MPLS VPNs: The Talk of Supercomm

Virtual private networks (VPNs) based on Multiprotocol Label Switching (MPLS) technology look to be heating up, based on early signs from gear-makers talking up their announcements for the upcoming Supercomm 2002 trade show.

Today, Laurel Networks Inc. and Riverstone Networks Inc. (Nasdaq: RSTN) each announced enhanced support for both Layer 2 and Layer 3 MPLS VPNs in their current products.

Laurel Networks, a startup developing an edge router for the metro core, announced that it would be supporting Layer 3 MPLS VPNs. The software upgrade is an enhancement that has been planned since the product’s inception and will complement the Layer 2 MPLS VPN capability the box already supports (see Laurel Moves to Phase Three). The new software begins testing next month, says Steve Vogelsang, cofounder and vice president of marketing for Laurel.

Layer 3 VPNs allow service providers to offer customers private tunnels through public Internet Protocol (IP) networks using MPLS tagging. The implementation is based on the Internet Engineering Task Force (IETF) request for comments (RFC) 2547 (see VPNs Grow Up ). While MPLS VPNs make up only a small fraction of the total VPN market, they account for about 95 percent of all MPLS deployments, says Kevin Mitchell, an analyst with Infonetics Research Inc.. Several large carriers like AT&T Corp. (NYSE: T), Equant (NYSE: ENT; Paris: EQU), WorldCom Inc. (Nasdaq: WCOM), and NTT Communications Corp. are deploying network-based Layer 3 MPLS VPNs (see Service Providers Jump on VPNs).

Laurel is far from being the first edge router player to announce support for both types of MPLS VPNs. All of its main competitors, including Cisco Systems Inc. (Nasdaq: CSCO), Juniper Networks Inc. (Nasdaq: JNPR), and Unisphere Networks Inc., have announced support for both Layer 2 and Layer 3 MPLS VPNs on their boxes. So what makes Laurel different? Vogelsang says that because the router has a distributed architecture that performs routing functions on every line card, it can scale much higher than these other routers.

For example, the company claims that it can route up to 4 million VPN routes and provide up to 1,600 virtual routers. Virtual routers give carriers the ability to dedicate routing resources and routing tables to a given customer.

On paper, Laurel’s claims seem impressive. Unisphere, whose MRX product is very similar to Laurel’s ST200 Service Edge Router, says its tests show it can handle 500,000 VPN routes, although theoretically, the company claims, it can scale up to 1.5 million. And in terms of virtual routers, Unisphere says there is no theoretical limit, but it admits it has only tested up to 1,000 virtual routers on its current generation of ERX and MRX routers.

Juniper says it can handle more than 500,000 routes, and its largest installations currently run more than 1,000 virtual routers over all interface speeds without packet loss. Cisco was unavailable for comment.

(Juniper announced this morning that it is acquiring Unisphere: See Juniper Nabs Unisphere for $740M).

Laurel hasn’t officially announced a customer yet, but several sources say the company has deployed several boxes in Cable & Wireless PLC (NYSE: CWP). It’s not known whether C&W is testing the Layer 3 MPLS VPN capabilities.

Riverstone is also announcing more MPLS VPN capabilities for three of its routers -- the RS 38,000, RS 8,000, and RS 8,600. The company says it will be shipping a new line card that supports Layer 2 VPN support for packet-over-Sonet (POS) transport in June. It has already been shipping line cards that support Layer 2 MPLS VPN tunneling over Ethernet for several months. Like most other vendors in the market, Riverstone supports the “Martini” and “Kompella” IETF drafts for Layer 2 MPLS VPNs. These draft standards define ways for creating VPN tunnels using MPLS tagging over any transport protocol. Martini addresses encapsulation, while Kompella addresses MPLS signaling.

While the standards call for MPLS tunneling over any protocol, vendors still must map the encapsulated traffic to the transport medium like Ethernet, POS, or Asynchronous Transfer Mode (ATM). Most vendors have already agreed on ways to map traffic over Ethernet or POS; more work is being done on ATM and Frame Relay.

Vendors like Unisphere, Juniper, and even Riverstone implemented the Layer 2 VPN service over Ethernet first. Unisphere says it will offer Layer 2 MPLS VPN support over POS sometime later this year, but so far it hasn’t seen much customer demand for the technology. Ethernet switch vendor, Foundry Networks Inc. (Nasdaq: FDRY) began by supporting the POS interface, but will be adding Ethernet soon. Extreme Networks Inc. (Nasdaq: EXTR) claims that it can handle both. Cisco was again not available for comment.

For the equipment vendors, supporting multiple flavors of MPLS VPNs is important because it broadens their potential customer bases. Service providers all build their networks differently. As some incumbent players start using Ethernet to connect buildings together in metropolitan regions, it becomes important for equipment vendors to support Layer 2 MPLS VPN over Ethernet.

But in order to create an end-to-end Layer 2 VPN service using MPLS, service providers also need gear that will support Layer 2 MPLS VPNs over POS, because connections between metro regions generally use Sonet. POS support is especially important in cable networks, which tend to use IP over Sonet in their network cores. A POS solution is needed in order to map the MPLS traffic over those core backbones.

Riverstone has announced that Cox Communications Inc. (NYSE: COX) is currently testing its blade.

Whether it’s at Layer 2 or Layer 3, enterprise customers are asking for more IP-based MPLS VPNs to connect remote workers, branch offices, or mobile users together. And as demand grows, so are the offerings from equipment vendors.

— Marguerite Reardon, Senior Editor, Light Reading
http://www.lightreading.com For more information on Supercomm 2002, please visit: Supercomm Special