Selecting an MPLS provider: Key questions to ask

Selecting a provider for an MPLS VPN service can be a daunting task, however, and it requires taking the time to assess your networking requirements, environment and objectives. This article discusses the critical issues to consider when selecting a provider for MPLS VPN service.

MPLS with minimum impact
As with any architecture that provides VPNs over shared wide area or metro area facilities, MPLS offers an effective way to expand networks geographically while establishing any-to-any connectivity. Because it can replace dedicated circuits such as Frame Relay or ATM, MPLS also helps to reduce costs. Subscribing to a Layer 3 MPLS VPN WAN service allows the enterprise to migrate away from a hub-and-spoke topology, where scaling is a major concern.

Enterprises may choose to use outsourcing as a permanent MPLS solution, or to make a transition over time toward a self-managed MPLS network. Another option is to subscribe to a service hybrid, packaged by the provider as "unbundled" services. One example of a hybrid is when the enterprise manages the customer edge (CE) and the service provider offers Layer 2 transport support and additional managed network services. The enterprise customer retains control over its edge domain.

Key questions to ask
As you interview potential service providers, be sure to address the following key issues:

1. Does the service provider track and monitor the entire network?
2. Can it secure its own network traffic and manage priority traffic across other networks?
3. What are the performance thresholds for network latency and availability?
4. How is performance measured and delivered to you?
5. Are there procedures for on-the-fly load rebalancing, security assessments and regular backups?
6. Can its data center support your requirements for physical and network security, capacity, availability, operations and backbone connectivity?
7. How quickly will the provider respond to business change?
8. What are the terms if the network goes down or the level of service is not maintained?

In addition, major factors to consider include:

Quality of service
MPLS support for end-to-end quality of service (QoS) helps ensure that the network prioritizes critical traffic such as voice. You should discuss with the service provider the classes of service (CoSs) available and your organization's needs.

Some providers may team with others to provide global services or with third parties offering non-MPLS service. This may affect QoS, since assignment of class values differs from one provider to another. Partners should have agreements that specify CoS equivalencies, and you will need to understand these values to ensure they can support your requirements. If your firm is interested in creating extranets for partners or customers, discuss also whether the provider is willing to provide adequate QoS via IP VPNs from other companies.

Routing and routing convergence
Most routing protocols (including eBGP, OSPF, EIGRP, RIP, and static routes) are supported by today's service providers. If you do not run BGP, however, redistribution will be required on the CE router. If the provider is managing the enterprise-provider link, the provider is responsible for choosing the protocol and maintaining the link. CE-to-CE IPsec or GRE tunnels also are supported. Usually linking to the edge router is quite straightforward, needing little or no new functionality.

IP multicast
You need to be aware that not every provider supports IP multicast traffic for applications such as video. Multicasting allows information to be efficiently distributed between a single multicast source and many receivers. If the provider does not support it, your enterprise will need to create a series of GRE tunnels as an overlay in order to provide multicast over the MPLS network.

Complete security
MPLS VPNs provide the same level of security as Layer 2 VPNs, equivalent to that of private circuits. MPLS VPNs offer address space and routing separation, and they are resistant to attacks and label spoofing. In an MPLS environment, a VPN customer may perform IP-source address spoofing, but because there is a strict separation between VPNs and between the VPN and the core, this type of spoofing remains within the VPN where it originated.

The most critical network security issue is that MPLS VPNs are part of a shared infrastructure. You need to know whether Internet access is provided over the same core as VPN access, and what security measures are taken to avoid one service affecting the other. A VPN-only service is more secure; however, the level of risk associated with a shared core infrastructure is acceptable for most companies. The provider may offer separate provider edge routers for Internet and VPN access, but usually at a higher cost. You may also ask about the security of the core infrastructure, and the provider's risk mitigation policies.

Connecting to the service provider
When connecting the enterprise to an outsourced MPLS network, the service provider is responsible for linking to your firm at either Layer 2 or 3. With peering at Layer 3, the provider's network routes IP packets through its shared network, while enabling secure transport. It does this by installing a virtual route forwarding (VRF) table for each customer, which isolates that traffic from others.

One of the advantages of Layer 3 peering is that the two networks can exchange routing information directly. Bandwidth scalability is limited only by the type of transport the provider offers; for example, Gigabit Ethernet is more scalable than Frame Relay. In addition, most service providers can provide QoS with greater intelligence in Layer 3. The any-to-any connectivity inherent in a Layer 3 MPLS VPN also offers more efficient routing.

A Layer 2 VPN, in which Layer 2 packets or cells are carried over an MPLS network -- also called Any Transport over MPLS (AToM) -- is a good solution for some enterprises, especially those with ATM, Frame Relay, or Ethernet networks that need point-to-point Layer 2 connectivity. The virtual point-to-point circuits characteristic of Layer 2 networks are set up through VPNs.

In conclusion, do not neglect to discuss issues such as high availability (at least four nines, preferably five), getting references, guarantees, pilot programs, and training. Carefully assess the staff's technical knowledge, migration support, scalability and availability, and general administrative capabilities. The service provider's experience in deploying managed Layer 3 services and its fit to your requirements are the most critical elements in outsource assessment.

For more detailed technical information, see the white paper, Layer 3 MPLS VPN Enterprise Consumer Guide.

About the author:
Robert Vigil is a service provider systems engineer at Cisco Systems Inc.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Selecting telecommunications services and providers MPLS, Ethernet services more critical as network habits, strategies change Verizon dives into deep end of network services pool Time is now to put more WOW into your WAN How to save money on carrier services MPLS technology overview Buying MPLS: Managed service providers versus carriers Managed services for branch office networks: New options Monitoring MPLS network architecture, service levels and connectivity Managed remote access options MPLS implementation gotchas VPN design Remote, branch office VPN access with DSL Determining efficient VPN solutions, encryption options VPN, remote access security best practices Determining IPsec tunneling, bandwidth capacity As legislation passes, enterprises need to get VPN ready Advantages of an extranet-based VPN Configuring a VRF Advanced OpenVPN configuration IPsec VPN clients Basic IPsec VPN topologies and configurations - from IPsec Virtual Private Network Fundamentals Managed services Service providers like Verizon offer WAN services to cut network costs Verizon dives into deep end of network services pool WAN design: What to consider How to save money on carrier services Troubleshooting WAN performance issues Buying MPLS: Managed service providers versus carriers Managed services for branch office networks: New options Next-generation enterprise networks: Managed services will grow Next-generation wide area network services on the rise Managed remote access options

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary virtual private network  (SearchEnterpriseWAN.com) virtual routing and forwarding  (SearchEnterpriseWAN.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary