More than one way to connect several sites
Providers of WANs need to broaden their technological outlook, argues Graham McLean
MPLS is no panacea for WAN, says Graham McLean
Nothing catches on like something that has caught on. That may explain why so many customers who want to connect several sites using WANs, especially if they use data-hungry applications such as voice over IP (VoIP), are convinced they need a virtual private network (VPN) using Multiprotocol Label Switching (MPLS).
MPLS is a method of sending data through public networks at high speed. It has some strong inherent benefits that have led to it being much in vogue in recent years. But as so often happens when a technology catches on, it is mistakenly being lauded as the solution to everyone’s needs.
But MPLS cannot provide all the answers. The channel should help customers analyse its weaknesses as well as its strengths, especially when users are looking for high security or resilience.
Service providers are very keen on expanding MPLS use. MPLS makes their lives simpler because it can bridge traditional technologies such as ATM, Frame Relay and IP that are already in use on their network infrastructures. In addition, it can run over a mix of media to connect to customer premises – such as leased lines, DSL and Ethernet.
Essentially, MPLS is a technology for transporting packets of data by tagging them with one or more labels that relate to the path they should take through the network.
MPLS VPN allows any number of sites to be easily connected via a shared core network owned by a service provider. This MPLS "cloud" is shared with other customers who also use it to link their locations.
The MPLS label information can be read very quickly by devices at the core of the cloud, allowing data to be forwarded through the network at high speeds, which is why this type of network is said to be good for delay-sensitive applications such as VoIP.
And because MPLS can be preconfigured with alternative paths through the cloud, it can failover faster than traditional routed networks, although there are modern alternatives that can match this performance.
There is cause for concern if a high level of security is required for moving sensitive data between locations. Many users do not realise that MPLS VPN traffic is not encrypted across the provider network, so there is the risk of back-door access to data moving along it.
And because most internet connectivity requires BT’s network to provide last-mile connectivity to customer premises, the risk of someone accessing data this way is increased.
Human error can further expose the security risk. While each MPLS VPN customer is assigned his or her own Virtual Routing and Forwarding Table to ensure that routers keep their network separate, there is nothing to prevent a provisioning engineer making a configuration error and leaking routes between customers.
A simple typo is all that is required. While manufacturers such as Cisco are aware of the issue, there is no way of preventing it.
Service providers favour MPLS because it eases Quality of Service (QoS) guarantees for traffic by applying different priorities to data moving through an MPLS cloud.
So, for instance, they can assign a higher priority to real-time voice traffic, ensuring that it always follows the fastest path, while file traffic is allowed to travel via slower links.
But this ability to prioritise different traffic flows does not apply until data enters the cloud. Customers need to ask the service providers about end-to-end QoS.
Delays are much more likely to occur not in the MPLS cloud itself, but on the connection between customer premises and the cloud, where bandwidth is limited.
If performance is key in the choice of VPN, be aware that MPLS will not significantly increase throughput in today’s service provider networks.
The advances of switches and routers mean that other VPN technologies now provide comparable performance.
The easy option would be to give in to customer demands and just give them MPLS if that is what they want. But the most successful resellers will show them the complete picture to encourage long-term satisfaction.
Graham Mclean is managing director at CI-Net