By Doug Allen
Of all the hot networking technologies, none is more so than virtual private LAN service (VPLS) just now. In fact, VPLS may be the most important transport protocol to come along since MPLS; so much so that the two WAN VPN technologies have sometimes been cast as adversaries, or at least rivals. Some even ask, Is VPLS the new MPLS? Like, on steroids?”
The answer for agents and VARS is both “yes” and “no” (cmon, you didnt expect an easy answer, did you?). But for those who can determine when to deploy the service in conjunction with other VPN options and how to layer business services and applications on top, it could be a golden opportunity.
VPLS is the fastest growing WAN Ethernet service, according to Vertical Systems Group, largely because its the enabling technology for the large enterprises endgame,” as Erin Dunne, Vertical Systems Groups director of research services, puts it; a long-haul mesh service that combines the best of Layer 2 (switching) and Layer 3 (routing) technology. Think of it as Layer 2.5 which, like MPLS, provides deterministic connectivity for protocols that are inherently connectionless. Whether using pseudowires (as with VPLS) or label switch paths (MPLS), these allow providers to provision and manage WAN paths with the QoS and security of a dedicated ATM connection, but with greater and more flexible bandwidth and simplicity. Running pseudowires over MPLS creates a transport path that can support any access technology, such as private line, LAN Ethernet, ATM and frame relay, while at least partially addressing the scalability and connectivity issues of Ethernet switching as it moves from the MAN to the WAN.
Since its based on Ethernet and MPLS, VPLS brings a number of advantages over most IP MPLS VPNs to the table. Besides feeds and speeds, VPLS makes all endpoints look like nodes on the same LAN, no matter how geographically dispersed. Thus, customers can control their own switching tables in-house rather than be forced to turn over routing chores to an IP MPLS provider. While this can impose some complexity on internal IT staff, many businesses, particularly in the financial or public sector, are more comfortable extending their Ethernet LAN across the WAN and dont want to risk turning their routing tables over to a provider, believing it could compromise the logical or physical security of their data. This also generally allows customers to control the switching path more precisely than with IP MPLS. This approach recalls the old network administrator maxim, Switch when you can, route where you must.”
Customers most interested in VPLS are those who seek to deploy a bandwidth-scalable virtual LAN service over geographically dispersed locations that they will control and manage on their own,” said Blake Wetzel, vice president of sales, Qwest Business Partner Program. If the customer has legacy networks or applications that they wish to tie together but maintain control of, VPLS is a great solution,” at a significantly lower price per bit than a Layer 3 alternative. And thats an increasingly attractive proposition for customers looking for higher bandwidth for collaboration, B2B and cloud service applications all delivered over a single circuit.
So, is VPLS the new MPLS, in terms of enabling secure, business-class VPNs that can carry all kinds of value-added services and applications? Yes, says Ken Mercer, senior vice president of master agent Telecom Brokerage Inc. (TBI). It offers more security, since its a Layer 2 service which gives security on the transport layer, then when MPLS is used you have security from the Layer 3 side as well; [VPLS traffic] should never cross the Internet like a VPN would. Then theres bigger bandwidths, typically delivered on fiber. It can enable secure voice and video communications,” Mercer said.
VPLS services also are available over copper and TDM solutions (Ethernet over copper, Ethernet over copper T1/NxT1; these solutions run from 2mbps to 40mbps and up, sometimes as high as 80mbps). But over fiber, VPLS has the edge over most IP MPLS lines, with more flexible bandwidth increments available, running from 10/100/500mbps up to 1gbps, compared to the more rigid bandwidth hierarchy of T1/T3 lines and OCn pipes. Mercer also pointed to VPLSs use of an internal labeling stack in addition to the MPLS labeling stack, which acts as a circuit ID that the network uses to more readily identify paths for meshing between sites, thus raising the overall speed of transport.
Again, with greater speed and capacity, customers logically can separate multiple services, whether IP MPLS or a Layer 2 protocol, using VLANs over a single access link. An example of this is with a B2B customer or just a large manufacturing company; they can install virtual paths to people off of their network while maintaining the security of their own network,” said Scott Stricklin, senior vice president of global sales at MASERGY, one of the very first providers to adopt VPLS. Think of the cost savings and competitive advantage companies can leverage with this service.”
But that doesnt mean MPLS is on the way out. VPLS is not a replacement for, nor is it a next generation of MPLS,” said Wetzel. It is an additional tool in a customers toolbox which can be used to solve a different set of business problems than MPLS. Every customer we speak to is looking to maximize value for their available budget. If organizations have existing operations teams and expertise they may look to VPLS as a more cost-effective solution to build a network which has many of the technical advantages of traditional private line networks but with better economics. Customers looking at MPLS solutions may have limited human resources but are looking to augment in-house capabilities with a network provider who can deliver more of a turnkey solution via a resilient network supporting a wide range of access options and value-add services (e.g., fast re-reroute, multicast, cloud security, QoS, 7/24 network management, etc.).”
And VPLS is not the right fit for all network connections. For one thing, MPLS is far more scalable, using Layer 3 routing to create a mesh that can support hundreds and thousands of sites. VPLSs dependence on switching makes it better suited to smaller implementations of less than a hundred sites, before network traffic management becomes too complex.
To that end, so far VPLS deployments mostly have been used to connect core network locations, usually from a business headquarters to a data center or between multiple data centers, where data security and privacy is paramount and the customer can rest easy by keeping switching chores in their own hands and not entrusting routing tables to a service provider. Functionally, VPLS makes the most sense for B2B communication, disaster recovery and major data centers,” said Stricklin, and it is also critical from a [regulatory] compliance perspective for financial and health care companies,” who need to ensure the highest security and privacy standards which means bypassing the public Internet as much as possible.
Its very much a case of one size does not fit all.” There are very few pure-play VPLS service customers today,” said analyst Dunne. VPLS has to be for big customers who already have significant IP MPLS VPN gear installed. VPLS is essentially for a few large, high-speed applications connecting data centers, storage and the business headquarters, especially for those that dont want to give up their routing tables. A full VPLS implementation is overkill in these cases.”
The key decision factors for customers evaluating VPLS are Ethernet access availability per site, performance, security, network management and the ability to meet meaningful SLAs end-to-end, according to Dunne.
Thus the VPLS target market businesses who want to connect a relative few number of sites at high speed for IP convergence or migration from slower, more expensive Layer 2 services is somewhat constrained. But VPLS is perfect for certain risk-averse vertical markets who want to maximize control. This is a wonderful application for campus networks, international networks, financials with SLA requirements, imaging and off-site data duplication,” said TBIs Mercer.
In a nutshell, then, MPLS is better-suited to a 1,000-site or more mesh using any kind of access protocol. VPLS, by contrast, requires an Ethernet access handoff, which still has limited (though growing fast) availability in the United States. Though VPLS supports all the applications MPLS does, it is far less scalable and requires the customer to manage all CPE switching. This can be an advantage or a hindrance, depending on the business application and level of IT staff expertise.
So far, Dunne hasnt seen much demand for VPLS in the SMB market. Instead, these clients are using Ethernet to link to an IP MPLS WAN, which is still one of the primary applications for carrier Ethernet. Whats going to force these [SMBs] to use VPLS? If its a lack of TDM access at an acceptable price, go with an Ethernet access service for lower costs and greater bandwidth. No one is swapping out IP MPLS for VPLS unless they want to run a trigger application, a Layer 2 app that requires greater security or performance than IP MPLS would provide,” said Dunne, adding that some businesses with frame relay/ATM access customers are migrating to a combination of VPLS and IP MPLS VPNs, where the higher-end ATM links are replaced by VPLS, while the more numerous, hub-and-spoke frame relay connections move up to IP MPLS to create a cheaper, more flexible meshed network.
Roopashree Honnachari, senior industry analyst, business communication services at Frost & Sullivan, agreed that both technologies balance each other nicely. For network connections that businesses are used to managing themselves where they are running very specific applications [and often a mix of IP and non-IP business protocols, like SNA] they are asking for fast-feed Layer 2 Ethernet and for branch locations [typically served by frame relay links in Dunnes example], they are asking for Layer 3 VPNs, thus encouraging Layer 2 and Layer 3 VPNs to coexist in a complementary fashion in the market.” That bears out the experience of Criag Schlagbaum, vice president of indirect channels for Level 3 Communications. We do not see a large migration of MPLS customers to VPLS, but we do see MPLS customers employing VPLS where it makes sense.”
Sell the App, Not the Technology. VPLS services are a great opportunity for provider partners and agents, Mercer said. Agents dont work on margin, they work on commissions and all carriers are different. [Selling VPLS]is in line with a percentage with the kind of monthly recurring revenue [earned] from MPLS,” he said. That, combined with a secure, easily managed, high-speed, flexible service and whats not to love?
But while the interest in VPLS is there, the partner community is still educating itself on its strengths and weaknesses. Some providers, like XO Communications, are just beginning to see their partners inquire more about VPLS, according to Brian Law, XOs national vice president of indirect services. The learning curve can be somewhat steep, since agents must take a consultative approach to their customers network and identify which VPN technology is the best fit for each location or network segment. For Law, partners can best add value by helping customers with solution design, clarifying core business objectives and identifying the applications and performance requirements the network must support. You are not selling technology, you are selling consultation and a solution,” he said.
And theres a lot to consult on. Since VPLS deployments are quite complex in nature and normally involve migrating from an older technology or another carrier, weve seen a strong correlation with won deals and those partners who can provide strong project management support in addition to what Level 3 or any other carrier can provide,” said Level 3s Schlagbaum. This is in addition to many of the over-the-top services that some of our partners provide like CPE selection/configuration, SNMP services, routing support, etc.”
From a strategic standpoint, we ask our partners to simply ask questions about what the customer is trying to accomplish and the internal resources they have available,” said MASERGYs Stricklin. VPLS can take more resources internally so it is really important to understand their environment.”
Stricklin reported that those agents and partners who best understand when to go with a Layer 2 or Layer 3 VPN enjoy much more success than those who dont, which speaks to the demand for hybrid solutions. Agents who can offer services from more than one provider also have an advantage, as customers are likely to be more comfortable with a mix-and-match, best-of-breed set of services without being locked in to a single providers feature set, which varies widely today.
Keeping up with all the different provider options out there can be tough, though. Mercer provides his agents with educational tools, network diagrams, case studies, customer references and sit-down meetings with the carriers involved.
The key to success with VPLS is understanding why the customers need VPLS and being able to position their organization and our network effectively,” said Stricklin. We offer full engineering and sales support to our customers and encourage them to put us in front of their end-user because this can seem complex.”
As with all reseller relationships, the most important thing to do is to work with the best provider(s) possible. A carrier should be able to offer a consistent set of Ethernet services and features across all metro markets with a full portfolio of VPNs at Layer 2 (point-to-point, point-to-multipoint and mesh) and Layer 3. Clearly defining the proper technology for each part of the customers network is a critical part of the qualification process. Do they have international coverage or at least interconnection agreements with global carriers to support cross-network traffic? (Though Ethernet network-to-network-interface agreements are increasingly common, those for VPLS have not yet been ratified, so providers must work out custom bi-lateral agreements between themselves.) Can they provision multiple services over the same circuit with an Ethernet hand-off at either end?
The providers network should allow for VARs, agents or third-party providers to add their own Layer 3 services or applications on top so customers can choose from a broader set of value-added offerings. For example, we have SIP providers and enhanced video services that our customers can purchase through our channel partners,” said Stricklin. The key for the partners is to be able to offer their services as an on-net solution and create some value play that companies need, like hosted PBX platforms or video concierge services.”
The more services layered on top of the circuit, the more critical it becomes to track network performance. But visibility into VPLS traffic is lacking for some of the bigger carriers, which have difficulty separating out traffic by individual customers, although MASERGY gets around this problem by building dedicated logical instances for each customer.
Partners should also be aware of the increasing customer demand to manage their CPE for VPLS services; this may seem counter-intuitive, since maintaining internal control over switching is one of its prime selling points, but providing a managed CPE service may also serve to extend the VPLS market to smaller-sized businesses or sites as well.
VPLS clearly is poised to break through in a big way, working alongside MPLS, each one enhancing the other. But its also important to remember the relative immaturity of these services. While some providers have been in the game for five or almost 10 years, big carriers like AT&T and Verizon Business only really have ramped up their VPLS offerings in the last year or two. According to Mercer, some carriers are not ready to roll out full-scale, national services. The process for ordering is not clear in some cases, theres a lack of pricing tools and trained support, paperwork not ready, etc. As with any new product, everyone is [afraid] to be the guinea pig.”
Doug Allen is a freelance journalist and analyst with 12 years of experience covering telecommunications.