Cisco boosts VPN performance

Cisco ISR users offered new encryption services

Firms using Cisco’s integrated services routers (ISRs) can now roll out a new type of virtual private network called Group Encrypted Transport (GET) VPN, which Cisco said “mitigates a lot of the challenges around running encrypted VPN tunnels”.

GET VPN can run over Multiprotocol Label Switching (MPLS) links used by large enterprises, and Cisco said the latency reduction it gives should translate into improved voice and video application performance.

Cisco’s head of network systems, Neil Walker, said, “GET VPN only encrypts the data payload and not the header of the IP packets, so we can use all the QoS [quality of service] and ToS [type of service] info contained in the IP header, taking advantage of all the traffic and service engineering on your network in a secure manner, unlike IPSec.”

Walker said GET VPN solves the “N squared” meshing problem that is a major drawback with IPSec. This refers to the fact that IPSec only works when every single site in a VPN is linked to every other site.

“With GET VPN, you add a new site by making them a member of the group rather than having to nail up point-to-point connections between a new site and every other member in a VPN”, he explained.

New firmware will allow firms to run GET VPN over DSL, Ethernet, ISDN or MPLS, raising the possibility of service providers being able to offer primary links over an MPLS Ethernet connection with a back-up link using data encrypted on firms’ edge routers and taken across the internet. Walker said the new firmware is offered under existing contracts with no extra hardware required to run GET VPN.

Cisco has also integrated its Network Analysis (NAM) and Wide Area Application Acceleration Services (Waas) software into its ISRs, allowing enterprises to use the NAM to analyse their traffic and then use Waas to optimise and increase application performance on their WAN connections. Cisco also announced improvements to the voice, video and collaborative features of its ISRs, and unveiled several new WAN interface options.

Cisco’s Waas module is available now priced at £1,900 + VAT while NAM will be available in Q1 2007 priced at £2,270 + VAT. Cisco’s GET VPN system will be available as a feature on IOS v12.4T on Cisco ISRs and its 7301 and 7200 router models.