the service and the network. Thus with regard to security, I do not believe there is a difference when realizing the network based IP VPN service in a public or private IP network. However, a network based IP VPN realized in a public IP network might pose a sales problem because many customers are worried about the security and availability of such a network.
RFC 2547 and MPLS seem to be the way to go in the future, but my recommendation is to make the transition slowly thereby minimizing Capital Expenditures (CAPEX). This is especially true since the current network based IP VPN service has been so well received. Whether Skanova should introduce MPLS and RFC 2547 in the IP network or the ATM network is very much dependent on their future strategy. I believe that both the IP network and the ATM network can support a service such as VPN Flex. Also, the way that MPLS will be used with regard to the VPN Flex service is the same.