managed mpls vpn - brandxyz.com mpls - business=2c financial and technology... · centres and...

EVOLVING TO AMANAGED MPLS VPNThe business and financial case for MPLS in the Enterprise

CALL CENTRE

SITE R

SITE L

DATA CENTRE

SITE K

SITE J

SITE B

SITE C

SITE S

MANUFACTURING SITE T

SITE S

DISTRIBUTION

HEAD OFFICE

MPLSVPN_EvolvingGuide_v4 26/5/04 17:40

StartMore than 3 sites?

Y

N

Highbandwidth

City/NationalEthernet

Leasedcircuits

NY

Sitesclose

N

Y

Decision tree forMPLS VPN evaluators

MPLSVPN_EvolvingGuide_v4 7/6/04 09:21 am

Any to any

MPLS,Frame Relay

or ATM

MPLS

Demandingapplications

Remoteusers

N

NN

Y

Y

IPSec

Internetaccess

Y

Y

N


4 | EVOLVING TO A MANAGED MPLS VPN

Traditional voice

Mobile networks

Video

Broadcast

Access networks

Corporate networks

Legacy data networks


EVOLVING TO A MANAGED MPLS VPN | 5

Unquestionably, the world’s networkinfrastructure is moving from voice circuits to data packets. MPLS represents the futureof wide area networking because it freespacket-based internet-working applications fromtraditional telecoms services that are structuredprimarily for voice circuit connections.

The network industry has invested an enormousamount of research, capital and collaborationinto MPLS, because it allows nearly anyconceivable application based transactions,voice, video conferencing, high speed data

A quiet revolution is going on in the telecommunications industry. Majornetwork service providers and telcos around the world are deploying MPLS (Multi-protocol Label Switching) in their core transport networks.

CONVERGENCE ARRIVES WITH MPLS

transfers, ERP, ecommerce, web access, etc.to share a single intelligent, highperformance network that gives eachapplication the level of service it requires.

MPLS has captivated the telecoms industry,and it is also generating substantial interest in forward thinking enterprises that see MPLS services as a powerful means to astreamlined, resilient voice/data/videonetwork that reduces CAPEX/OPEX costsand increases business agility. There hasalready been a number of large successful



deployments of MPLS in enterprises aroundthe world and now the technology isbecoming mainstream.

In this guide we will be looking at the businessand financial case for MPLS when it is usedas the basis for enterprise virtual privatenetworks (VPNs) that are installed andmanaged by service providers. MPLS VPNscreate a wide area network (WAN) that movesInternet protocol (IP) traffic between enterprisesites, which are distributed throughout a cityor large region. IP is the dominant networkcommunications standard for today’s businessand specialist applications. Now that mostlegacy business software programs have beenfitted with IP interfaces, MPLS IP-VPN can meetthe needs of old and new, as well as horizontaland vertical enterprise applications. This guide

shows that multi-site, network dependententerprises can move more rapidly towardstheir business and financial goals if theydeploy managed MPLS VPNs.

Managed MPLS VPNs in actionA managed MPLS IP-VPN connects the variousintranet and extranet sites of an enterprise andcan also give access to the Internet, publicphone systems and other external resources.As we shall see throughout this guide, MPLS VPNs create an optimal platform forhigh performance voice, video and dataapplications via a single IP interface.

Managed MPLS VPNs can be accessed with provider managed CPE (customerpremise equipment) or customer-managedCPE, but in either case they drastically

ManagedMPLS IP-VPN

CPE routeror switch

Data

Voice

Video

Internet



reduce the complexity and administrativedemands of enterprise networks. Connectingto an MPLS VPN is as straightforward as connecting to any standard IP network. There is no need to configure PVCs or change them. The MPLS network essentially works just like any other standard IP network. Unlike static, manually configured FrameRelay, ATM or leased line networks, MPLSVPNs can adjust to ongoing changes in the overall network topology.

MPLS is ideal for enterprises that are feelingthe pressure to move towards any-to-anyconnectivity between sites – something thattoday’s hierarchical hub and spoke FrameRelay, something that ATM and leased linenetworks are not effective for. MPLS VPNs aresuitable for a very wide range of enterprisesbut there are some cases where they may not

be the best solution. For instance, MPLS may notbe needed in static, centralised low-bandwidthapplications that can be supported adequatelyby Frame Relay or leased lines. MPLS is also not a good choice if the enterprise hasmostly small remote sites that can get by withdial-up links, as opposed to permanent intranetconnections. Enterprises should consider MPLSif one or more of these capabilities are needed:

> Full mesh or partial mesh connectivity for multiple sites

> Peer-to-peer applications: voice, video, multimedia, etc.

> Simplification of many parallel networksthat are expensive to manage

> Advanced business continuity, resiliencyand disaster recovery

> Efficiently managed bandwidth withmultiple classes of service

> Web services distributed, event driven applications

> High speed connectivity (up to 1Gbps or higher) for multiple sites

> Rapid network reconfiguration for M&A, and other reorganisations.

When deployed for the right reasons, MPLSVPNs can be a strategic business resourcethat gives an enterprise a flexible infrastructurefor integrated production workflows,supply/demand chain extension, eCRM,multimedia collaboration applications, virtualweb contact centres, real-time businessintelligence, Voice over IP telephony, andother advanced intra/extranet-basedebusiness activities. MPLS lowers networkcosts and it helps enterprises respond quicklyand efficiently to a rapidly changing marketand external conditions.

KEY BENEFITS OF MPLS VPN> Enables voice/data convergence.

With four different service levels, MPLSgives delay sensitive applications thereal-time quality of private lines plusthe economics of IP.

> Reduces networking CAPEX/OPEXcosts. MPLS eliminates today’s excessiveparallel network resources, resulting inreduced labour, equipment andrecurring telecommunications costs.

> Responds to business needs. Byreplacing static, change-resistant ATM,Frame Relay and leased lines, MPLScreates an agile fully-routed networkthat adapts at the speed of business.

> Enables critical e-business initiatives.With a single high-performancearchitecture for voice, video anddata, MPLS seamlessly integratesCRM, ERP, SCM, ecommerce andextranet applications.

> Creates a peer-to-peer enterprise.MPLS supports existing hub-and-spokeapplications and it also creates high-speed peer-to-peer connectivitybetween all sites, users, andapplications throughout the enterprise.



A good place to start is with Frame Relay, oneof the most dominant wide area networkingmethods for enterprises throughout the world.Frame Relay has the advantage of being asecure, mature WAN method with performanceguarantees and well understood equipmentand protocols. Frame Relay still is a goodsolution for centralised applications inhub/spoke or hierarchically branchingtopologies. In terms of cost, Frame Relay ispriced considerably less than leased lines,without any significant reduction in performanceor security. Frame Relay is often combined withATM, another circuit-based method, to achievehigher bandwidths and better management.

Frame Relay networks (and for that matter all the circuit-based approaches) are aliability in enterprises that have dynamic,distributed applications and fast evolvingbusiness processes. Frame Relay and ATMare often inefficiently centralised by runningpermanent virtual circuits (PVCs) through oneor more transit sites that become bottlenecksin the overall enterprise network architecture.

Frame Relay and other circuit-based networksdon’t participate actively in the routing ofpacket-based IP traffic. IP is essentiallyoverlaid on a foundation of ‘dumb’ Frame,ATM and leased line circuits. Among otherproblems, overlay networks put pressure on

network engineers to monitor and adjust the network with human intervention on anongoing basis.

In today’s chaotic business climate, when theinevitable merger, divestiture, expansion or

ENTERPRISE NETWORKS IN TRANSITIONTo understand the benefits and applications of managed MPLS VPNs, it helps to review the limitations of enterprise networks that are based on traditional circuit switching.

PVCs MPLS Backbone:bonebone

Without MPLS With MPLS



other reorganisation occurs, it can be a realheadache to add or change just five or tensites with Frame Relay or other circuit-basednetworks. To fully mesh an enterprise with 50sites using Frame Relay or ATM, it wouldrequire over a thousand PVC connections tobe defined and configured. To fully mesh a50 site enterprise with MPLS requires just oneconnection for each site - 50 connectionsinto the provider network creates any-to-anyconnectivity throughout the entire enterprise.Frame Relay is also weak when it comes tosharing bandwidth efficiently between a mixof applications on the same connection.

WAN complexityLife would be hard enough for networkengineers if Frame Relay was their onlyproblem. Many enterprise networks are alsoburdened by a complex morass of paralleldissimilar networks, each with a different setof applications, protocols, management

systems and devices. A typical enterprisetoday may have several Frame and ATMbased VPNs for ERP and transactionprocessing systems; multiple private leasedlines for phones and Internet access; ISDNlines for video conferencing; encrypted IPSectunnels for highly secure applications and soon. This complexity is a negative influenceon business operations because of:> Large requirements for ongoing manual

administration and configuration> Lack of overall network view for planning

and management purposes> Underutilised bandwidth can’t be easily

managed or repurposed> Expensive dedicated routers, firewalls

and specialised VPN devices on every site > Duplication of facilities, equipment

and human resources> Duplication of procurement and

supplier management

> Slow response to business needs due tocomplex parallel topologies and longprovisioning times

> General lack of flexibility in the face ofchanging traffic patterns and fast evolvingdistributed applications.

Although IP is inherently an efficient, self-adapting, any-to-any protocol, itsfunctionality is restricted when it runs on arigid complex of legacy circuit-based transport.Given that IP-aware, packet routing networksare now possible and affordable with MPLSVPNs, it’s clear that Frame Relay, ATM andleased lines will become less of an end toend solution and more of an access solutionfor network-centric enterprises and distributedsoftware architectures.

A network with IP application awarenessMPLS VPNs are a major step forwardcompared to complex, inflexible circuitnetworks because enterprise sites canessentially ‘plug and play’ into the providerbackbone, giving users immediate any-to-anyconnectivity to enterprise applications, datacentres and branch offices. MPLS creates an IP-aware backbone that automaticallyadapts to adds, moves and changes in the enterprise topology. If a server or subnetis moved, then traffic will flow to the newlocation without a great deal ofreconfiguration, as is often the case withFrame Relay and ATM networks.

In addition to being IP-aware, MPLS is amajor improvement because traffic flowingacross an MPLS VPN can be assigned avariety of class of service (CoS) levels. Forinstance, voice traffic can be given firstpriority while video and other delay sensitive

VPN_A

VPN_A

VPN_A VPN_A

VPN_B

VPN_B

VPN_B

VPN_B

VPN_C

VPN_C

VPN_C

VPN_C

VPN

VPN

VPN

Frame Relay, ATM, IP-Sec VPNs MPLS IP-VPNs



multimedia traffic gets second highest priority,real-time transaction processing gets thirdpriority, email and file transfer get fourth priorityand so on. Enterprise network administratorsuse MPLS CoS to assign each application aspecific class of service that meets its uniquelatency, jitter and packet loss needs. CoS is the basis for a new generation of costeffective, high functionality voice and videoover IP applications.

The MPLS class of service capability iseffective because it preserves some aspects of connection-oriented Frame and ATMnetworks in the core, while allowing any-to-any ‘connectionless’ IP access in theedge network. MPLS also has the ability toreduce the effects of large low priority datapackets (e.g. TCP) on small high priorityvoice and video packets (e.g. UDP) byfragmenting large slow packets and weavingtime sensitive traffic into the general trafficstream at a higher priority. This sort ofadvanced traffic handling functionality is why MPLS can support SLAs (service levelagreements) written for specific class of

service criteria, based on actual latency, packetloss and jitter values. MPLS VPNs with CoSmake possible, for the first time, convergedpacket-based enterprise-wide networks thatsupport many different applications all sharingbandwidth resources in an equitable way.

Intelligent VPNs In Frame and ATM networks, virtualcommunities of users and applications are typically defined in a time consuming, effort-intensive process of PVC configuration.MPLS VPNs in contrast have extensiveautomatic capabilities. If a new site is addedto an MPLS VPN, all the other sites withinthat VPN can automatically communicatewith it. With the flexibility of MPLS VPNs,each business unit, subsidiary or supplychain, can each have its own completelyisolated VPN that securely shares theenterprise backbone with other VPNs. MPLS VPNs allow the creation of affinitygroups that can access their own private set of applications and managed serviceswithout the need or expense of a separatephysical network.

MPLS performance, scalability and securityMPLS works its magic by combining the highperformance of switching with the adaptableintelligence of routing. In simple terms, MPLSis both fast and smart. The speed of MPLS ispossible because the core transport elementsin the service provider network use efficientswitching methods that are fast enough tosupport delay-sensitive voice, video, andinteractive applications. The intelligence ofMPLS means that it can adapt automaticallyto changes in enterprise network needs. The result is a high scalable infrastructure that does not require a lot of expensive andongoing configuration. Industry experiencehas verified that MPLS architectures can keeptheir high performance and reliability whilescaling to thousands of VPNs and thousandsof sites within each VPN.

When corporate Frame Relay networks werefirst deployed, over a decade ago, it wasdiscovered that Frame Relay PVCs deliversecurity and data isolation that’s comparableto the security of private line services. Thesame is true for MPLS-based IP-VPNs. In field

CoS Parameter Real-time Critical Other

Contracted bandwidth Yes Yes Yes

Packet loss Yes Yes

Delay Yes Yes

Jitter (delay variation) Yes

Service availability Yes Yes Yes



studies and large production deployments,MPLS proved it’s as secure as traditional FrameRelay and ATM services. This is possiblebecause each packet on the MPLS backboneis tagged with a unique identifier that keepsVPN traffic logically isolated. The technologyfor keeping MPLS VPN traffic secure andseparate has been formalised in internationallyaccepted standards by the IETF (InternetEngineering Task Force), the group that officiatesInternet protocols and networking standards.

MPLS achieves its data integrity and securitywithout the great overhead that is associatedwith the first generation IPSec and SSLapproaches to IP-VPNs. IPSec creates encryptedtunnels using expensive and complex CPEdevices on every site. SSL security requiresan SSL capable server that serves encryptedcontent. Although they are not necessary in

the average enterprise, IPSec, SSL andsimilar encryption methods can be deployedselectively on top of an MPLS IP-VPN when it is absolutely needed for applications with extremely sensitive data transfer needs. This avoids the expense and complexity ofmeshing encrypted tunnels and the associatedencryption key management chores.

Accessing a managed MPLS VPNOne of the most remarkable aspects of MPLSVPNs is how well they integrate with existingresources, creating a smooth migration pathfrom circuits to a fully meshed, packet basedenterprise network. MPLS is largely accessagnostic so sites can link to an MPLS VPNbackbone with Frame Relay, ATM or Ethernet,and in some cases newer broadband accessmethods such as Private Access DSL can beused. Existing Frame and ATM devices can

be kept in place and used for access into an MPLS VPN. MPLS works well for sites that need low speed access or bandwidthup to Gigabit or more. Example accessspeeds for MPLS VPNs:

> Frame Relay access: 64, 128, 256,512kbps, 2Mbps

> ATM access: 34, 45, 155Mbps

> Ethernet access: 10, 100, 1000Mbps.

Migrating to a packet driven enterpriseBecause it is based on packets, not circuits,MPLS VPNs can accommodate nearly anylogical network architecture or traffic pattern.Once network engineers have given eachsite a connection to the MPLS VPN, theresulting topology can be a simple spokeand hub, a hierarchical branching tree, apartial mesh, a full mesh or whatever theneeds of enterprise applications dictate. It’s very feasible to support the traffic flows of mature centralised applications, whilemigrating gracefully over time to a moremeshed distributed architecture.

The ongoing interoperability of MPLS andFrame Relay technologies during thismigration period has been ensured by themerging of two leading standards groups. In2003, the Frame Relay and MPLS Forumswere merged to form The MPLS and FrameRelay Alliance, a single standards andindustry interoperability organisation that is,according to their mission statement:“...driving worldwide deployment of multi-vendor MPLS and Frame Relaynetworks, applications and services throughinteroperability initiatives, implementationagreements and educational and marketingresources and programs.”

Voice/video

Per cent ofbandwidthallocated

> Real-time 25%

40%

25%

10%

> Mission critical

> Interactive

> Best-effort

SNA/SAP/ERP

Messaging

Web browsing

Email/filetransfer



Let’s look at how MPLS VPNs can help in theareas of business agility, business extension,business continuity and business reorganisation.The financial aspects of MPLS VPNs arecovered further in the Financial Case section.

Business agilityTo thrive in today’s difficult markets, businessmanagers need to speed up their internalprocesses and also re-design those processescontinually in response to new customer needsand external conditions. Gartner Group andother thought leaders use the phrase ‘Real TimeEnterprise’ when referring to organisations thatsuccessfully reduce excessive latencies in criticalpath business processes. To achieve Real TimeEnterprise agility, IT architects are building ‘N-tier’distributed applications and XML-based webservices to unite workers, customers, suppliers,and business partners in a ‘sense and respond’IT fabric that moves large amounts of data backand forth across the network in near real-time.

This effort is in part driven by the need tomove beyond IT systems that only report

critical, financial and operational results in weekly or monthly cycles. In the agileenterprise, transactions and live data fromretail outlets, plant floors, distribution depots,call centres, field service forces, etc. arereplicated in real-time into business intelligenceprograms and front office applications thatmake vital data immediately available to CxOs,decision support workers, sales directors,customer managers and other knowledgeworkers throughout the enterprise.

MPLS networks create a solid foundation for Real Time Enterprises because they adapt so quickly to changes in accessnetworks and application traffic loads. MPLS VPNs are a good fit for newdistributed ERP systems as well as eCRM,eSCM, web trading, straight-throughfinancial services and other next-generationebusiness applications. MPLS deliversdynamic load balancing between variousservers and sites throughout the enterprise, so that applications can adapt better toseasonal and peak demands.

Peer-to-peer real-time applications like voice-over-IP, video conferencing, andmultimedia workflows are key enablers of the agile enterprise. These applications workbest with any-to-any network connectionsbetween all sites and users in the enterprise.Unfortunately, peer applications are not wellserved by centralised or hierarchical FrameRelay, ATM and private line networks. Forapplications that need any-to-any connectionsand traffic prioritisation, MPLS provides amigration path from inefficient IP overlaynetworks to a unified, converged architecture.MPLS is the right network architecture forvoice, data and video convergence and the substantial network economies thatconvergence can bring.

Business integration and extensionThere is an ever-increasing need for integrationbetween the various functional units insideorganisations. Integration is a seeminglynever-ending project that only succeedswhen networks and IT systems can movedata fluidly across workgroups, departments

THE BUSINESS CASE FOR MPLS VPNManaged MPLS VPNs are arriving not a minute too soon for enterprises that are grappling with multiple conflicting demands on their IT infrastructures.



and business units, eliminating isolated ‘silos’of information that are perpetuated by rigidPVC-based Frame Relay and ATM networks.Applications and business process integrationat all levels is greatly assisted by flexible MPLSintra/extranets that extend LAN applicationsacross the WAN, creating virtual workgroupsthat are essentially location independent.

In addition to the need for ongoing internalintegration, ‘partner or perish’ is the mandateof the ebusiness era. Let’s face it, criticalbusiness processes and production workflowscan no longer be expected to remain securelywithin corporate boundaries. Enterprises thataggressively reach out to partners, customers,suppliers, and other stakeholders have adecided advantage.

In many organisations, IT groups are creatinga new generation of extended web-enabledsupply chain applications that integrateproduction systems with key logistical, distributionand fulfilment resources. Extended supplychain architectures speed up new productdevelopment (NPD), reduce time to marketand add a new dimension of intelligenceand control to supply chain management. Butextended supply/demand chain automation

will not be fully realised if the underlyingenterprise network architecture is based onrigid circuit based Frame and ATM connectionsthat can’t scale in bandwidth or mesh density.

Business continuityThe list of things that can cause seriousbusiness disruption seems to be growing by the day. Considering the possible effectsof natural disasters, social unrest, theft,sabotage, fire, flood, power failure, andsystem crashes, business continuity planningis a non-trivial activity. Rigid, slow-to-provisioncircuit networks make the job of businesscontinuity and disaster recovery even moredifficult. In contrast, the adaptive, any-to-anyconnectivity of MPLS is becoming the basisfor a large range of advanced businesscontinuity and disaster recovery methods.

One important aspect of disaster planning isdata centre consolidation. Although centralisedIT is generally more secure and reliable,consolidation can lead to vulnerabilities if the central data centre fails or is damaged.This risk can be greatly reduced with a ‘hot’disaster recovery facility that can be broughtonline if the primary data centre fails. A hotbackup facility is kept up to date by mirroring

transactions and live application data into a redundant set of IT resources in real-time.With circuits, the task of locating a recoverysite in a branch or remote office wouldrequire additional network connectivity that ‘cuts across’ the hub and spoketopology. The expense of this little usedresource can be major.

In the MPLS VPN model, any site that isconnected to the VPN can be a source or a destination for data. When disruptionsoccur, the MPLS backbone flexibly adapts to changes in network traffic between majordata centres and backup sites or other remotelocations. With MPLS, any site or facility inthe entire enterprise can host any applicationat a moment’s notice and the network willreact accordingly. Risk and continuity expertsare increasingly recognising the benefits ofMPLS transport intelligence and CoS fordisaster recovery and off-site storage.

One good example of the resiliency of MPLSis the case of a voice over IP phone systemthat runs on a managed enterprise MPLSVPN. If the enterprise’s primary phone centrein the main office is incapacitated, the voiceover IP services can be relocated to servers



in one or more branch offices. In this casethe MPLS network will automatically routecall signalling traffic to the backup servers,and callers can continue to access PSTNvoice gateways via the MPLS backbone. Inthis case, disaster planners would simplyensure that backup servers are available forthe IP voice manager, and they might thinkabout a possible ‘heavy up’ of the accessline to the backup server site - MPLS takescare of the rest. This same scenario holdsequally true for many other applicationswhere previously centralised IT resourcesneed to be relocated for any reason tobranch or remote offices without disruption.

Business reorganisationToday’s highly volatile business climate is creating a constant parade of mergers,acquisitions, divestitures, and otherreorganisations that must take place at break-neck speeds. In many cases, mergingor deconstructing an enterprise network is as daunting as the financial, operationaland cultural demands of major businessreorganisations. Acquired networks have to be redesigned and integrated into theexisting enterprise IT architecture beforeoperations can proceed smoothly. When

networks are built of Frame, ATM and leasedline circuits, the time and effort necessary forreconfiguration can negatively impact businessstrategies and valuations in a big way.

Take the example of a business unit with 100retail stores located around the country. Thesesites are all connected back to a central datacentre for credit card validation and transactionprocessing via a traditional virtual circuit-basedWAN. Everything is fine until the parentcompany decides it must rapidly exit theretail aspect of its business by selling off theretail chain. Although the divestiture proceedsquickly in the corporate boardroom, down inthe telecommunications department it takesmany months to re-provision the circuit-basednetwork, in what turns out to be a very costlyand time consuming process.

In contrast, if the retail locations areconnected with an MPLS VPN, changes intraffic flow after reorganisation will be largelyaccomplished by automatic routing softwarein the network provider’s core network. If theacquiring company’s data centre is put onthe MPLS VPN, it’s likely that 100 retail storelocations could be cut over in a matter of days,not months. Note that even though this is a

centralised, non peer-to-peer application withlow to moderate bandwidth requirements, itnevertheless benefits greatly from MPLS services.

Because MPLS creates a simplified andunited enterprise network, it allows businessesto execute business plans and reorganisationwith an agility that would not be possible withtraditional Frame Relay and circuit networks.And because MPLS VPNs decouple networkapplications from the physical network, anacquired company or business unit can berun temporarily or indefinitely on a separateVPN with separate quality of service andtraffic management characteristics.

In general, MPLS streamlines architectures and greatly simplifies planning andoperational issues, making business agility,business integration, business extension,business continuity and businessreorganisation more achievable andaffordable for network-centric enterprises.


The decision whether to deploy MPLS shouldnot be based solely on technology issues or theequipment replacement cycle. Financial aspectsto consider when evaluating managed MPLSVPNs include both direct OPEX/CAPEX costreduction and indirect or ‘soft’ savings that comefrom increased user productivity, competitiveagility and enhanced revenue generation.

CAPEX reductionsMPLS VPN networks can be accessed withstandard, low cost IP routers that are widelyunderstood and easy to maintain. Routers thatare now used to access circuit connections canbe redeployed to MPLS access, preservingsunk investments. MPLS is based on industrystandard protocols with no requirements forexpensive VPN encryption devices, MPLSVPNs have lower equipment costs and canfree up capital funds that are traditionallysunk in long term CPE investments.

Periodic network upgrades and capacityincreases are part of the major ongoing costof owning and operating an enterprisenetwork. As applications and users demandmore bandwidth, a point is reached where

transport switches and routers must be replacedor upgraded at great cost to the enterprise.In the case of managed MPLS VPNs, thenetwork service provider is responsible formanaging and financing expansions and the network equipment replacement cycle.Network service providers can generally dothis more cost effectively because they havethe advantage of large economies of scaleand a focus on core network issues. With afully managed MPLS VPN in place, enterprisenetwork staff only have responsibility foraccess links into the provider backbone.

OPEX reductions - telecoms chargesThe CAPEX of network access devices isgenerally lower with MPLS, but even greatercost benefits come from reduced OPEXoutlays. One of the most obvious MPLS-relatedcost reductions can be seen in the area ofconsolidated network access connectionsand reduced recurring line payments. In atypical example, a branch office that is 10Kmfrom the nearest telco point of presence canfold its separate voice, intranet, Internetaccess and video conferencing into a singleintegrated MPLS access connection. This

takes advantage of the fact that several lowspeed lines are more expensive than a singlehigher speed line that gives the same bandwidthin one pipe. Before MPLS, the example siterequires four different network services:

> 8 PCM voice channels - 512K

> 512K - ERP/intranet PVCs - 512K

> Internet access - 256K

> Video conferencing - 128K.

In a typical pricing scenario, four separateaccess lines cost over £2,000/month. Aftera managed MPLS VPN is installed, accesscosts for the single integrated E1 line fall toapproximately £800/month, for recurringsavings of over £1,000/month per site.

With MPLS, access line consolidation isviable because voice, video and data trafficis intelligently prioritised according tonetwork service classes. Access links canbetter utilise their full capacity without theneed for unused ‘headroom’ bandwidth thatis typical of end to end PVC networks thatare engineered for peak traffic levels thatrarely occur. If a voice over IP service or a

THE FINANCIAL CASE FOR MPLS VPNA managed MPLS network can lower costs and improve performance butbecause it’s a basic infrastructure resource, MPLS is best evaluated by lookingat the full range of technology, financial and operational considerations.




time sensitive multimedia application is addedto a traditional Frame, ATM or leased linenetwork, there is typically a new dedicatedcircuit defined between many different sites. Butin the case of MPLS, the new application willrun on the consolidated VPN access link (ata high priority) without reconfiguration of PVCs.

OPEX reductions - labour costsThe reduced WAN access costs in the abovescenario are only a part of the savingsassociated with MPLS access consolidation.Additional savings come from greatly reducedsupport requirements for the consolidatedaccess devices. In addition to greatly simplifiededge provisioning, substantial labour costsavings can be realised because MPLS VPNsessentially outsource design, deployment andmaintenance of the core transport network tothe service provider. This is particularly true ifthe IT staff are mainly centralised and sites aredispersed. Travel costs are considerable in thiscase – both hard costs and productivity lostduring travel time. In many cases, do-it-yourselfmaintenance and repair can’t deliver the servicelevels an organisation requires at a reasonablecost. In contrast, a business-oriented MPLSprovider can offer as low as 4 hour repair

times in SLAs. Staff training, recruitment, andretention efforts are also reduced if the WANelements are outsourced. With a managedVPN solution, IT staff can concentrate onLANs and business critical applications. Incompanies with high OPEX costs, the greatestfinancial benefit of MPLS VPNs may well bein the outsourcing of the core network capacityplanning, engineering, maintenance and repair.

Beyond direct OPEX/CAPEX cost reductionsthere are many strategic advantages derivedfrom an enterprise WAN that is constantlybeing upgraded, enhanced, maintained and monitored by a focused and dedicatednetwork service provider. With managedMPLS VPNs, key ERP, CRM, supply chainand ecommerce applications can thrive in an IT environment that lets business managersconfidently develop new and existingrevenue streams.

The ideal managed services platformToday, MPLS represents the most advancedand flexible platform for IP-based managedservices, hence opening the door to ongoingreductions in network TCO (total cost ofownership) and better focus on core

competencies. Enterprises with MPLS VPNswill be able to access a growing array ofworld class managed service offerings fromproviders and their partners, including:

> Managed Voice over IP and integrated telephony

> Managed security and firewall services

> Managed backup, storage and disaster recovery

> Managed hosting and ecommerce services

> Managed extranet services

> Managed HR services

> ASP services

> Virtual call and contact centres

> Much more.

Using the strengths of MPLS, managedservices are accessed by IP applicationsfrom any point in the enterprise. Serviceproviders in the future are increasingly likelyto write end-to-end service level agreements(SLAs) that contractually guarantee theperformance of managed services that arehosted in provider data centres and accessedvia a high performance MPLS VPN.

In many cases, the financial benefits ofincreased productivity, agility, and riskmanagement, as well as the easy access tomanaged services may well outweigh the directCAPEX and OPEX savings for MPLS VPNs.

Network methods Any-to-any Automatic CoS Secure Ideal managedconnectivity routing services platform

Leased lines NO NO YES YES NO

Frame Relay/ATM NO NO YES YES NO

IP – best effort YES YES NO NO NO

IP with IPSec NO NO NO YES NO

IP with MPLS YES YES YES YES YES



MPLS VPN APPLICATIONSCENARIOS

Scenario 1Multicast for streaming and enterprise applications.One of the most powerful aspects of an MPLS VPN is found in advanced multicastcapabilities. In applications such as distancelearning, digital radio/TV stations, virtualmedicine, retail video, etc. the broadcast ofstreaming video, streaming audio and highvolume file transfers are radically transformedby IP multicast services. Take the case wherea 300kbps video stream is broadcast fromone network site to 3000 users throughout amulti-site enterprise. Without multicast services,the broadcasting site must have 1 Gigabit ofaccess bandwidth to simultaneously broadcastto 3000 users. But with multicast, the streamingpackets are intelligently replicated across theenterprise topology, so the broadcasting siteonly requires 300Kbps access. The bandwidthfor one session is enough to reach all 3000users. The same scenario holds true for manyother remote enterprise applications where asingle file or stream is sent to many stations (batch updates, remote software upgrades,virus definition refresh, etc.)

Scenario 2Voice over IP and videoThe any-to-any enterprise wide connectivity of MPLS VPNs are the infrastructure of choicefor real-time voice and video applicationsbecause they provide an automaticallyadapting IP-based routing infrastructure thatallows servers, users and applications to bedeployed in a virtually location independentmanner. The provider’s IP-aware routingbackbone adapts to provide the highestpossible levels of service and reliability tovoice calls, streaming multicast applicationsand video conferencing.

To help further clarify the many operational,technical and financial benefits that multi-siteorganisations can give, here are a number ofapplication scenarios where MPLS VPNs candeliver commercial advantage.



Scenario 5Self-service HR and facilities managementFast moving organisations benefit from theemployee satisfaction and productivity that canbe achieved by web-based human resourcesystems that give employees access to contentand interactive HR services in the areas ofaudio and video based training, professionaldevelopment, performance assessments,healthcare, procurement, office materialordering, travel, facilities booking, policies,corporate history, etc. The efficient, adaptiveany-to-any connectivity of MPLS VPNs createsa platform for web-based HR and facilitiesservices that are available to all employeesfrom any site in the enterprise – withoutbreaking the network department’s budget.

Scenario 6Web-based workgroup and collaboration toolsCurrent economic and security realities haveput a damper on the unlimited travel budgetsthat enterprise workers enjoyed in past decades.Unfortunately productivity, creativity and jobsatisfaction suffer when employees can’tcommunicate or interact with each other in real-time. This difficult situation is beingaddressed rapidly, however, by a newgeneration of voice, video and multimediacollaboration tools that allow workers tocommunicate visually and share informationinteractively across the network. MPLS VPNsare the optimal infrastructure for peer-to-peerknowledge sharing between dynamic,distributed groups of users, customers and partners.

Scenario 7Virtual call/contact centresWeb enabled call centres and virtual websupport services are a powerful tool for sales,marketing and CRM purposes because theyallow cost effective customer support via ablend of email, phone, web, fax and othermodes of contact. Enterprises that deploymulti-channel call/contact centres enjoyhigher customer loyalty, reduced churn,greater customer lifetime value, and reducedCRM costs. With any-to-any MPLS VPNs,web-based call/contact centres can virtuallyspan the entire enterprise and extend tosupply chain partners, allowing eachcustomer transaction to draw on the widestpossible range of enterprise resources.

Scenario 8Digital content creation and media productionCompanies that produce and distribute digitalcontent have traditionally been subject to largeexpenses for connectivity via Frame, ATM andleased line networks. This situation is becomingworse now that any artist or content workercan create content anywhere in the enterpriseor remote sites with PC-based broadcastquality, video and audio editing software,(e.g., Adobe Premier and Final Cut Pro).MPLS VPNs give decentralised DCCorganisations and media companies virtualproduction and post production workflowsthat unite producers, directors, writers, graphicartists and other content creators throughoutthe enterprise.

Scenario 3Server, storage and data centre consolidationThe evolution of IT from mainframes to clientserver to distributed computing has left theenterprise landscape strewn with poorlyorganised and under managed pockets offront end and scattered mid tier servers andassociated storage and software resources.Consolidation of these resources can yieldlower TCO and increased performance,security, and reliability but the network must beable to support consolidation or users suffer.With an MPLS VPN, consolidation can takeplace incrementally, with a well-paced transitionperiod that allows some of a department’s IT resources to remain local while others arecentralised. MPLS VPNs generally facilitatedevelopment of distributed applications and IT infrastructure because, in any networkenvironment, applications can be staged,tested, benchmarked, and put into productionat different locations without concern for PVCdefinition or core network capacity planning.

Scenario 4Advanced business intelligence anddecision support With mature, static centralised ERP and backoffice applications, decision workers make dowith period reports they get on a weekly ormonthly basis from the central office. But inagile, distributed enterprises, live transactionaldata and production performance reportingcan be made available to workers anywherein the enterprise at any site. Low latencybusiness intelligence groups are well servedby an MPLS VPN that gives them securereliable access to near real-time reporting on all critical business processes, no matterwhere they are located in the end-to-endenterprise architecture.



Scalable MPLS servicesYour provider should have the knowledge andresources to support highly scalable MPLS VPNswith hundreds or thousands of sites anywhere youneed connectivity. Access bandwidth can scalefrom 64k to 1Gbit or higher, to meet today’sneeds while preparing for tomorrow. Somevendors offer fewer class of services, limited core bandwidth, and limited access options.

Full class of service (CoS) supportAn MPLS IP-VPN is only at its best when itcan deliver several individual service classes,each with their own profile of latency, jitterand packet loss. With a sufficient number ofservice levels, real-time, mission critical,interactive and best effort applications canall get the service they need. The providershould be willing to write SLAs based on CoS.

Your provider should have world-classWAN expertise that includes hands onexperience with traditional Frame, ATMand leased networks, as well as MetroEthernet, National Ethernet, IPSec,MPLS and other advanced packet andIP services. A successful ATM trackrecord shows the provider understands

packet based multi-service networkswith stringent QoS performance.Ethernet access capabilities are non-option considering the importanceof this relatively new WAN accessmethod. Circuit switched voice skillsand capabilities are needed formission critical enterprise voice.

Service level agreement viabilityLife is a lot easier if your MPLS VPNprovider has a track record of meetingthe deliverables of service levelagreements for mission critical enterprisenetwork connections using both circuitand packet technology. Ensure that your provider will write SLAs for all keyaspects of MPLS IP-VPN performance.

WHAT TO LOOK FOR IN A

Integrated packet and circuit networking



National network and geographic reachThe provider should have a network withaccess points throughout the country andhigh performance fibre optic connections to major cities.

Multicast throughoutOne of the big advantages of advanced IP-based VPNs, is their ability to intelligentlymanage streaming application traffic so thatit replicates in a very controlled way throughoutthe enterprise topology. A full featured MPLSIP-VPN will support IP multicast for videoconferencing and other bandwidth intensivestreaming applications.

Financial standingChoose a provider who is nimble enough tomove with fast changing technologies but largeenough to have strong financial security andstaying power. A nimble and financially viableprovider will be able to move quickly to takeadvantage of the many important enhancementsto MPLS VPNs and managed services thatwill be emerging in the next few years.

Provider partnerships and accreditationCisco Systems, the industry leader in MPLStechnology, has an alliance programme thatincludes extensive training, support, anddeployment collaboration. Ensure that youchoose a Cisco Powered Network providerfor your managed MPLS VPNs.

N MPLS SERVICE PROVIDER



WHY CONSIDER THUS FOR A MANAGED MPLS VPN?With its track record of industry innovation and reliable, high performance network connectivity for leading UK enterprises, THUS can help you achieve the business and financial benefits of MPLS IP-VPNs without leaving your current resources behind.

THUS offers one of the industry’s mostadvanced MPLS IP-VPN services, which iscomplemented by an extensive fibre opticbackbone, and a full portfolio of circuit andpacket-based services. THUS is stronglypositioned to assist companies that aretransitioning from traditional Frame, ATM andleased lines to MPLS IP-VPNs.THUS has thelongevity, size, diversity, and a state-of-the-artnational infrastructure that can safeguardyour network traffic and enterpriseapplications wherever they are.

Here are a few more reasons why THUSshould be your MPLS VPN provider:

Network performanceTHUS has one of the newest national

telecoms networks in the UK. Its state-of-the art national backbone was built especiallyfor high performance enterprise voice anddata applications. Your traffic travels on anationwide fibre-optic network that is highlysecure, reliable and privately managed.

Network reliabilityTHUS has constantly delivered high

levels of network availability. This quality ofservice is naturally inherent in MPLS IP-VPNfrom THUS. Service quality is backed byservice level agreements and a seasonednationwide network operations team.

Excellent supportThe extensive knowledge resources

of THUS’s nationwide team of management,technical and support employees ensures youcan maximise the strategic and cost benefitsof MPLS IP-VPN from THUS – withoutconfusion and without disrupting your corebusiness processes.

Industry ActivistTHUS is one of the leading lobbyists

of Oftel, pressing for fairness in the telecomsmarket. THUS’s goal is an open competitiveenvironment that translates into direct benefitsto its business customers.

1 3

42



Full range of servicesEvery enterprise has a unique IT

architecture. THUS’s national presence andhigh quality voice and data offerings enableyou to integrate MPLS IP-VPN from THUSinto any mix of IT and telecoms componentsand software. In addition to its MPLS IP-VPNoffering, THUS offers a full range ofDSL/broadband and circuit based services,including Frame, ATM and leased line products.

5 THUS FIRSTSTHUS has delivered a number of industry firsts that outlines itscommitment to networking excellence:

> THUS is one of the first alternativenetwork providers to gain fullcertification for Voice, Data,Internet and Contact Centres underthe ISO9001:2000 standard forQuality Management Systems

> First provider to support largescale video streaming in the UK

> First to apply next generationMPLS network technology to live traffic (1999)

> First to support TV based email services

> First to offer two way TV-basedSMS messaging.

When considering wide area MPLS IP-VPNsolutions, customers should look for aprovider with stability, financial viability, ahistory of technology leadership, a full rangeof circuit and packet oriented offerings, anational footprint, and a proven track recordof reliable service and support. THUS deliversall of these and it will continue to improveand develop its services portfolio and customersupport as the WAN services evolve.

Please contact 08000 275 8487 to find outhow your organisation can take advantage ofMPLS IP-VPN from THUS.

www.thus.netcontact email address???


24 | Evolving to managed MPLS VPNs


managed mpls vpn - brandxyz.com mpls - business=2c financial and technology... · centres and...

Documents