SingTel MPLS
The Great Multi Protocol Label
Switching (MPLS) Migration
1
SingTel MPLS
The Great MPLS Migration
There are now a variety of alternatives when it comes to connecting multiple sites with WAN links. Multi Pro-tocol Label Switching is fast gaining popularity for many businesses as their preferred choice when it comes to creating a Virtual Private Network (VPN) over WAN. This paper will discuss the differences between MPLS and IPSec, and the benefits achieved from mi-grating to MPLS.
Enterprises today are working in an increasingly vola-tile, challenging and complex environment, arising from escalating customer expectations, unexpected market shifts, and intensified global competition. They need to ensure that their Information and Communi-cations Technology (ICT) infrastructure gives them the ability to adapt with changing needs.
Connectivity and bandwidth requirements are chang-ing so fast that they are difficult to satisfy within budget constraints using traditional network services like Frame Relay or ATM. In addition, the work force in many business sectors have also evolved over the years,
driven by the need to bring staff members closer to cus-tomers, to manufacture products closer to suppliers, or to take advantage of lower cost bases in the region. A typical mid-to-large business will have operations lo-cated in multiple locations across Asia, each playing a vital and strategic role in maintaining the health of the overall business.
This means that legacy networks, built on the premise of relatively static volumes of communications traf-fic flowing primarily between the headquarters and branch, are no longer sufficient. Enterprise Resource Planning (ERP), Customer Relationship Management (CRM) and Supply Chain Management (SCM) appli-cations are now critical to the running of the business, and must be accessible and perform equally well from all locations. Businesses across all sectors are increas-ingly reliant on collaborative tools such as electronic messaging, Voice over IP (VoIP), and online meetings to conduct their daily business from any location. Fi-nally, cost-effective scalability is a must if expansion plans are to be achieved (see Figure 1).
2
SingTel MPLS
Why the MPLS versus IPSec debate is over
The early adoption of IPSec was in part driven by the encryption and authentication capabilities offered by the protocol, given that the traffic would be routed over the Internet. Security is further enhanced as these VPNs require each site to have devices that authenti-cate users and encrypt and decrypt traffic, while any changes to the security policy can be made quickly as the business controls all of the VPN equipment on its premises.
However, as other options like MPLS appeared on the market, the disadvantages of IPSec became readily apparent. For one, IPSec requires an initial capital out-lay for equipment at each site, in addition to ongo-ing management, monitorongo-ing and maintenance. This also includes continual efforts at managing keys for encryption. As a network grows with the business, ad-ditional investments in equipment, management and maintenance would also be required to scale up an IPSec VPN installation in tandem across the network. Cost issues notwithstanding, the emergence and pop-ular adoption of new IP-based applications like VoIP also helped to put the spotlight on the limitations of IPSec. Public networks - like the Internet - are based on “best-effort” delivery of information, which means that while all of the data packets travelling over the In-ternet will be routed to the best of the network’s effort to the right place, there is no service level guarantee that they will all arrive at the destination in the right order, or at the right time. While this is acceptable for transmitted information in the form of email and docu-ments, it would be intolerable for services like VoIP, re-sulting in lag or “dropped” packets during the call. Finally, the move away from IPSec-based VPNs has also accelerated, as security threats originating from the Internet grow in sophistication and volume. The fear of network intrusions resulting in downtime and signifi-cant financial damage has increased exponentially, making organisations leery of sending key information over the Internet. The disadvantages of IPSec VPNs are the very reasons why MPLS-based VPNs are increas-ingly attractive propositions. A primary advantage of
The Choices for Enterprise WAN
When it comes to connecting multiple sites with Wide Area Network (WAN) links, the Virtual Private Network (VPN) has emerged as the most commonly preferred method. A VPN creates a virtual and secure “tunnel” connecting two or more LANs, with information being sent via the tunnel by riding on a larger communica-tions network. Over the years, two different protocols or “flavours” of VPN have emerged as the most popu-lar implementations in the market: IP Security (or IPSec) and Multi-Protocol Label Switching (or MPLS).
An IPSec-based VPN typically rides on the back of a public network such as the Internet, and uses a set of protocols for securing IP-based communications by authenticating and encrypting each IP packet in a data stream. An MPLS-based VPN – sometimes also known as “trusted” VPNs in the industry - do not use encryption, but instead rely on the security of a single service provider’s network to protect the traffic. Despite an initial flurry of IPSec VPN adoption, as the In-ternet grows in popularity, recent studies have shown that many companies today are either moving to, or are considering a move to, MPLS-based services. In a
benchmark study conducted by Nemertes Research1,
uptake of MPLS-based services almost doubled between 2004 and 2006, growing from 24 to 42 per-cent, with more than half of all participants saying they were using, or planned to use, MPLS-based services by the end of 2006 (see Figure 2). The trend was even more pronounced among companies with global op-erations, 72 percent of whom said they were using, or planned to use, MPLS-based services by year-end 2006. FIGURE 2: Rapid Growth in MPLS VPN
3
SingTel IP MPLS
MPLS is that it provides the scalability to support a wide range of VPN deployments: from hundreds of VPNs to up to tens of thousands of VPNs on the same network core, without incurring the high costs seen in IPSec de-ployments. There is no initial capital outlay, as no new network gear is required as long as each site already has a WAN router. Depending on the specific mix of applications, and network configuration, MPLS-based services can reduce costs by 10 to 25 percent over comparable data services. As companies add voice and video traffic, cost savings can rise to as much as 40 percent network-wide.
MPLS VPNs are particularly suited to provide end-to-end service level guarantees or QoS, rapid fault cor-rection of link and node failure, bandwidth protection – all of which are essential for deploying additional value-added services like VoIP. Finally, Internet security threats are much less of a concern as circuits are car-ried over the service provider’s own network.
The table below summarises the key differences – in terms of reliability, cost, security and Quality of Service
- between IPSec and MPLS.2
Are MPLS-based VPNs right for your
organisations?
In order to make an informed judgement on whether MPLS-based VPNs are suitable for your specific or-ganisational requirements, the following questions will need to be asked:
Question 1: Does your company need Service Level Guarantees or SLAs? SLAs are important to enterprises
with stringent requirements for network performance and resiliency. MPLS-based VPNs support SLAs by pro-viding scalable, robust QoS mechanisms, guaranteed bandwidth, and traffic-engineering capabilities. For instance, SingTel ConnectPlus IP VPN – one of the re-gion’s leading MPLS-based VPN solutions – offers a core network built on carrier-class equipment, and utilises advanced traffic engineering to ensure optimal traffic distribution and improve overall network usage.
Question 2: Are you planning to converge your data, video, and voice traffic onto a single network? Will
your network be required to handle delay-sensitive traffic - such as voice, video, or mission-critical data? Such services will require QoS as provided by MPLS. FIGURE 3: Key Differences between IPSec & MPLS
Feature MPLS VPN IPSec VPN
Reliability MPLS is more reliable than IPSec VPNs as there is less complication in the tunnelling and firewall configuration.
MPLS creates a fully meshed network by default, providing direct connections between all remote locations without any of the addi-tional cost or configuration needed with IPSec VPN tunnels.
MPLS networks are more secure because the circuits are carried through the carrier’s MPLS backbone/cloud.
MPLS-based services support Quality of Service (QoS). This is par-ticularly important for companies that are rolling out voice and video on a converged network. Cost Savings Security Quality of Service (QoS)
Network intrusions are a greater concern with IPSec VPN tunnels since they are run through an Internet circuit, which is open to connections from around the world. A misconfigured firewall can open the VPN network to security threats of the Internet.
IPSec VPN requires additional hardware/software and configuration, both at the client as well as at the router level, which will boost the upfront investment required. Specifically, IPSec requires clients for VPN connections and router configurations. Network changes will require tedious re-configurations.
Network intrusions are a greater concern with IPSec VPN tunnels since they are run through a public Internet circuit. A misconfigured firewall can expose an IPSec VPN network to the Internet.
Once the encrypted data packets are sent out via the Internet, little can be done to prioritise them.
4
SingTel IP MPLS
Question 3: Are you planning to deploy additional value-added applications? These applications could
include multimedia conferencing, e-collaboration, or business-process applications such as order fulfilment, ERP, or CRM. MPLS provides the ability to implement policy-based networking so that vital network traffic can be prioritised over less important data. SingTel ConnectPlus IP VPN, for example, offers several class-es of service to addrclass-ess different performance levels required for different applications.
Question 4: Is disaster recovery an important consid-eration for your business? MPLS allows data centres
and other key sites to be connected in multiple redun-dant ways to the service provider cloud, as well as to other sites on the network. Remote sites can also be quickly and easily reconnected to backup locations if needed.
Question 5: Is your business expanding quickly in the Asia Pacific region? A well-executed, MPLS-based VPN
deployment scales easily to accommodate company growth or changes. For example, when a new site is added to the VPN, the MPLS service provider only needs to establish local connections between the new site and the provider edge. It does not need to reconfigure the equipment at any of the other existing sites, gaining significant operational cost savings. This is especially important for organisations that are ex-panding their footprint in Asia Pacific, and are ventur-ing into countries like China and India. Given the com-plex and heterogeneous regulatory and infrastructural
climates in such countries, organisations should consider SingTel ConnectPlus IP VPN - which offers extensive Asia Pacific coverage – giving them a “borderless” network available for seamless connectivity across the region.
Question 6: Are you planning to outsource your WAN management and maintenance? Businesses prefer
to focus on core businesses, and not on the mainte-nance of IT. As such, more and more organisations are getting trusted and proven partners to provision and manage their WAN. Since a MPLS-based VPN like Sing-Tel ConnectPlus IP VPN can be installed and managed outside of the customer’s premises, it offers a business the opportunity to remove hefty capital expenditures in VPN equipment off its books, and to “rent” secure connectivity instead from a trusted and reliable serv-ice provider that runs a secure carrier-grade back-bone.
From RFP to Implementation: Choosing the right
partner
As with any network service, the difference between a high performing network and a mediocre one will ulti-mately depend on your choice of service provider. To minimise costs and the risk to your business network, look for a provider who owns its own infrastructure, or runs a robust and proven Network-to-Network Interface (NNI) plan with local partners around the world. This assures your business of reliability and delivery of Service Level Guarantees. Telecommunications diversity is also an im-portant consideration, especially for companies which need to retain a strong business continuity posture.
SingTel IP MPLS
Other considerations that will affect your choice of service provider will include its ability to offer an end-to-end connectivity solution for regional or global sites, as well as proven and referencable experiences in deploying and managing scalable MPLS networks for its clients.
An advantage to working with SingTel is its proven track record in supporting major MPLS implementa-tions across the region. SingTel has rapidly established itself as Asia’s leading MPLS-based VPN service provid-er, due in part to the fact that it owns Asia’s most ex-tensive and advanced cable and satellite networks, which includes many of the world’s most sophisticated submarine cable systems, such as ME-WE 3, SEA-ME-WE 4, APCN, APCN 2 and C2C.
Furthermore, with a network of offices in the region, SingTel provides businesses with strong in-country sup-port and a reliable one-stop solution for all their com-munications needs – a must for managed VPN de-ployments spread across the region. Enterprises that need networks to be just as flexible as their business plans should consider SingTel’s suite of managed MPLS VPN services, which offer enterprises more choices, as well as the confidence of having invested in a network that is geared for demanding requirements, well into the future.
