The most popular MPLS-based services today are IP VPNs (based on the IETF RFC2547bis specification) which provide private and secure IP routing between customer sites across a common MPLS backbone network. MPLS IP VPNs are highly successful on a global basis and have been deployed in the US, Europe and Asia. MPLS IP VPNs continue to grow in popularity, with telecommunications research firm Infonetics projecting a 283% increase in deployments between 2002 and 2006.

Appeal of MPLS IP VPNs

The dramatic growth of MPLS IP VPNs is due to their wide appeal to both carriers and customers. They allow carriers to add value to existing services. For example, IP VPNs may be bundled with existing Frame Relay or Internet access. This compatibility with existing services offers a migration path for ATM and Frame Relay customers. Of course, the most appealing aspect of MPLS IP VPNs to carriers is their revenue potential in a time when few service offerings are experiencing strong customer demand.

MPLS IP VPNs hold wide appeal to corporations for their ability to offer greater connectivity than ATM and Frame Relay services at a competitive price point. For network administrators, MPLS IP VPNs provide greater simplicity since management is handled by service providers. MPLS IP VPN services based on ST200™ Service Edge Routers offer tremendous flexibility, as customers can connect their sites via a wide range of access speeds and technologies.

MPLS IP VPN Deployment Challenges

Though MPLS IP VPNs hold tremendous promise for both carriers and corporations, profitable delivery requires highly scalable, flexible technology. Nearly all deployments are based on a single router vendor technology, which is implemented on an older-generation platform.

Currently installed MPLS IP VPN routers lack the scalability and density required for profitable VPN service delivery. These devices support few (10-20) VPNs per device. Limited service management makes VPNs costly and complex to provision/manage. The CLI-based management approach of existing VPN routers is inadequate to address the MPLS provisioning and management challenge. Finally, a lack of QoS on installed routers greatly hampers the ability of providers to offer the differentiated services that are key to attracting and retaining customers.

ST200 MPLS IP VPN Solution

The ST200 is the first MPLS IP VPN implementation with the high capacity and density, security and service management required by carriers to cost-effectively and rapidly provision, manage and bill for IP VPN services. Using the ST200, service providers can offer QoS-enabled IP VPNs to new customers and IP-enable existing ATM, Frame Relay or Ethernet customers.

Dramatic Increases in Scalability: The ST200 makes IP VPN service dramatically more profitable than other solutions by increasing the number of VPNs per device. The distributed ST200 architecture ensures wire-speed performance, regardless of the number of routes enabled. This enables carriers to support large numbers of customers per device, critical to offering competitively priced VPNs while maintaining high margins.

ST200 MPLS IP VPN Scalability:

· 64,000 VPNs per device
· 4 million VPN routes
· 97.6 Mpps wire-speed performance
· 2,500+ OSPF virtual routers
· Over 1,000 EBGP Peers
· Over 7 Million BGP Routes

Unmatched Flexibility: The ST200 supports IP VPNs for intranet or extranet applications based on hub-and-spoke, full mesh or any arbitrary topologies, regardless of interface type or speed. Interfaces ranging from NxDS-0 to OC-48/STM-16 support a wide range of access networks on a single device. ST200 AnyService on AnyPort at AnySpeed allows software selection of ATM, Frame Relay, Ethernet and/or IP services on each interface or channel. This unmatched flexibility eliminates central office grooming equipment and the reconfiguration costs associated with moving IP VPN customers to different speeds or access technologies.

Sophisticated QoS: MPLS IP VPNs provisioned using the ST200 include the same level of QoS as ATM and Frame Relay services, with wire-speed performance. Software-configurable per-customer queues meet SLAs while providing multiple distinct service classes for each customer. Per-customer traffic shaping delivers precisely the purchased bandwidth. Packet classification and filtering provide differentiated services based on packet markings, IP source/destination or application. Traffic policing and marking allow carriers to create burstable services with guaranteed bandwidth. Weighted random early detection (WRED) congestion management maximizes link utilization and ensures traffic delivery under congestion.

VPN Service Management: One of the challenges of IP VPNs is the complexity involved in service deployment. The Laurel Provisioning System™ (LPS) element manager sets a new standard in the ease of VPN provisioning. Designed in concert with the ST200, the LPS enables full-featured IP VPN provisioning, eliminating complexity, and reducing provisioning time and configuration errors. Advanced options such as configuring export and import policies are automatically provisioned or optionally manually set for maximum flexibility. The distributed, object-oriented LPS architecture also rapidly integrates the ST200 with carrier network equipment and existing OSS and billing applications.

Security: ST200 IP VPN security features ensure the confidentiality of user traffic using secure forwarding, dedicated tunnels and access control encryption. Service management security is ensured through authentication using local password and account, local SSH public key, RADIUS server authentication and TACACS+ server authentication.

SLA Management and Accounting: ST200 IP VPN support includes comprehensive fault management, data collection and resource utilization monitoring to assure IP VPN SLA guarantees are met. The ST200 uses a sophisticated, wire-speed counter matrix to collect VPN information on a per-customer and per-class basis as well as sophisticated routing policy to enable profitable new billing models. VPN statistics are then delivered to billing and SLA management applications, or viewed directly via the LPS.

Complete Suite of Provider-Provisioned VPNs: Laurel's MPLS IP VPN and Layer 2 VPN support provide carriers with a complete suite of provider-provisioned VPN services. Laurel's Layer 2 VPN support is based on IETF Draft Martini and enables carriers to offer ATM, Frame Relay and Ethernet Private Line services.

Deployment Examples

MPLS IP VPNs can be deployed in a wide range of service provider scenarios. Common deployment scenarios include:

IP VPNs as a Feature of Layer 2 Fast Packet Service: This is a very attractive option for carriers offering ATM and Frame Relay services as well as their ATM and Frame Relay-connected customers. With the ST200 MPLS IP VPN solution, carriers can bundle IP VPN services with existing ATM and Frame Relay services.

For carriers, this minimizes the risk of losing customers to competitor IP VPN offerings. Since this provides additional value to customers, additional fees can be charged. The ability to bundle services minimizes the threat that IP VPN services will cannibalize existing ATM and Frame Relay revenues.

For customers, this option provides greater levels of connectivity between sites than typically is provided with common hub-and-spoke connectivity models where remote offices are connected via headquarters. This level of connectivity is typically cost-prohibitive with ATM and Frame connections. This service offering is also appealing since management is outsourced, reducing complexity.

IP VPNs from Common MPLS backbone: This is a compelling customer application, due to the level of flexibility it offers for connecting corporate sites to MPLS IP VPN service. With the ST200's Any-to-Any service interworking feature (offering connectivity between sites with a range of ATM, Frame Relay and Ethernet access) MPLS IP VPNs can be offered over any access network. This model also allows sites with metro-Ethernet services to connect to the WAN via secure IP VPN service.

Offering IP VPNs on Existing Backbone Infrastructure: MPLS IP VPNs can easily be added to MPLS-enabled IP networks offering Internet connectivity. For carriers, this enhances their service portfolio, providing increased revenue streams. For existing Internet customers, this offers secure remote connectivity.

Conclusion

For the first time, carriers can deploy a comprehensive MPLS IP VPN solution without compromise. Current network-based VPN services have been limited to low-speed access links due to lack of scale in VPN routers, complex service management and limited bandwidth in metro networks. The ST200 breaks through these barriers by providing VPN services on a scalable platform with built-in service management. This combination of features allows carriers to offer VPN services over traditional leased lines, ATM or Frame Relay networks as well as Ethernet metro networks.