Newbridge displays its versatility to muscle in on carrier-class VPNs

Virtual private networks (VPNs) are one of the data industry's hottest markets, with predictions of a $23bn (£14.4bn) worldwide business by 2001.

With more than 40 per cent of Fortune 500 companies expected to outsource their network operations, VPNs represent a major revenue-generating opportunity for carriers.

Driving the interest in VPNs is the growing predominance of IP applications at enterprise sites. By 2000, IP traffic is expected to dominate about 75 per cent of enterprise sites, up from just 20 per cent in 1996.

Intranet VPNs allow carriers to offer individual enterprises a full suite of highly secure, IP-based services using shared equipment across a carrier-managed wide-area network. They also represent a new source of revenue with higher margins than consumer internet services. Additionally, they allow carriers to cash in on the trend toward outsourcing, and sell value-added managed services that go beyond simply providing bandwidth and leased lines to enterprise customers.

For enterprises, VPNs offer significant network cost savings, simplify network operations, support service interworking, and eliminate the need to continually upgrade network equipment to accommodate rapid growth.

Chris McEvilly, product marketing manager of enterprise solutions at Newbridge Networks, said: "Versatile IP is Newbridge's strategy for delivering IP services to a number of different markets. The key principle is that Versatile IP enables service providers - whether carriers, ISPs or enterprise service providers - to offer differentiated services to different classes of users within an organisation."

Entering the ring

Although many VPN solutions exist, Newbridge has thrown its hat into the ring with its Carrier Switched Routing (CSR) Release 1.0 product portfolio, part of its overarching Versatile IP architecture.

Based on a number of key existing and proposed industry standards, including carrier scale internetworking (CSI) and multi-protocol label switching (MPLS), CSR is a solutions framework that enables service providers to offer IP VPN services that are scalable, reliable, predictable and measurable - parameters that business customers require and demand.

Newbridge Networks has also announced the formation of the CSI interest group with Siemens, 3Com and Ericsson to develop IP products over ATM networks.

It aims to publish specifications for building carrier and enterprise-level IP environments and develop interoperability agreements to be ratified by the ATM Forum. Products currently in development by the group include ATM switching tools and end products such as edge routers and access multiplexers.

CSR is a solution framework that enables service providers to offer scalable, reliable and predictable IP VPN services to meet the diverse needs of business customers. CSR supplies service providers with the infrastructure to create business-class IP VPN services, such as advanced bandwidth management capabilities, while reducing IP network operations costs.

Andy Williams, director of marketing of enterprise solutions at Newbridge, said: "Our competitors' IP VPN strategies remain paper tigers, while we deliver today. They talk conceptually about IP services and IP VPNs, but Newbridge delivers products today that incrementally add IP telephony and IP VPNs to existing Newbridge equipment. Our competitors' ATM switches either require forklift upgrades or a fundamental rethink of their software architecture to deliver similar VPN functionality - either an overlay network or yet another network for a single service."

Unlike conventional internet and service provider IP offerings, the Switched Routing solution supports the creation and rapid deployment of new revenue generating business services over a common multi-service infrastructure with minimal incremental costs. With its differentiated service offerings, CSR 1.0 can support mission-critical information and time-sensitive applications over the same network used to deliver conventional Lan and Wan traffic.

"Service providers are looking to CSR to participate in the emerging $11bn IP VPN market," said Mike Wilkinson, director of marketing IP and internetworking products at Newbridge.

"With Carrier Switched Routing, service providers can differentiate their offerings and attain much higher margins on IP services while reducing the overall costs associated with managing their IP infrastructure.

This makes it an extremely attractive solution."

Based on MPOA, the CSR portfolio delivers a virtual terabit routing infrastructure for new-generation and established service providers. This virtual router can be built to match the scale, topology and functionality requirements of the service provider.

The Switched Routing portfolio includes MainStreetXpress 36170 MultiServices Switch platform and the MainStreetXpress 56020 Routing Services Control Point (RSCP). The RSCP provides routing policy and information, emulating the functions of a conventional router's processor and policy server, on a network-wide basis.

Meeting the challenge

Finally, a variety of standalone and integral service points deliver connectivity options for the virtual router for a variety of Lan and Wan technologies. A single CSR network can scale to support up to 12,800 secure IP VPNs.

"The Newbridge CSR product offering shows the strength of a centrally managed architecture for delivering IP VPN services across an ATM core network," said McEvilly.

Eric Hindin, a director of the analyst organisation, The Yankee Group, believes CSR is key to addressing price performance of IP VPNs. "Carrier Switched Routing directly addresses the most pressing challenges that keep IP VPN service providers from meeting today's service demands at affordable costs. It should allow scalable, differentiated services to be deployed over existing network infrastructures, while reducing the costs associated with maintaining these infrastructures, and that's exactly what service providers are looking for."

The CSR incorporates a number of key existing and proposed industry standards for the effective delivery of business-class IP services.

Predominant among these are carrier-scale internetworking and multi-protocol label switching. By incorporating both of these technologies into its CSR solution, Newbridge offers the flexibility to meet a variety of service providers' IP needs.

Ross Callon, an active member of the IETF MPLS working group, said: "CSR uses an efficient and highly manageable combination of connectionless and connection-oriented technologies to provide scalable support for internet IP services and VPNs."

CARRIER-CLASS ARCHITECTURE: Peeling back the layers

There are several different kinds of VPN that service carriers can implement:

- Overlay VPN: A network in which restricted secure connectivity is provided over a public router network by employing one of a number of IP tunnelling techniques. The public router network can be the general internet or ISP networks that are specialised in serving VPNs. A separate tunnel is generally required between every pair of user sites.

IP address translation or encapsulation is performed at the customer-located device. The network routes all packets without any consideration of an individual extranet or enterprise users' VPN requirements.

Layer 3 VPNs enhance the service provider's ability to offer differentiated services and to monitor, troubleshoot and generate reports on a per-customer basis.

- Layer 2 VPN: A network in which restricted secure connectivity is provided by using configured Frame Relay or ATM (Layer 2) virtual circuits (VCs). A separate VC is generally required between every pair of user sites. IP address translation or encapsulation is performed at the customer-located device using RFC 1483/1490. The network is only aware of Layer 2 connectivity and switches all frames or cells on a given PVC without any knowledge of an individual enterprise's VPN requirements (though Class of Service attributes can be provisioned on a PVC basis.)

- Layer 3 VPN: A network in which restricted secure connectivity is provided through a network that routes IP packets (ie, operates at Layer 3) while keeping the traffic segregated on a VPN basis. Layer 3 VPNs also have the attribute that native (potentially overlapping) IP addresses from users can be supported without conflict.

Strictly speaking, Layer 3 VPNs could be supported by dedicating individual CO routers to each VPN, but this is cumbersome from a management perspective and not cost-effective.

A key advantage of Layer 3 VPNs is that scalability can be significantly greater through the application of hierarchical routing (it is well understood that the way to build large router networks is to introduce hierarchical routing, thus resulting in fewer routing adjacencies or router neighbour relationships.)

- Layer 2/3 VPN: A network in which restricted, secure routing of IP packets is provided (at Layer 3) while keeping the traffic segregated on a VPN basis, and which uses configured Frame Relay or ATM (Layer 2) virtual circuits for voice, video and non-Lan based data traffic. Traffic aggregation is performed through customer-located devices typically provided by the carrier. This type of VPN service explicitly caters to enterprise users who would like to outsource their entire networking environment.

VPN: NEWBRIDGE'S IP STRATEGY

Newbridge's Versatile IP VPN strategy is to offer service providers end-to-end capabilities focused around five key VPN areas:

- Remote Access VPNs These give remote users reliable access into the corporate network via multi-megabit modems and other access products to support IP capabilities for multimedia applications.

- Intranet VPNs Scalable, secure VPNs that may be partitioned through Versatile IP architecture.

- Intranet VPNs are network-aware Layer 3 VPNs that overcome the limitations of overlay and Layer 2 VPNs.

Extranet VPNs

Scalable secure VPNs that allow connectivity among a community of users through Versatile IP and standards-based tunnelling, while leaving public key and policy management in the hands of the enterprise user.

Enterprise VPNs

These support integrated voice and data applications on a single scalable, reliable, high-bandwidth platform between the customer premise and the central office. Enterprise VPNs are integrated multimedia Layer 2/3 VPNs.

Enhanced Voice/IP VPNs

Deliver enhanced voice services over the internet or intranet using an IP/ATM infrastructure. Enhanced Voice/IP VPNs are a cost-effective alternative to traditional circuit-based voice VPNs.