Saturday, December 4, 2010

IP Networks

From the standpoint of carriers and user organizations alike, frame relay has
been an enormously successful service. It is simple to set up, easy to understand,
and provides statistics that network managers can use to assess performance and
optimize CIRs and access circuit bandwidth. Frame relay has been so successful,
in fact, that carriers are having a difficult time persuading their customers to
migrate to the next step in evolution, which is an all-IP network. Some reticence is
over security concerns. Frame relay traffic is internal to the service provider’s network
so packets do not flow over insecure paths. Most customers trust frame relay
carrier’s networks to the point of sending unencrypted data between their endpoints,
but not so with IP.
Despite security concerns, IP networks have two major selling points that
give them an edge over frame relay. A single access circuit can be used for both
Internet and the enterprise’s private network, and sites can be meshed without the
need to define PVCs. Intersite connectivity is a major advantage for enterprises
that have considerable internal traffic and intend to deploy VoIP or IP video. With
frame relay the alternative to configuring multiple PVCs is to hub all traffic on the
central site and route it back out to the destination. This increases traffic in the
access circuit and increases latency and the complexity of traffic engineering.
On the surface, an IP network appears to be ideal for carrying voice and
video traffic. Carriers provide Web portals that display their performance metrics,
which are similar to frame relay and well within the bounds needed for isochronous
traffic. As we discuss in this chapter, however, these metrics are usually
based on monthly averages and do not include access circuits. IP metrics are edge
to edge, not end to end, and the access circuit is where the choke points arise.
Putting all traffic in one access pipe lets the customer use the bandwidth flexibly,
but it is difficult to achieve a balance between end-to-end service quality and
access circuit utilization.
If an IP network is to be effective for isochronous traffic, the originating network
must classify the traffic and the carrier must prioritize and route it accordingly.
The larger carriers use MPLS in their backbone to support differentiated
traffic classes and to keep traffic from different users separated. An important difference
between an IP network and frame relay or ATM lies in the carriers’ difficulty
of providing a guaranteed end-to-end QoS on IP. Any ISP can accept and carry IP
traffic, and within its domain it can configure its routers to provide QoS for its core,
but when traffic crosses into other domains assurance of service quality is lost.
MPLS standards as currently defined operate within a domain, which means
QoS cannot be provided across domains unless the service provider has negotiated
agreements with other carriers or has a footprint large enough to serve all the
endpoints on the enterprise network. The second difficulty is in the access circuit.
Few enterprise networks implement MPLS and the protocol does not define a
UNI. Standards activity is under way to correct this problem, but it will be some
years before it is complete.
QoS provisions do not pertain to most data traffic, so for data the main difference
between IP and frame relay lies in security. IP networks can be used for
transporting information that is not crucial to the organization; in fact, enormous
amounts of unsecured information daily flows from corporate Web pages or
attached to e-mail messages. IP networks cannot be trusted with sensitive information,
however, so sessions must be secured by tunneling through the network
with VPNs as discussed in Chapter 31. In this chapter, we enlarge on these with a
discussion of MPLS VPNs, which have some interesting characteristics compared
to VPNs running over native IP.
This chapter begins with a discussion of routing. In Chapter 6, we looked
briefly at how routers and routing tables function. In this chapter, we will inspect
routing protocols in more depth as a guide to understanding how IP networks
function, with particular emphasis on how they achieve QoS. This is followed by
a more detailed discussion of MPLS than the overview in Chapter 13. The chapter
closes with an “Applications” section that provides information for selecting IP
services and negotiating SLAs.
IP NETWORK ROUTING
Routers have two independent functions: control and forwarding. The control
function inspects incoming packets, examines their headers, and consults routing
tables to determine which output link to forward the packet over. Routers do not
have a complete view of the path packets take from source to destination; they
only know how to reach the next router. If the path is congested and the router’s
buffers are full, it discards packets and the customer arranges for retransmission.
Best-effort packet delivery is adequate and efficient for data, but it is unsatisfactory
for isochronous applications. Since routing algorithms are based on packets
taking the shortest path, UDP/IP cannot guarantee standards of reliability,
packet loss, and delay. Voice can tolerate these irregularities within limits, and if
the bandwidth is sufficient, the grade of service may be acceptable, but video quality
drops noticeably with more than about 0.1 percent packet loss. To run these
applications over a routed network, IP must take on some of the characteristics of
a circuit-switched network with its reserved bandwidth and controlled delay.
Routers maintain tables to choose the optimum route for packet forwarding.
Routing tables in simple networks are static and manually written into the router.
Dynamic routing tables are updated periodically from messages transmitted
across the network. This process of updating routing tables imposes a load on the
network, but it has the advantage of enabling the routers to respond automatically
to changing conditions such as a link failure, whereas static tables remain
unchanged until they are manually updated.
Complex networks require dynamic routing protocols. If the destination
is reachable from a directly attached active link, the router will use that route.
Otherwise, it hands the packet off to a neighbor to boost it to the next hop. If a link
fails or becomes congested, the routers communicate among themselves to update
their tables. Routing protocols are classified as interior if they are capable of reaching
destinations within a domain or autonomous system (AS). If they can span
ASs, they are classified as external protocols. We will look briefly at the operation
of the most common algorithms in these two categories.
Interior Gateway Protocols
IGPs, also known as intradomain routing protocols, are optimized for operation
within a single AS. The most common interior protocols found on enterprise networks
are RIP (Routing Information Protocol), OSPF (Open Shortest Path First),
and IS–IS. RIP is the oldest routing protocol and the simplest, but it has limitations
that make it unsuitable for complex networks. Routing protocols typically support
only one layer 3 protocol at a time. As a result, if a network is running both IP and
IPX, for example, multiple routers are required. Cisco supports a proprietary protocol,
Enhanced Interior Gateway Routing Protocol (EIGRP) to allow the network
to run multiple protocols at the same time.
Routing Information Protocol
RIP uses a distance-vector algorithm that selects a route based on the number of
hops to a destination network or host. If the link serving the destination is directly
attached to a router, the hop count is 0 and that would be the preferred route.
If the destination is attached to a neighboring router, the hop count is 1, and so on.
RIP propagates route information by broadcasting table updates to its neighbors
at 1-min intervals. Aroute table for a new router can be generated by merely entering
the IP addresses of its directly connected networks. The routers on the network
exchange routing tables until they learn the topology and number of hops
to the other routers. RIP has a limit of 15 hops. If the hop count over a particular
route exceeds that, the destination is unreachable over that route. The protocol
uses the hop count factor to advertize directly attached routes as unreachable. For
example, if a route is silent for 180 s, the routers assume it has failed and set their
hop counts to 16, which marks the route as invalid.
Refer to Figure 36-1, which is an enterprise network model consisting of
three sites connected by frame relay, with the PSTN as a dial-backup alternative.
Router 1 would advertize its four routes, the two Ethernets and ISPs A and B, to
the other routers. For either of the two remote sites served by routers 3 and 4 to
reach the server, the route would be across frame relay, through router 2, and
across the Ethernet link to router 1. The 15-hop limit is fine for small networks of
10 or so subnets, but insufficient for more complex ones. Furthermore, hop count
is insufficient to optimize complex networks. For example, router 1 has two routes
to reach ISP B: direct and through router 2. Since the hop count is lowest over
the direct link that would be the primary route despite the possibility that it might
be more congested or have bandwidth limitations that make the two-hop route
through router 2 more favorable. For that and other reasons, more complex
networks use the OSPF protocol.
Open Shortest Path First
A major shortcoming of RIP, besides its limited hop count, is its inability to route
based on any variable other than the number of hops. Consequently, it sends traffic
to the preferred route without knowing whether another route is less congested.
OSPF is a link-state protocol that uses a cost-vector algorithm to determine the optimum
route. OSPF is capable of operating in a hierarchical network with the lowest
level, known as an area, which links to other areas through a backbone. The topology
within an area is invisible to other areas. Each area has at least one border router
to reach the backbone. An area that has only one border router is known as a stub area.
This partitioning of the domain reduces table complexity and reduces the
amount of traffic between areas. Routers maintain databases of the entire area,
including other routers on the networks and the cost of each router’s connections.
Instead of flooding the network with table updates as RIP does, routers exchange
information about the domain only with their neighbors. During normal operations
the routers exchange short hello messages to indicate that they are alive.
When an event such as a link failure occurs, they exchange a series of link-stateadvertisement messages to inform one another what happened and the routers
adjust their tables accordingly. Table reconvergence may take several minutes.
OSPF’s cost algorithm takes into account the total cost, including speed and
quality variables, for all outbound interfaces. In Figure 36-1, the three main
routers have dial-backup interfaces, which would be rated at higher cost than the
frame relay interfaces and therefore used only in case of frame relay failure. If the
DLCI between router 2 and router 3 is lost, but the link to router 4 is still available,
router 1 would send its router 3 traffic through router 4 since that link would be
less costly than the PSTN.
OSPF propagates reachability information to other routers, which enables
them to simplify their routing tables. OSPF routers can also be configured as both
internal and external. In addition, they can consider the ToS field in the IP header
in making routing decisions. The three bits corresponding to delay, throughput,
and reliability allow eight priority combinations. If the router has priority routes,
it can base routing calculations on ToS and forward packets accordingly.
Integrated IS–IS
IS–IS is an ISO link-state protocol that was originally developed to support
Connectionless Network Layer Protocol (CNLP), which is ISO’s layer 3 datagram
protocol. Integrated IS–IS has been adapted to support IP routing in addition to
CNLP. Routers can be configured to run either protocol or both simultaneously.
The integrated IS–IS algorithm is similar in operation to OSPF in topology and
operation, but with a different addressing method. CNLP uses a 20-octet addressing
method known as network service access point (NSAP). NSAP addresses
provide the flexibility for the worldwide address space of IPv6.
ISO terminology is somewhat different from TCP/IP, but network devices
have the same function. User devices, usually called hosts in Internet terms, are
known as end systems (ESs) and a router is called an intermediate system (IS) in
ISO terminology. IS–IS has two hierarchical levels. Routers are organized into
level 1 groups called areas and areas are grouped into domains, which are linked
with a backbone. L1 routers have information only about their own area plus a
default route to the nearest L1–L2 router. L1 routers forward all traffic outside
their area to an L2 router. L2 routers know the L2 topology and retain information
about routes to L1 destinations, but do not know the L1 topology. A router can
CHAPTER 36 IP Networks 637
operate in either or both levels, i.e. it can perform inter-area or intra-area routing.
OSI routing is divided into three parts:
_ Routing exchanges between ESs and routers (ES-IS)
_ Routing exchanges between routers in the same domain (intradomain IS–IS)
_ Routing exchanges among domains (interdomain IS–IS)
Border Gateway Protocol (BGP)
Exterior routing protocols enable border routers located at the edge of the
domains they serve to exchange routing information. Much Internet traffic is confined
within an AS. This traffic is referred to as local traffic, with traffic between
ASs called transit traffic. BGP’s purpose is to manage the flow of transit traffic.
BGP can carry local traffic within an AS, but between ASs, such as between ISPs
and between domains in large enterprise networks, BGP is required. Routers that
communicate with BGP are known as BGP speakers. An AS can contain as many
BGP speakers as necessary for connectivity to neighboring ASs. BGP comes in two
versions. Internal BGP is used for routing exchanges between routers that are part
of the same AS. External BGP is used between ASs as shown in Figure 36-2.
In a BGP network, ASs are assigned group numbers. Tables in each router
contain its neighbors’ IP addresses and group numbers. Route selection is based on
the shortest path within the AS. If neighboring routers have the same group
number, they are part of the same AS, so subnets within that system can be reached
through either path. This multiple path capability gives BGP networks their robustness.
BGP speakers do not load balance; they are configured to select the best route.
Load balancing can be achieved by influencing the path selection based on available
bandwidth and knowledge of the link metrics such as bandwidth and delay.
BGP routing tables can contain more than 90,000 routes, which is a daunting
management job. To simplify the process, large ASs often use a route reflector,
which is a router that is set up to send table updates to all routers within the AS.
BGP uses classless interdomain routing (CIDR) to reduce routing table size. CIDR
adds a masking block to the four-octet IP address to indicate the number of bits
used for the network portion of the address. This enables routers to combine
routes and simplify the table. When a router is first connected to the network, it
exchanges the entire routing table with its neighbors over a TCP connection.
Broadcasting massive table updates would consume an excessive amount of network
capacity. Instead, when table changes occur, BGP routers send only the
changed information to their neighbors. Through this exchange, each router maintains
the current routing tables of its peers.
A BGP speaker is configured to evaluate different paths, select the best one,
apply policy constraints, and advertise the routes to its neighbors. The administrator
uses routing parameters called attributes to define routing policies. Policies
are not contained in the protocol, but are controlled by the router configuration.
For example, if one AS declines to carry transit traffic for another AS, it can block
such traffic by advertising only routes that are internal to the AS. BGP can be configured
to choose routes based on quality variables such as bandwidth, capacity,
link dynamics, cost, and other such metrics.
Routing in an Internet
Internet complexity varies from a singe-domain AS in a corporate network up to
and including the public Internet. Within the Internet, which consists of a large
number of ASs, BGP is used between domains. Large enterprise networks also use
BGP, but its complexity is overkill for smaller networks. The simplest networks
use static routing tables or sometimes RIP to eliminate the need of manually
changing tables if something happens to a link. The point is reached, however,
where RIPwill not support the applications. Aprime example of this is when VoIP
is employed and the network has link alternatives that must be selected on the
basis of ToS bits.
The routing protocols we have just discussed are incapable of guaranteeing
QoS connections through the network unless they are under unified control, and
then only with limitations. For example, when routers reconverge, they may drop
packets or delay them beyond the limits jitter buffers can contain. With a network
such as the public Internet, transit traffic is handled by the routing decisions
of multiple independent administrators. Those administrators are under no
compulsion to consider QoS in making their routing decisions, and may not have
equipment capable of supporting QoS. Therefore, connection quality within the
Internet as it is presently constructed cannot be guaranteed.
IP service providers can support QoS within the bounds of their private networks.
If the carrier is large enough, one provider may be capable of serving all
of the requirements of an enterprise network; if not, the network manager can
choose to use dedicated backhaul access links into that carrier’s IP network.
Carriers can also negotiate private agreements with other IP providers to fill in
their coverage gaps. Even so, UDP/IP is incapable of supporting guaranteed
SLAs. As packets traverse the network, each router inspects the address header
and selects the next hop based on its routing algorithm. In Chapter 35, we discussed
how LANE and MPOA can simplify the routing and forwarding process
by analyzing packet flows and choosing a shortcut through an ATM network.
These protocols still leave gaps in the quality equation. Most carriers are relying
on MPLS to enable them to provide guaranteed SLAs in their IP networks.
MULTIPROTOCOL LABEL SWITCHING (MPLS)
MPLS, an encapsulation protocol for tunneling through an IP network, is a serviceenabling
technology that is becoming the cornerstone of VPN strategy for the
major carriers. MPLS maps IP addresses to simple fixed-length labels, which are
numbers that identify a data flow. A sequence of labels and links is called a labelswitched
path (LSP), also known as an MPLS tunnel. The LSP setup is unidirectional.
Return traffic for the same session takes a different LSP. MPLS supports a variety
of QoS functions including bandwidth reservation, prioritization, traffic engineering,
traffic shaping, and traffic policing on almost any type of interface. These characteristics
make MPLS superior to LANE and MPOA for use in a hardened VPN.
MPLS routing is greatly simplified because it happens only once at the edge
of the network in the label edge router (LER). The LER attaches a label to each
packet at the originating end. Instead of reading the entire header, routers read the
label and route the call along a path that the label defines. When a packet enters
the network it is assigned to a particular forwarding equivalence class (FEC), which
is a group of packets to the same address that share the same QoS requirements.
More than one FEC can be mapped to a single LSP. The routers internal to the network,
known as label switched routers (LSRs), do not need to analyze the network
layer of the packet. Once an edge router labels the packet, the rest of its journey is
based on label switching. Each LSR examines the incoming label, uses it as an
index in its label information base (LIB) to determine the next hop, and sends it to
an outgoing interface with a new label. Label switching is done in hardware,
which makes it much faster than routing. At the destination end of the network,
an egress LER strips the label and sends the packet to the destination endpoint.
Figure 36-3 shows how label switching works. Ingress router 1 receives packets
from Host A, determines the FEC for each packet, and from that determines the
LSP. The LER adds the label to the packet and forwards it on the interface for that
LSP, which happens to be the same for both. LSR 2 checks the incoming interface
and label value, looks up the outgoing interface and label in the LIB, and forwards
the packet to the next hop. The egress LERs strip the labels from the packets and
forward them using the appropriate routing protocol, usually IP.
The labels themselves are flexible in content and depend on the layer 2 technology.
In the case of ATM, the label could be a VPI/VCI or in frame relay the
DLCI. The label could also correspond to a TDM time slot, a DWDM lambda, or
the designation of a particular fiber if MPLS is applied directly to those media. For
Ethernet and PPP, the label is added to the frame as a “shim” header that is placed
between the layer 2 and layer 3 headers. When an LSR receives a label, its bindings
create entries in the LIB. The contents of the LIB contain the mapping
between the label and an FEC—that is the mapping between the input port and
input label to the output port and label. These entries remain fixed until the label
bindings are renegotiated. If LSPs are parallel, they can be routed together
through a higher level LSP tunnel. The process of putting multiple labels on a
packet is called label stacking.
Label Distribution
Labels are distributed through the network by several methods. Label Distribution
Protocol (LDP) is an IETF recommendation that uses TCP/IP to distribute the
labels by sending control messages over the link that will carry the data. The label
can also be embedded in the contents of RSVP and in BGPmessages. The labels are
either set up before transmission begins, or they are established when a certain
flow of data is detected. Labels are bound to an FEC as a result of a policy or an
event that indicates the label should belong to that FEC.
Acollection of MPLS-enabled devices is known as an MPLS domain. Within a
domain, LSPs are set up for packets to travel based on FEC. This is either done hop
by hop, in which case each LSR selects the next hop for a given FEC, or it is done
by explicit routing in which the ingress LSR specifies the nodes. Explicit routes
enable the service provider to set up the LSPs over a facility that is engineered and
monitored to support the required QoS. Explicit routing allows the carrier to provide
service within constraints such as bandwidth and delay.
MPLS Traffic Engineering
Traffic engineering in MPLS terms means the ability to vector traffic over a specific
link. Large ISPs route data across the network based on a top-down view of
network conditions and current and projected traffic flow. Traffic flow may be
manually controlled or driven by an automated process similar to the policy
process we discussed in Chapter 31. Traffic engineering enables the service
provider to distribute the load over the appropriate network links while reserving
bandwidth for particular classes of traffic.
MPLS has many advantages over ordinary routing, which often leaves some
links congested and others underutilized, particularly while the routers update
their tables. MPLS uses constraint-based routing, which takes into account such
variables as bandwidth, delay, hop count, and QoS requirements. One alternative,
which we discussed in the last chapter, is to run IP over ATM networks and let
ATM provide the QoS. Although this works well, it is complex to set up and manage
compared to using MPLS directly on the underlying physical facility such as
a lambda. When an LSP is set up under traffic engineering constraints it is known
as a traffic-engineered LSP.
Constraint-based Routed Label Distribution Protocol (CR-LDP) is a modification
of LDP that allows the label to be distributed over an explicit route that has
the required capabilities. Explicit routes can also be set up by using an extension
to RSVP. CR-LDP distributes the label requests over TCP; RSVP uses UDP.
The setup process is similar for both. A setup request is sent end to end from the
ingress to the egress nodes and the response confirms the route and reservation.
Cell-Switched MPLS
In RFC 3035 the IETF defines procedures for enabling ATM switches to operate as
LSRs. In this mode, ATM switches use IP addressing and run layer 3 protocols
such as OSPF or IS–IS to determine routes and distribute labels over the cell-based
infrastructure. No ATM-specific addressing or routing is required with this mode.
642 PART 5 Telecommunications Networks
When ATM switches receive labeled packets, which are identified by the contents
of the VCI and VPI fields, they segment them into cells and forward them across
the appropriate interface. Effectively, the LERs are using ATM as the path between
them, and the ATM switches function as routers.
The MPLS protocol operates on only a single domain. The protocol does not
provide for an NNI and does not support interoperation between carriers to
provide functions such as billing, failure notification, and network management.
Such carrier interoperation is handled with private agreements.
MPLS VPNS
MPLS’s VPN features enable multiple customer sites to interconnect across the
service provider’s IP network with the characteristics of a private network. Three
major MPLS-based VPN architectures are in use:
_ Layer 3 VPNs, which offer multipoint any-to-any service. These are also
known as BGP/MPLS VPNs or RFC 2547bis.
_ Layer 2 point-to-point VPNs.
_ Virtual private LAN service, which offers multipoint any-to-any service
for Ethernet endpoints.
MPLS VPNs use connectionless architecture, enabling the service provider
to offer a range of value-added services such as Internet access, Web hosting, and
Inter- and Intranet operations. Each customer site connects to an LER that maintains
tables of VPN routes and services for authorized subscribers. The subscriber’s
routers do not need to support MPLS; they communicate with the LER
using IP. This makes for simplified setup because the customer only needs to connect
from the office router to the provider’s edge router. The LER receives packets
from the customer on a known interface that is identified by its VPN label. Inside
the carrier’s network, packets from multiple customers are mixed, but they can be
delivered only to egress points that are defined as part of the VPN. Subscribers
can use unregistered private addresses. NAT is required only if two VPNs with
overlapping addresses need to communicate. Figure 36-4 shows two VPNs implemented
across the carrier’s IP backbone. Note that VPN 1 has both a private and
public network connection between sites 1 and 2.
VPN membership is defined by a table in the LER that is known as a VPN
routing/forwarding table (VPF). The VPF contains the IP routing table, the interfaces
that use the table, and the rules for routing within the VPN. A site can belong to
multiple VPNs. All of the information pertaining to those VPNs is contained in
the VRF.
Most MPLS-based VPNs are implemented within a single service provider.
Currently, multiprovider provisioning, billing, and fault detection are based on
private agreements. Although services are end to end, MPLS functions that are
available in the core do not extend to the access network.
IP NETWORK APPLICATION ISSUES
The statistics that most carriers quote for their IP SLAs are specified within the
network cores. Carriers typically quote percent availability, latency, and packet
loss for city pairs. The quoted figures are generally within the requirements for
VoIP, but they must be used with caution. First, they do not include the access
circuits and second, they are based on averages.
Averages for most carriers are quoted 24 7 for a billing month. These metrics
are adequate for data, but not for voice and video. Considering the fact that
packets are most likely to be lost during congestion and the network is most apt
to be congested during working hours, averages are insufficient for assessing
quality for voice and video. If an IP network is to be used for real-time traffic,
the application or customer test equipment should monitor key variables such as
packet loss and jitter and fail over to the PSTN if necessary.
In the access circuit, the greatest efficiency is obtained by multiplexing various
types of applications on the same circuit. Voice and video, with their short
packet lengths and predictable characteristics, are not difficult to evaluate. When
their contribution to the total load is known, the bandwidth available for data is
easy to calculate. Circuit utilization must also be considered carefully. If utilization
is too high, data packets, which have much larger packet sizes than voice and
video, can delay time-sensitive packets outside the range of jitter buffers. Even
though QoS variables may be within limits in the carrier backbone, degradation
may occur in the access circuit.
Carrier Performance Metrics
Most carriers quote their performance metrics based on the criteria discussed in
this section. The carrier typically uses active probes to measure network performance.
The average is updated with new measurements at carrier-determined intervals.
Measurements are typically made from edge to edge of the backbone. Not all
carriers quote all of the metrics listed below. For example, some of the larger
carriers do not include jitter.
_ Latency: Latency or delay is the round-trip transmission time measured
in milliseconds for a data packet to travel between two endpoints. It is
affected by propagation delay, circuit bandwidth, and the forwarding
rate of routers in the network. The carrier’s SLA may quote one-way
latency.
_ Packet loss: This metric is defined as the percentage of packets lost in a
transmission. It occurs primarily because router buffers overflow and
packets are dropped because of lack of buffer space.
_ Backbone availability: Availability is the percentage of time that the
backbone is available to route packets. It is quoted as percentage of time
the backbone is available on a 24 7 basis.
_ Mean time to repair: This is the average time from the subscriber’s report
of failure until the service is restored.
_ Jitter: This is the variation in packet arrival time expressed in milliseconds.
Evaluation Issues
The following questions should be explored in evaluating the carrier’s quoted
SLAs.
_ Does the carrier provide real-time performance monitoring?
_ Does the carrier provide Web-based real-time access to network metrics?
_ Does the service run on a network separate from the carrier’s Internet
backbone?
_ Are metrics calculated on a per-customer basis or for the network as a
whole?
_ What credits does the carrier offer for failure to meet its SLAs?
CHAPTER 36 IP Networks 645
_ Does the carrier interconnect its MPLS backbone with another carrier’s
network? Is the connection totally seamless or are some functions lost
across the connection?
_ Does the carrier support running multiple applications with different
priorities and different QoS parameters across the same MPLS
connection?
Ancillary Services
Most of the major carriers offer managed network services in which they handle
router and firewall configuration for the customer’s sites. The carrier may assume
end-to-end responsibility for VPN configuration, either network based or CPE
based. The advantage of network-based service is that the customer site can be a
member of the VPN without any CPE. The following are some issues to consider:
_ Does the carrier offer end-to-end managed services? For all sites?
_ Does the carrier offer managed firewalling and intrusion detection?
_ Does the carrier offer IP address management?
_ Does the carrier offer secure remote access?
_ Is IP multicast service available?
_ Is dial access into the network available for remote users? What is the
cost and what sites are available?
_ Can the customer perform configuration, SLAmonitoring, and report
and review trouble tickets on the carrier’s Web page?
_ Does the carrier support dial-backup service?
Classes of Service
Amajor reason for using MPLS as opposed to IPSec VPN is the ability of MPLS to
support different classes of service. The following issues should be explored:
_ What classes of service does the carrier offer?
_ Does the carrier charge different rates for different service classes?
_ Does the carrier offer class of service across the network core or rely on
overprovisioning the core to meet its SLA metrics?
_ How is class-of-service pricing administered? Does the carrier set a
ceiling on the percentage of time-sensitive packets? What happens when
the ceiling is exceeded?
_ Can the customer run multiple applications at different priorities with
different QoS associated with each priority across the same MPLS
connection?

No comments:

Post a Comment