MPLS IP VPN vs. Other IP VPN

MPLS IP VPN vs. Other IP VPN


Evolution of IP VPN


Virtual Private Network (VPN) refers to a privately used network that built on a shared network

infrastructure. Each company seems to be using the network “privately”, but in fact the network

is shared by many users, so the term “virtual” is used. Most layer 2 shared networks like ATM and

Frame Relay are supporting VPN services. In the recent decade Internet Protocol (IP) becomes

the dominant communication protocol supporting multiple applications, so, most VPNs are in fact

running IP on it and hence they are called IP VPN.


Talking about the evolution of IP VPN, from the 80’s using “international private leased circuits

(IPLC)” to interconnect multiple sites, to the 90’s using ATM/FR to build the IP VPN, and in the late 90’s, when the internet is getting popular and having extended coverage, some companies build their IP VPN over the public internet. Until year 2000, with the standardization of MPLS technology and the conforming equipment being shipped from major vendors, the latest trend of high performance, high quality IP VPN is MPLS IP VPN.




IP VPN on IPLC


The major drawbacks of IP VPN on IPLC is the circuit cost and port cost. When the number of sites is getting higher, the number of router physical ports, as well as leased circuits, will be exponentially increased. This results in higher router equipment cost, and increased complexity in managing the routes within routers. Furthermore, since the nature of IPLC is dedicated bandwidth, the monthly rental of each IPLC is comparably high.


IP VPN on ATM/FR


ATM/FR networks use virtual circuits to build the logical connections between sites. This can save the router physical ports and circuit cost, however, each site-to-site pair requires one virtual circuit to set up and the number of virtual circuits is also exponentially increased along with number of sites. Nevertheless, the routing management within the network is complex due to numerous virtual circuits.


IP VPN on Internet


IP VPN built on Internet has even more concerns than the others:


(a) Security


As internet is open to public, there are virus, hackers, tapers, malicious attacks everywhere on internet. IP VPN built on it must equip with adequate protections and data encryptions (e.g. IPSec) to shield company’s data and network from the public. The design and maintenance of the security policies would require professional security experts and sophisticated equipment.


(b) Complexity


Similar to other IP VPN, the IP VPN on Internet also requires the set up of point-to-point security tunnels. With the number of sites getting higher, the complexity in managing the tunnels and routings is an issue.


(c) Performance


A connection across internet may go through many different networks and providers. No single provider will responsible for the end-to-end performance. Congestions and bursty traffic on internet are also very common, and these will directly affect the performance of IP VPN on Internet.


(d) Availability


As mentioned, the end-to-end connection over internet cannot be guaranteed. If one part of the network has problem, the end-to-end connection may loss, or being re-routed over a much longer path by other networks. The company can only complain to the local ISP, however, the end-to-end connection availability is usually out of their control.


(e) Quality of service


Data transmission may tolerate a bit higher network delays but voice and video applications must rely on a consistently low latency network. However, traffic over internet is on a best effort approach. If congestion occurs, all data, voice and video traffic will all be delayed and simply makes the voice and video quality unacceptable.


Benefits of MPLS IP VPN


MPLS IP VPN is the latest standard-based technology to support private networks over MPLS infrastructure. It combines the benefits of various types of IP VPN, yet provides unique Quality-of-service (QoS) feature. Moreover, MPLS network is usually operated by a single provider, the end-to-end performance can be guaranteed. The major benefits of MPLS IP VPN can be summarized as follow:


(a) Security


The underlying technology of MPLS IP VPN is to put a unique label to each customer IP packet, and the whole MPLS network is to switch packets to the destination according to the label, not the IP address. The label assignment is done at the incoming port of customer, by physical port identity. Hence, one customer’s traffic can never get into another VPN, and even not “touchable” the other customer’s VPN port, un-authorized access is protected by the core of the network. The level of security is equal to ATM/FR VPNs which use PVC/DLCI for similar traffic segregation. On the contrary, IP VPN over internet will expose to hacking and intrusion, the IP traffic from unauthorized users can touch the last customer-end equipment (e.g. firewall), which is the last barrier to stop intrusion and it must be carefully planned and managed by security professionals.




(b) Simplicity


In a typical MPLS IP VPN, the connection between customer-end router and provider-end router is by means of a single physical link. All “in & out” traffic of this site is going through this link, and let the MPLS network to do the routing and switching for it. It does not require multiple router WAN ports for multiple site connections in IPLC-type VPN, nor set up multiple virtual circuits in ATM/FR-type VPN. The router equipment cost is greatly reduced, e.g. USD1,200 for a single WAN port router compare with USD2,500~3,000 for multiple WAN ports router. Furthermore, the link bandwidth can be shared for traffic with all other sites, whereas IPLC or ATM/FR virtual circuit bandwidth is usually dedicated to a certain site-to-site pair.







(c) Improved Performance


MPLS IP VPN uses labels to switch packets instead of examining each IP address to route the packet to destination. It has similar performance with ATM network, and out-performed IP-routing networks (e.g. Internet) and Frame Relay networks regarding end-to-end latency and traffic handling capacity. Also, network providers can achieve a better price/performance when deploying MPLS-based equipment, which translates into lower network cost and indirectly lower tariff to end customers.



(d) Improved Availability


Currently MPLS IP VPN networks are usually operated by single providers in different regions of the world. This is due to the fact that interconnection of MPLS networks directly at MPLS layer still has some compatibility and management issues. Global players (note 1) are establishing their own Point-of-presence (POPs) in different countries and offering end-to-end managed MPLS IP VPN service. The network is hence considered as a single network and end-to-end network performance can easily be monitored, fault easily be traced and restored, and service down time can be minimized in case of network failure.


(e) Quality-of-Service Feature


As described above, in a MPLS IP VPN, customer traffic (packet) is identified by a MPLS label. The MPLS label will carry another important information to indicate the “class” of the traffic, e.g. voice/video class or data class. The MPLS equipment along the network will be configured to give higher transmission priority to time-critical traffic class, like voice and video applications, and hence maintain the low latency, low packet loss for such applications. The following diagram illustrate the QoS traffic prioritization on an end-to-end basis:






Posted by
For Latest Updates in network Pls log