Buzzwords for success: smart and fast

IP VPNs can help service providers see their way to the high-speed summit

Gigabit-speed routers and switches promise to usher in a new generation of converged voice and data applications, but the raw bandwidth capabilities of these turbo-charged platforms address only part - albeit an important part - of next generation infrastructure requirements.

What these pure-power solutions lack is an intelligent service layer. You probably wouldn't want to drive a turbo-charged sports car that lacked a steering wheel; you cannot expect service providers to deploy high-speed networks without the requisite mechanisms for optimally provisioning, managing - and ultimately billing for - services running on their networks.

The technology decisions confronting service providers are critical, but only insofar as they address the fundamental issue: rolling out flexible, profitable services to customers. Rest assured, service providers would offer a 2400 b/s Internet access service if they thought they had a strong, revenue-generating business case. Thankfully, they don't.

But service providers see the writing on the wall. They cannot continue building sustainable business cases around commoditized service offerings such as Internet access and Web hosting. The profit margins are razor-thin at best, while the price competition undermines customer loyalty, increases churn and fuels industry consolidation.

Adding to the headaches are a continued reliance on archaic, time-consuming service provisioning models and a lack of empowering customer interface tools for self-provisioning services and monitoring system performance.

Service providers are on a quest for the Holy Grail - value-differentiated services that can facilitate high-margin, tiered pricing schemes and efficient use of network resources. Today, IP virtual private networks (VPNs), which still are in the early stages of large-scale deployments, are the most approximate manifestation of this utopian service vision.

So, how do service providers move beyond offering commoditized services such as Internet access and Web hosting to these newer, more flexible and more profitable service models? By injecting a performance-transparent layer of service intelligence into the network architecture that identifies, prioritizes, encapsulates and secures traffic flows at the performance levels required to create high-margin revenue opportunities.

Service: class and quality Of course, this is easier said than done. Broadly speaking, it is necessary for service providers to add intelligence at the network edge. Traffic flows must be identified at the network edge, classified according to userdefined criteria, queued according to some prioritization scheme and then packaged for expedited transit across the network backbone. Sounds simple enough, but the reality is that this embryonic service intelligence layer is a muddle of acronyms (WFQ, RED, DiffServ, IntServ) built on yet another muddle of acronyms (BGP, OSPF, MPLS, LDP, RSVP, CR-LDP). And, of course, the complicating factor in all this is that IP-based networks are inherently best effort.

But service providers can take heart. The service intelligent network architecture is taking shape, and service providers already are deploying some of its key components.

Differentiated Services (DiffServ) appears to be taking hold at the enterprise network edge as a mechanism for designating packets to receive certain levels of prioritization and treatment. This is accomplished by setting the DiffServ code point bits (DSCP bits), which then can be used at the service provider edge as part of the classification and prioritization scheme.

It should be noted, however, that DiffServ is characterized by per-hop behavior and provides for only coarse levels of class or priority. DiffServ by itself does not offer an end-to-end solution. However, DiffServ offers compatibility with other tunneling and traffic engineering schemes to deliver end-to-end solutions.

Some vendors have offered approaches based on IPsec tunneling in the network backbone. On the surface, IPsec holds some appeal because it offers encapsulation and encryption capabilities. But initiating, terminating and managing these tunnels in large production networks may prove a formidable task when scaling to hundreds or thousands of sites. Other technologies such as IP VPNs and multiprotocol label switching (MPLS) VPNs may prove more scalable, faster to deploy and easier to manage.

MPLS potentially offers an end-to-end traffic engineering solution across the service provider cloud. It encapsulates traffic and attaches a label, obviating the need for routers to inspect and forward every packet across the network. MPLS also is compatible with Diff-Serv and the concepts of traffic prioritization using the DSCP bits. The DSCP bits can be mapped to pre-defined label-switched paths, which aggregate traffic with similar characteristics such as end-point destination and prioritization.

MPLS is a promising technology with unresolved issues such as how it will handle inter-domain VPN traffic and guarantees of service. Cisco Systems has proposed using extensions to its soft-state routing protocol (BGP4) to provision MPLS VPNs, but this initiative has met resistance from other vendors and service providers that view it as too proprietary. Additional work still needs to be done to address the provisioning and management of MPLS VPNs to ensure an open solution that offers service providers with flexibility, vendor interoperability and scalability.

Virtual routing also has emerged as a key component of next generation networks. The idea behind virtual routing is the use of multiple forwarding tables within a single router to partition traffic.

Because virtual routers have their own forwarding tables, they allow service providers to offer secure IP VPNs to multiple customers over a common network backbone. For instance, service providers can use virtual routers to segregate traffic from different enterprise customers, thus ensuring that Company A's traffic is not commingled with Company B's traffic, even though they share a common access router at the provider edge.

Virtual routers offer an ancillary benefit, as well. Many enterprises use private addressing schemes for their internal operations. With IP VPNs, enterprise customers can avoid changing their private addressing schemes by using IP encapsulation between different sites of the same VPN. This provides enterprises and service providers with major cost savings and faster time-to-service capabilities.

It's automatic Speed and quality of service capabilities represent only part of the total service provider solution, however. Robust service provisioning tools are needed to complete the package. Service providers face complex, time-consuming, personnel-intensive procedures for deploying new services. Many service providers have in-house software tools for provisioning services, but these command-line interface tools are rarely streamlined and typically involve a vendor-by-vendor, box-by-box approach to configuration.

And when the managed network component extends to the customer premises, there is the additional headache - and expense - of one or more truck rolls to set up and provision at the customer premises. What service providers need are tools for automating the service provisioning process. And it shouldn't matter where the equipment resides.

Service providers require service automation systems that address these obstacles using standards-based application programming interfaces such as CORBA and extensible markup language that enable fast integration with service providers' existing operations support systems. Lightweight directory access protocol (LDAP) compliance offers a way to simplify and automate complex provisioning tasks. Device configuration information and network policies - port and IP address allocation, for instance - can be stored in LDAP servers that can easily be accessed and replicated across a network to define and provision services such as IP VPNs. Storing configuration and policy information on an LDAP server offers an additional benefit - resiliency.

If, for instance, an existing device or card needs replacement, the LDAP server can be polled for the appropriate configuration for the new device, eliminating the need for manual reconfiguration by the service provider.

Ultimately, service automation systems are about improving the customer experience. Many customers want the ability to self-provision or modify existing services through Web browser-based tools that allow them to order, configure and pay for the services.

At the very least, customers expect that the service providers can provision services for them rapidly. And once those services are provisioned, customers demand Web-based tools to monitor performance and enforce service level agreements.

Remembering the installed base Of course, deploying these new service intelligent network architectures would be much easier, if not for the need to support - and migrate - customers of existing services such as frame relay and private line. According to research firm Vertical Systems, the size of the U.S. WAN services market is approximately $17 billion.

Private-line services account for twothirds of the total, while frame relay services make up 30%. ATM services account for less than 5% of the total. Given that these frame relay and private-line users represent the target market for IP VPN and other enhanced services, service providers need solutions that can support the existing customer base while easing the pain associated with migration.

IP VPNs offer the same levels of functionality as frame relay networks without the costs of creating a fully meshed permanent virtual circuit structure with a separate over-lay network for Internet access. However, users are somewhat wary of abandoning this service too quickly. Instead, they seek out service providers that can offer a smooth migration path.

The appropriate solution might be native frame relay support or it may involve the concurrent support of frame relay and IP VPN services. Ultimately, however, the solution needs to offer a clear, navigable path to a pure IP VPN.

Revamped networks built on gigabit speed routers and switches are integral to the rollout of new IP-based services. But for service providers, the real issue is maintaining the customer relationship. And, it's the requisite service intelligence layer that addresses this relationship by allowing service providers to move beyond static, commoditized services offerings. Through the rapid provisioning of new services, bolstered by appropriate pricing models and robust self-provisioning tools, service providers can go a long way toward expanding and retaining their customer bases.