Selecting an MPLS provider: Key questions to ask

Selecting a provider for an MPLS VPN service can be a daunting task, however, and it requires taking the time to assess your networking requirements, environment and objectives. This article discusses the critical issues to consider when selecting a provider for MPLS VPN service.

MPLS with minimum impact
As with any architecture that provides VPNs over shared wide area or metro area facilities, MPLS offers an effective way to expand networks geographically while establishing any-to-any connectivity. Because it can replace dedicated circuits such as Frame Relay or ATM, MPLS also helps to reduce costs. Subscribing to a Layer 3 MPLS VPN WAN service allows the enterprise to migrate away from a hub-and-spoke topology, where scaling is a major concern.

Enterprises may choose to use outsourcing as a permanent MPLS solution, or to make a transition over time toward a self-managed MPLS network. Another option is to subscribe to a service hybrid, packaged by the provider as "unbundled" services. One example of a hybrid is when the enterprise manages the customer edge (CE) and the service provider offers Layer 2 transport support and additional managed network services. The enterprise customer retains control over its edge domain.

Key questions to ask
As you interview potential service providers, be sure to address the following key issues:

1. Does the service provider track and monitor the entire network?
2. Can it secure its own network traffic and manage priority traffic across other networks?
3. What are the performance thresholds for network latency and availability?
4. How is performance measured and delivered to you?
5. Are there procedures for on-the-fly load rebalancing, security assessments and regular backups?
6. Can its data center support your requirements for physical and network security, capacity, availability, operations and backbone connectivity?
7. How quickly will the provider respond to business change?
8. What are the terms if the network goes down or the level of service is not maintained?

In addition, major factors to consider include:

Quality of service
MPLS support for end-to-end quality of service (QoS) helps ensure that the network prioritizes critical traffic such as voice. You should discuss with the service provider the classes of service (CoSs) available and your organization's needs.

Some providers may team with others to provide global services or with third parties offering non-MPLS service. This may affect QoS, since assignment of class values differs from one provider to another. Partners should have agreements that specify CoS equivalencies, and you will need to understand these values to ensure they can support your requirements. If your firm is interested in creating extranets for partners or customers, discuss also whether the provider is willing to provide adequate QoS via IP VPNs from other companies.

Routing and routing convergence
Most routing protocols (including eBGP, OSPF, EIGRP, RIP, and static routes) are supported by today's service providers. If you do not run BGP, however, redistribution will be required on the CE router. If the provider is managing the enterprise-provider link, the provider is responsible for choosing the protocol and maintaining the link. CE-to-CE IPsec or GRE tunnels also are supported. Usually linking to the edge router is quite straightforward, needing little or no new functionality.

IP multicast
You need to be aware that not every provider supports IP multicast traffic for applications such as video. Multicasting allows information to be efficiently distributed between a single multicast source and many receivers. If the provider does not support it, your enterprise will need to create a series of GRE tunnels as an overlay in order to provide multicast over the MPLS network.

Complete security
MPLS VPNs provide the same level of security as Layer 2 VPNs, equivalent to that of private circuits. MPLS VPNs offer address space and routing separation, and they are resistant to attacks and label spoofing. In an MPLS environment, a VPN customer may perform IP-source address spoofing, but because there is a strict separation between VPNs and between the VPN and the core, this type of spoofing remains within the VPN where it originated.

The most critical network security issue is that MPLS VPNs are part of a shared infrastructure. You need to know whether Internet access is provided over the same core as VPN access, and what security measures are taken to avoid one service affecting the other. A VPN-only service is more secure; however, the level of risk associated with a shared core infrastructure is acceptable for most companies. The provider may offer separate provider edge routers for Internet and VPN access, but usually at a higher cost. You may also ask about the security of the core infrastructure, and the provider's risk mitigation policies.

Connecting to the service provider
When connecting the enterprise to an outsourced MPLS network, the service provider is responsible for linking to your firm at either Layer 2 or 3. With peering at Layer 3, the provider's network routes IP packets through its shared network, while enabling secure transport. It does this by installing a virtual route forwarding (VRF) table for each customer, which isolates that traffic from others.

One of the advantages of Layer 3 peering is that the two networks can exchange routing information directly. Bandwidth scalability is limited only by the type of transport the provider offers; for example, Gigabit Ethernet is more scalable than Frame Relay. In addition, most service providers can provide QoS with greater intelligence in Layer 3. The any-to-any connectivity inherent in a Layer 3 MPLS VPN also offers more efficient routing.

A Layer 2 VPN, in which Layer 2 packets or cells are carried over an MPLS network -- also called Any Transport over MPLS (AToM) -- is a good solution for some enterprises, especially those with ATM, Frame Relay, or Ethernet networks that need point-to-point Layer 2 connectivity. The virtual point-to-point circuits characteristic of Layer 2 networks are set up through VPNs.

In conclusion, do not neglect to discuss issues such as high availability (at least four nines, preferably five), getting references, guarantees, pilot programs, and training. Carefully assess the staff's technical knowledge, migration support, scalability and availability, and general administrative capabilities. The service provider's experience in deploying managed Layer 3 services and its fit to your requirements are the most critical elements in outsource assessment.

For more detailed technical information, see the white paper, Layer 3 MPLS VPN Enterprise Consumer Guide.

About the author:
Robert Vigil is a service provider systems engineer at Cisco Systems Inc.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT WAN Telecom Services Next-generation wide area network services on the rise How can I achieve auto-negotiations between my device and switches? MPLS implementation gotchas How do I switch from Telecom to Global System for Mobile communication (GSM)? Assessing WAN connectivity, identifying latency for centralized application access MPLS technology overview Choosing WAN providers: Key questions to ask PRI and E1 defined Top strategies to keep your network running in an emergency Network disaster recovery plan for avian flu threat WAN Telecom Services Research VPN Products and Services To simulate voice over IPSec VPNs which simulators work? Creating Remote Access and Site-to-Site VPNs with ISA Firewalls: from 'The Best Damn Firewall Book Period, Second Edition' How can I get our VPN to work on Windows Vista? To set up a VPN server, do you need two NIC cards? How do I connect to our VPN with authentication ID? SonicWall acquisition could hurt Aventail users What equipment do I use to connect two LANs in different cities? What are the steps? Remote access keeps physicians connected Security Spotlight: SSL VPN appliances simplify secure access MPLS transport options WAN Technologies Next-generation wide area network services on the rise Broadband bonding vendor offers SMBs affordable appliance Upgrade your network: Network evolution and roadmap How to design a redundant WAN architecture Does WAN optimization work when compression's enabled on host devices? How do I calculate the time taken for a file to be transferred over a WAN link? MPLS implementation gotchas Troubleshooting WAN performance issues MPLS and Cisco CCIP certification Cisco CCIP MPLS certification: Introduction

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary coarse wavelength division multiplexing  (SearchNetworking.com) Direct Outward Dialing  (SearchNetworking.com) E.164  (SearchNetworking.com) G.703  (SearchNetworking.com) high-speed dialup  (SearchNetworking.com) Infranet Initiative  (SearchNetworking.com) integrated T1  (SearchNetworking.com) Local Number Portability  (SearchNetworking.com) non-geographic number  (SearchNetworking.com) wavelength-division multiplexing  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary