Posted: 04/2000

New Network Edge Devices Deliver
Sophisticated IP Services
Internet services used to be so
By Charlotte Wolter

A provider was a direct link to the Internet. Whatever bandwidth a user could muster to get to the ISP–usually a 28.8kbps dial-up pipe–opened a door to the raw Internet, and customers were on their own.

The infrastructure delivering this access was also simple. ISPs maintained banks of modems that took in hundreds or even thousands of dial-up customers. They usually called from their homes or from corporate PCs. They aggregated the traffic from those dial-up connections into one large pipe, often not more than a T1, and delivered it to the Internet.

Then the corporate world discovered the Internet. The demand for services, as well as the equipment to deliver them, changed radically. Companies needed access to their own remote offices and to the outside world. But they were using leased lines and closed dial-up networks to reach them.

Also, corporations already had Ethernet networks that, despite having different rules, could transport IP packets around the inside of a company with relative ease. Given the synergy between the two networking technologies and the need to reach outside their own networks, it was only a matter of time, money and bandwidth to connect enterprise networks to the Internet.

The Internet is prying enterprises away from narrow, proprietary data networking solutions.

is a major shift at the edge away from private leased networks and private
dial-up to IP public networks," says Jeff Wilson, director of corporate
access, Infonetics Research Inc. (
"The biggest change is that all of a sudden you have one conduit to

Jon Mischel, senior product manager, data division,
Unisphere Solutions Inc. (,
adds, "Customers are converging on the IP platform, and many different
services can be delivered over it."

The local pipes that provide access can take a number of different forms: traditional T1 circuits, newer DSL connections, DS-3s or OC-3s for large buildings or customers served by fiber, and even cable modem links.

What they share are broadband connections with bandwidths of 1.5mbps or larger, and the vast majority of the traffic they carry is just one protocol–IP–though ATM and frame relay are often used for transport.

This new converged pipe–called converged because it could also carry voice, though it is dominated by data today–opens the door to a range of Internet- and IP-based services that would have been impossible before. Leading the charge are virtual private networks (VPNs) that act “private” but are transported over shared pipes.

A recent Infonetics Re-search study says 57 percent of large organizations, 55 percent of medium-sized organizations and 51 percent of small organizations plan to deploy VPNs by the year 2002.

VPNs can deliver such services as intranets, in which a company bases its internal networks on IP, as well as extranets, corporate IP-based networks open to customers and vendors. They can deliver IP voice or voice over ATM, and will likely do so more in the future.

Security services, such as firewalls and detection of hacking, also can be included. Plain Internet access remains an important service, but now it is expected to be a broadband, always-on connection.

on the Edge

This new improved slate of services requires new
infrastructure at the edge of the network to deliver it. Cisco Systems Inc. (
has ruled the Internet processing world with its routers, but an increasingly
large number of competing vendors argues that simply routing IP packets at
ever-increasing speeds is not enough to deliver the sophisticated kinds of
Internet services that customers will demand from service providers in the near

“It is about IP and the multiple services that you have to layer on top of that instead of differentiating routing protocols,” says Wilson. “It is a fundamental shift in the type of product that sits at the edge of the network.”

This has given rise to a new class of products that is still defining itself.

recent entrant to the field, Unisphere Solutions, a Siemens AG startup (,
calls its ERX platform an edge router, even while saying that the terminology is
inadequate for what the product can do. Other terms are multiservice access
platforms or even broadband remote access servers (BRASs).

“It is a new kind of network element,” says Mischel. “The traditional routers were developed to terminate T1 connections and provide access on and off the Internet. In the router that we are providing, the architecture is remarkably different from what has been done. We can terminate T1, T3, OC-3 and OC-12, and we will strip down to individual IP flows, yet maintain performance and speed.”

It is an edge router, he says, “that has all the bells and whistles to provide next-generation services and do that at wire speed. This is so service providers can turn on all the services they want per user without degrading performance. That is combined with a management system to offer whatever services the subscriber is asking for.”

Unisphere has made the product access-agnostic, introducing a version for cable modem networks as well as more standard DSL or T1 access.

Communications Inc. (
has developed an edge device designed to sit at service provider locations and
provide managed services such as firewalls, virtual routers and IPSec security.
The device can also aggregate traffic from a range of different access pipes to
feed a carrier core.

“Our box allows a virtual service set that feels like you have your own computer in a central office,” says Dean Hamilton, CEO and president. The services will run as applications on an open computing platform.

early February, CoSine announced that Qwest Communications Inc. (
placed a multimillion dollar order for an unspecified number of CoSine’s IP
Service Delivery Platforms, to be delivered within the year. Qwest will use the
product to create services for customers seeking enterprise-wide offerings as
part of a solution that will be announced later this year.

In December, Lucent
Technologies Inc. ( announced
it will cobrand the IP Service Switch 5000 edge device by Spring Tide Networks
Inc. (

The product will be used for two functions growing rapidly in network wholesaling: high-density session aggregation for broadband traffic (DSL, cable and wireless) and tunnel termination, which are important for VPNs and integrate voice, video and data over IP networks. The Spring Tide switch also can eliminate the need for customer premises devices.

Networks Corp.’s (
Mayan Unifier adds optical access to its edge aggregation and routing abilities,
but is similar to others in this area in its broad abilities.

The Unifier aggregates, routes and switches time-division multiplexing (TDM) voice, frame relay, IP and ATM traffic at the DS-0, packet, and cell level across layers 1, 2, 3 and 4 of the network. The ability to operate at layers 3 and 4 allows it to provision services, while the wide range of functions reduces the number of boxes required at the edge.

Cisco is unlikely to be left in the cloud of dust as companies gallop toward these new devices, Wilson says, and may soon have its own announcements in this arena.

Managed Services

The advent of equipment with this level of functionality will allow service providers to take over many services that enterprises today run themselves, starting with the network itself. A VPN means the service makes sure there is enough bandwidth and all the connections are functioning.

Beyond that, service providers are taking over or “managing” functions that used to be done by an enterprise’s IT department, such as firewalls, routing and IPSec. Security could be an important selling point, says Wilson.

users are wary of letting anyone else manage their security, but most don’t have
much security expertise and are not doing a good job themselves," Wilson
says. "We are finding more and more that security is what customers
evaluate providers on. Security becomes a key corporate positioning message for
everyone from Cisco, Nortel [Networks Inc.,]
or Lucent, to all the little startups, even if a product doesn’t have anything
to do with security."

Cheaper, Faster Service

These new kinds of
edge devices are often low cost enough to be placed on the premises of large
buildings. One of their strengths is that they don’t have to be anywhere near
the customer to provide a wide range of services. With just an IP connection to
the service provider, many services can be delivered remotely without CPE.

Graph: Importance of Value-added (or Premium) Services from Your ISP

service providers could say, ‘We provide the CPE and manage everything.’ Now
they can say, ‘How about if the equipment is not really at your site but we can
provide all the functionality?’ They can start migrating customers to this new
service, and the customers might just have a gigabit Ethernet connection,"
Wilson says.

An example is the virtual router. Rather than having a router at a customer’s location, the edge device includes the ability to provision many virtual routers. To the customers, they feel like separate pieces of equipment, but really are just part of a large processing fabric on the edge device.

The same is true for a service such as a firewall. CoSine’s IP Service Delivery Platform includes the ability to provide an Internet firewall. Again, it operates like a firewall on a server at the customer’s premises, but in reality just is part of the software suite available from the CoSine device.

This architecture allows CoSine to offer more than one firewall solution and to upgrade firewall features for all customers without going out to customer premises.

With functions pulled out of the edge to a more centralized location, service providers have fewer boxes to manage at fewer locations and can concentrate their expertise and management load. Truck rolls decrease dramatically. This makes for cheaper services overall.

The ability to be access-agnostic also provides a broad market for these devices. The Unisphere ERX platform can terminate DSL traffic in PoPs or cable modem traffic from headends.

For DSL, the DSL access multiplexer (DSLAM) at the edge connects IP traffic to the ERX via an ATM connection. The ERX uses IP’s point-to-point protocol (PPP) to direct traffic flows. The ERX terminates traffic as if it were dial-up PPP traffic. For example, if two users on the same DSL or cable modem connection have different ISPs, PPP can be used to authenticate users and direct traffic to the correct ISP.


One of the holy grails of these next-generation systems is the
ability for users to provision services themselves. Unisphere is working with
the dynamic quality of service (QoS) features of DOCSIS 1.1 (Data Over Cable
Service Interface Specification), the cable industry’s standard for data
networking, which enables customers to add services on demand.

is also one of the features Sprint Corp. (
plans for its Integrated Optical Network (ION), a broadband service for business
and consumers. However, the real-world issues of security and capacity planning
make the task formidable, says Fred Harris, director, network planning and
design, Sprint.

“The goal is to be able to put on the customer’s desktop the ability to communicate with our network in ways they haven’t been able to do before, and then use that to create very customer-specific solutions,” he says. “If you give customers access to the network, how do you protect the network from an unauthorized user asking it to do something?”

Also, if customers are to provision their own circuits, they will need access to the back-office support systems because that can’t be done from the edge of the network. Despite the challenges, Harris says, there are ways to allow that and protect the network.

Perhaps more difficult is predicting the effect on network capacities. “You have to forecast bandwidth demand in real time over the next year to be sure you have the opportunity to build it correctly,” Harris says. “You have DSL and cable modems, but how do you pinpoint the source of demand in the local environment? Which neighborhood will be the first to catch fire and go for high-speed access, and how do you build out the network to support that? It is very difficult to predict.”

Wolter is infrastructure editor for PHONE+ magazine.



Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 68421