Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
W H I T E
P A P E R
Table of Contents
1
Report Background
VPN Overview
Layer 2 Ethernet
Demarcation Point
Local Loop
Service Cloud
Financial Services
Public Sector
10
Professional Services
10
Other Verticals
11
Summary
11
Research Methodology
12
Author
12
Acronyms
Report Background
The research presented here is derived
from direct interviews with more than
40 enterprises based in North America
and Europe. Figure 1 illustrates the
distribution of the vertical markets represented in this research report. The
enterprises interviewed would mostly
be considered large enterprises and so
the conclusions presented here should
only be considered representative of
this segment of the market. Additional
information on the research process is
presented at the end of this report.
VPN Overview
Professional
9
Health
4
Financial
Services
10
Public
Sector
2
Consumer
Industrial
Historically, Layer 2 and Layer 3 VPNs
6
7
referred to frame relay and best-effort IPVPNs respectively. Frame relay allowed
enterprises to cost-effectively connect
multiple corporate locations together, compared to point-to-point private line services, and allowed
service providers to leverage cost efficiencies from statistical multiplexing. Early IP-VPNs, based on
IPSec and PPP (point-to-point tunneling protocol) allowed enterprises to more easily create multipoint data networks, and support remote locations and mobile employees, and they were cheaper
than frame relay. Both of these VPN services were effective at supporting multi-site data services,
but had limitations related to bandwidth scalability, provisioning simplicity and features.
Layer 2 Ethernet
Ethernet services, with an Ethernet hand-off and in some cases an Ethernet local loop, were launched
in the mid-1990s. These early Ethernet services were mostly point-to-point solutions delivered as an
extended bridged Ethernet solution. As such, LAN Ethernet technologies, such as spanning tree
protocol, were simply extended into a metro area environment, and so had limited reliability or
OA&M capabilities.
In early 2001, the Ethernet market started to take off as competitive service providers targeted and
attracted large enterprises with high-speed bridged Ethernet services. These services had low prices
compared with high-speed private line services but still had limited reliability or OA&M capabilities.
Simultaneously, service providers with next-generation SONET / SDH networks started to support
Ethernet services, leveraging the underlying reliability of SONET / SDH. These types of Ethernet
services leveraged existing networks, but proved expensive for the best-effort Ethernet services that
most enterprises were willing to pay for.
More recently, service providers have focused on leveraging MPLS networks to deliver Ethernet
services. MPLS proved to be capable of supporting the QoS parameters and CoS queues that enterprises started demanding as they introduced VoIP and started migrating other business-critical data
services onto their Ethernet services. Point-to-point services based on the Martini encapsulation
technique were the services that were initially offered. Most recently, some service providers have
been upgrading their MPLS networks to support next-generation VPLS, with the ability to support
mesh VPN services.
As enterprise business practices have evolved, more and more business applications are considered
business critical. Enterprise requirements for QoS and the multiple service queues associated with
data services have intensified. By extension, service provider networks need to fulfill these enterprise requirements, and Layer 2 and Layer 3 VPNs delivered from an MPLS network is one unified
approach to meeting these needs.
Enterprises have complicated networking requirements and are faced with many
decisions on how to connect their corporate locations together. These networking
services can typically be viewed from three perspectives, including the enterprise
demarcation point, the local loop and the service core.
ote that an Ethernet service can have many different interpretations, exceptions to our list can exist, and there may be arguments against our parts of our list.
N
Many different connection mediums exist for Ethernet services, and therein is the diversity of interpretations.
Frame
Relay
IP
VPN
IP
VPN
VPLS
VPLS
Customer B
Ethernet
Customer C
IP
VPN
ATM
VPLS
ATM UNI
Customer B
TDM
Multi-Service
Edge Routers
IP
VPN
VPLS
Ethernet Service
Switches/Routers
IP
VPN
IP
VPN
VPLS
VPLS
Ethernet UNI
Customer C
IP
VPN
VPLS
Ethernet
MTU Switch
Simple troubleshooting
Service provider manages and maintains all circuits, and routing and networking changes
Networking and routing control is maintained by the enterprise, which is typically preferred by
enterprises that want to ensure the security of their underlying packets. With this type of service,
the enterprise implements its end-to-end networking and routing decisions itself without having to
involve the service provider, and these decisions are therefore only known within the enterprise.
Additionally, although changes are usually not a common occurrence, this approach allows these
changes to be implemented faster.
Specifically with VPLS, enterprises can easily add new locations to the VPN, without having to
change the networking and routing configurations for all existing locations. When a new location
is connected to the VPLS instance, the new location can automatically communicate with every
existing location, and vice versa.
Protocol transparency, with the ability to transport all legacy application protocols, such as SNA,
DECnet, IP.X, and others. Ethernet, as an OSI Layer 2 protocol, can support any higher-order
protocol, making it an ideal method of supporting legacy application protocols that are still in use
at some enterprise. In comparison, IP is an OSI Layer 3 protocol, so it cannot support these legacy
application protocols, and can only support IP-based applications. Enterprises, however, are gradually moving away from these legacy application protocols to IP-based applications, so this benefit
will dissipate.
Universal availability of Ethernet ports on routers, with every router shipped having Ethernet ports.
There is no need for the enterprise to purchase expensive high-speed serial interfaces (i.e. TDM-based
ports) to support TDM-based local loop, or an additional CSU / DSU for a frame relay service. An
Ethernet handoff also simplifies the enterprises telecom closet, with reduced equipment, and by extension, reduces the power draw for the related equipment. These benefits would be minor considerations
for the enterprise.
Benefits of Layer 3 Services
From an enterprise perspective, the benefits of using a Layer 3 service include:
Ubiquitous availability, with most service providers globally offering Layer 3 VPN services, with
bandwidth starting at 56 Kb/s and scaling up to whatever the enterprise requires. In comparison,
Ethernet services and Layer 2 VPNs are for the most part available only in metro markets and in
only selected developed markets; getting an Ethernet demarcation in rural markets or developing
countries is either impossible or prohibitively expensive. With this ubiquitous availability, enterprises
can easily plan for and implement a network globally with the knowledge that local loop connections should be fairly straightforward.
Network and routing control is maintained by the service provider. In this scenario, the enterprise
has to simply list its routing and networking requirements and the service provider will implement
those decisions across the VPN. Enterprises who do not want to spend time and resources maintaining networking and routing decisions can shift that responsibility to the service provider by using
an IP-VPN.
Many equipment vendors ship equipment (firewalls, VPN dialers, IADs, etc.) that allow enterprises
to build Layer 3 VPNs themselves. Microsoft Windows even supports simple VPN connections, which
is very useful for remote and mobile workers. These VPNs are based on IPSec or SSL encryption,
and are not as complex as network-based VPNs, but are cheap, simple and quick to deploy.
xDSL
12%
Frame Relay
22%
Etherrnet,
Point-to-Point
20%
Private Line
41%
ATM
5%
ATM/
Private Line
47%
IP VPN
35%
Etherrnet,
Point-to-Point
18%
Private Line
33%
Ethernet
67%
Despite the advantages of an Ethernet local loop, local loop decisions are mostly decided by what
services are available. Although most service providers globally offer Ethernet services, these services
are not always available in all markets, or in all buildings within a market. As a result, enterprises
that prefer to have an Ethernet local loop may not be able to get one.
Ethernet services are still not as ubiquitous as frame relay or private line services, as most service
providers who offer Ethernet services are still building out the networks to support these services
(i.e. adding the necessary equipment in their points of presence).
Additionally, almost all Ethernet services globally are offered via fiber access local loops, while most
buildings do not have fiber access. Buildings that have fiber access are mostly located in central business
districts of cities, and the oft quoted metric that 10 percent of buildings have fiber access seems to
be quite accurate.
In most cases, access circuits to an IP-VPN are much more readily available, using xDSL and private
line services. Acquiring a frame relay or private line circuit at multiple corporate locations globally,
all connecting to an IP-VPN cloud is typically an easier solution for enterprises needing multipoint
corporate connectivity.
Service Cloud
As mentioned earlier, VPLS is just starting to be offered by service providers, and while there are
markets globally where this service can be acquired, this market is still in its infancy. Many enterprises have heard of VPLS, but indicated that either their service providers were not offering this
service, or had not been actively marketing it. VPLS network deployments continue to increase,
and this market will grow rapidly, as enterprises become more aware of the benefits of VPLS.
Below is a list of the various issues that enterprises deal with when managing and maintaining their
communications network. Each issue will typically indicate a preference for Layer 2 Ethernet or IP-VPN;
many enterprises though may be faced with multiple issues, making their selection of either Ethernet
or IP-VPN more difficult.
The need for control
Enterprises that want to control their networking and routing decisions will prefer a Layer 2 Ethernet
service end-to-end. This approach lets the enterprise manage these decisions between their various
corporate locations. With the enterprise IT department in control, it has a much clearer handle on
the cause and effect of its decisions. In the increasingly regulated corporate environment, the ability of IT departments to document processes and data integrity is becoming critical, and a Layer 2
service provides that control.
Outsourcing control
Some IT departments are comfortable having the service provider implement the enterprises
networking and routing decisions. These companies prefer to focus their IT resources on core business issues and believe that having their service provider implement their networking and routing
decisions allows them to do this. With IT budgets stretched to the limit, decisions are being made
on what IT functions are core to the companys business and which IT functions can be outsourced.
IP-VPNs allow these enterprises to outsource a variety of IT functions to their service provider.
Specialized IT departments
Some IT departments at very large multinational companies have extensive technical knowledge,
especially for a variety of routing protocols. These companies demonstrated a high comfort for interworking at Layer 3 with their service providers (BGP), to implement their networking and routing
decisions (EIGRP). These types of enterprises are much smaller in number, but represent a portion
of the market that prefers IP-VPNs.
Site scalability
VPLS is defined at the PE (provider edge), creating a Layer 2 cloud between all PEs. The enterprise
connects its corporate locations to this VPLS cloud, or instance. With this infrastructure, adding a
new corporate location simply involves connecting to the existing cloud, as opposed to every other
existing corporate location, as in the case of an IP-VPN. Enterprises that are changing their corporate
locations regularly appreciate the ease of adding these new locations to their corporate network.
Historical issues
Most companies using IP-VPNs had designed and built these networks in the past couple of years,
with plans for these networks preceding the buildout by a few months. Enterprises that investigated
Ethernet VPNs two-to-three years ago indicated that these services were either very limited in
availability or non-existent, making Ethernet VPNs not an option for consideration.
As these contracts come up for renewal, the availability and capabilities of Ethernet VPNs will have
greatly increased from two to three years ago. It is therefore likely that some of these enterprises will
choose to switch some of their sites to an Ethernet VPN at that point.
IP VPN, Ethernet
Access
17%
Private Line
23%
xDSL
6%
Ethernet
15%
Wireless
4%
IP VPN
35%
VPLS
11%
Private Line
26%
Ethernet
63%
As enterprises demanded QoS features and CoS queues, premium pricing compared to best-effort
Ethernet services has occurred. Equally, CoS queues for IP-VPNs have also resulted in premium
pricing compared with best-effort IP-VPNs. On a per-megabit basis, though, Ethernet services are
still priced below IP-VPN pricing levels, with service providers positioning IP-VPNs as a premium,
managed service.
Given the short distances of many connections between these locations, and the fact that most
of the connections are dedicated to the organization (i.e. un-shared), an Ethernet network was the
optimal solution. The Ethernet networks were significantly cheaper than any other solution, and as
an extension of each LAN, are easily managed as a single LAN. As an example, Figure 7 depicts a
municipalitys private fiber-based network.
Many hospital networks have built
similar networks. As with municipalities and school boards, hospital
networks would mostly be located
within a single metro area where fiber
access would be available. The catalyst
for these organizations building private
networks is to support imaging data
and an associated PACS application.
This application allows imaging data
from X-rays and scans to be stored
and accessed from any location that is
connected to the PACS application.
These images are tens-of-megabytes in
size and larger, requiring large amounts
of bandwidth to support the networking of these files.
Professional Services
This vertical includes law firms, accounting and consulting companies, and printing companies.
These companies have most of their locations in central business areas of cities, and therefore are
more likely to have access to fiber connections. These types of companies typically are experiencing
strong growth in bandwidth requirements, due to increases in business-related email traffic, and a
growing reliance on sophisticated, graphically rich applications.
Many professional services organizations have implemented Ethernet-based services. Most of these services are bridged Ethernet solutions or other legacy architectures, and as their networking requirements
increase in complexity, we expect that these companies will implement VPLS or hybrid solutions.
Other Verticals
Most other verticals have typically only implemented Ethernet connections between their head office,
data centre and disaster recovery locations. The bandwidth requirements between these locations
are high, with 100 Mb/s Ethernet connections usually being the minimum. These connections are
also mostly point-to-point and so have mostly being built as bridged Ethernet connections over
dedicated fiber.
As many of these connections were built over the past few years, these companies have been able
to test Ethernet services and experience some of the benefits described above. As a result, many
of these companies are starting to explore the use of Layer 2 Ethernet services for other corporate
locations, particularly as contracts come up for renewal.
10
Summary
Enterprises preferring Layer 2 VPN services can be generalized as having these main characteristics:
Fewer than 20 corporate locations
Bandwidth requirements for most of these locations of more than 10 Mb/s
Have sophisticated IT departments that want to maintain control of their networking and
routing decisions
Applications written with non-IP protocols, such as SNA, IP.X, etc.
Enterprises preferring Layer 3 VPN services can be generalized as having these characteristics:
More than 20 corporate locations
Bandwidth requirements for most of these locations of less than 10 Mb/s
Have IT departments that want to outsource the maintenance of their networking and
routing decisions
Mostly IP-based applications
Nevertheless, most enterprises do not fit these criteria exactly. Rather, they have a mix of core locations
and remote locations, a mix of locations requiring high bandwidth and low bandwidth, and a mix
of IT preferences regarding the control of networking. As a result, enterprises across many verticals
have been using Ethernet services for some of their corporate locations and IP-VPNs for other locations.
Given this scenario, a hybrid approach that uses a single MPLS network to implement both types
of VPNs will address most enterprise networking requirements.
As Layer 2 Ethernet access services and VPLS become more available, enterprises will increase
their use of both. Many enterprises indicated a preference for these services, and will likely replace
private line and frame relay as Ethernet options become available. We therefore expect spending
on Ethernet access and VPLS to increase going forward.
We also expect spending on IP-VPNs to grow, as there are distinct benefits for enterprises with these
services as well. As described above, most enterprises can leverage both the benefits of Layer 2 Ethernet
and Layer 3 at different parts of their network, and therefore a hybrid networking solution fits these
needs best. The growth in spending for these services will come at the expense of private line and
frame relay.
Research Methodology
This research report is based on direct interviews with more than 40 enterprises, specifically telecom
manager type personnel. These enterprises are based in North America and Europe, and for the most
part, would be considered large enterprises. The choice of questions asked and information gathered
were based on prior knowledge of MAN and WAN data networking requirements for more than
50 enterprises based in North America and Europe. The structure of the interviews focused on the
existing networking solutions used and plans for future solutions, and why these decisions were made.
The enterprises interviewed for this report broadly speaking represent seven industry verticals: Consumer
Goods, Financial Services, Industrial, Health, Professional Services, Public Sector, and Technology.
11
Author
Brian Van Steen, CFA
Director, Solutions Marketing
brian.van_steen@alcatel-lucent.com
Acronyms
12
BGP
CoS
class of service
CSU
DSU
EIGRP
IAD
MPLS
OA&M
OSI
PACS
PE
provider edge
PPP
point-to-point protocol
QoS
quality of service
SSL
UNI
user-network interface
VPLS
VPN
www.alcatel-lucent.com
Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other
trademarks are the property of their respective owners. The information presented is subject to change
without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein.
2007 Alcatel-Lucent. All rights reserved. WLN1103070848 (10)