Nortel Revamps VPN Portfolio

Nortel Networks Corp. (NYSE/Toronto: NT) is repackaging its existing customer premises virtual private network (VPN) solutions to target carriers (see Nortel Vouches for VPNs).

It’s not surprising that Nortel would focus more of its sales and marketing efforts on customer premises VPN solutions. End users throughout the world are expected to increase their spending on VPNs 42 percent in the next four years, according to a recently published report from Infonetics Research Inc. VPN spending is expected to increase from $25.3 billion in 2003 to $35.8 billion by 2007.

Nortel’s marketing pitch is simple: Instead, of buying best-of-breed products from multiple vendors, Nortel is promoting its combo solutions as a simpler, more efficient way to offer these services.

"Nortel is really trying to demonstrate how they can help service providers migrate their VPNs," says Christin Flynn, director of communications and network infrastructure for Yankee Group. "They've brought disparate product messages together and showed how these products can work together."

Nortel is also encouraging carriers to use their existing networks to deliver enhanced VPN services, something carriers have already been doing for the past couple of years. Given that Nortel has an entrenched ATM customer base, the strategy is also a bit self-serving.

Here’s a look at the pairings:
  • Shasta and Alteon
    This combination of technologies from two startups bought by Nortel (at great expense) will allow carriers to offer Secure Socket Layer (SSL) encryption and termination found on its Alteon switch to managed VPN customers already serviced through Shasta. The Shasta box offers network-based IPSec encrypted VPN tunnels and Layer 3 MPLS VPNs.

    SSL is appealing because it doesn’t require a client to be installed on the user’s PC. It lets workers securely access the corporate network from any Web browser. Typically, enterprises have deployed SSL solutions themselves, but Nortel is hoping they will buy it as a managed service.

    Nortel is also banking on its end-to-end solution strategy to win this potential SSL business, but it may not be so easy. Carriers could just as easily buy an SSL termination appliance from any number of security companies and integrate the product into its Shasta solution. Security competitors are already announcing new SSL solutions. Nokia Corp. (NYSE: NOK), the No. 2 security appliance vendor in the market, just announced its SSL solution on Monday (see Nokia Sweetens SSL ).

    “You can always buy off-the-shelf solutions and integrate them yourself,” says Ed Daugavietis, VPN product manager for Nortel. “But we’ve already done the trailblazing to integrate these products.”(For more background, check out this recent Light Reading report: Carrier-Managed CPE IP VPNs).

  • Optera Metro and Passport
    This solution allows carriers to use Layer 2 Martini tunnels enabled by Nortel's Optera switches to create a Layer 2 VPN network using Ethernet as the access technology. The Passport switches will then be used to hook multiple metro-area networks together over an ATM wide-area network.

  • Contivity and Passport
    This pairing will allow carriers to offer IPSec encrypted tunnels over their existing Frame Relay links, providing customers with added security. The debate over MPLS VPN security has highlighted the fact that other Layer 2 VPNs like Frame Relay and ATM are no more secure than MPLS VPNs. While some carriers admit that encrypting Layer 2 traffic is overkill, they are offering it to those customers that really want it.

  • Enhanced Passport
    Nortel has also added some VPN capabilities to its IP-enabled ATM Passport switches. It now supports Layer 3 VPNs based on the Internet Engineering Task Force (IETF) RFC 2547. And it will support VRRP (Virtual Router Redundancy Protocol for virtual routing.

    In addition to these new VPN features, it has also added a few more features that carriers might find nice, including carrier-grade IP, which will improve network reconvergence times to within 50 milliseconds; FRF12, a protocol that facilitates the transport of voice over Frame Relay; round-trip delay measurement, which will help carriers verify service-level agreements, and a new 1-Gbit/s card.

How does Nortel's portfolio stack up to the competition? On a product-by-product basis, there are plenty of startups that compete, especially in IPSec and SSL. But these companies don't offer such broad ranges of options. Even some of its larger competitors, like Alcatel SA (NYSE: ALA; Paris: CGEP:PA), Cisco Systems Inc. (Nasdaq: CSCO), and Lucent Technologies Inc. (NYSE: LU) only offer pieces of the overall solution.

Cisco is Nortel's toughest VPN competitor. Like Nortel, Cisco has products that provide SSL termination, Layer 3 MPLS VPN tunneling, IPSec encryption, optical Ethernet support, and Frame Relay and ATM switching, but it lacks a Shasta-like IP services platform. It also hasn't integrated IPSec capabilities with its Frame Relay switching. And although it sells ATM and Frame Relay gear, Nortel has a greater installed base of equipment.

Nortel's traditional carrier competitors, Alcatel and Lucent, compete with Nortel's Frame Relay and ATM switching gear, as well as its metro Ethernet products. But these companies lack many of the security products, like an SSL termination device and an IP services platform, that Nortel has in its portfolio. Lucent had SpringTide, a product that competed with Nortel's Shasta, but it cancelled it last year.

"Nortel has a very comprehensive offering compared to their competitors," says Yankee Group's Flynn. "They've done a good job showing how the different solutions interplay with each other. Sometimes you see vendors' various solutions competing with each other." — Marguerite Reardon, Senior Editor, Light Reading

heisenberg 12/4/2012 | 11:53:21 PM
re: Nortel Revamps VPN Portfolio Martini circuits over ATM?

Wasn't it suppose to be Martini circuits over MPLS?

Just curious.
Marguerite Reardon 12/4/2012 | 11:53:20 PM
re: Nortel Revamps VPN Portfolio I believe the martini circuits are used within the metro network and the passport ATM switch is used to switch that traffic across the WAN.
optical_man 12/4/2012 | 11:53:18 PM
re: Nortel Revamps VPN Portfolio LR: Question. This post from one of your own seems lucid and well thought out. I rate it a 4 (although if Ms. Reardon is technically incorrect, my esteemed brethern would quickly bring the rating to 1). Why is it that there is no "Rate This Post" button on LR Staff posts?
Are you worried that some credibility would be lost if you allowed us to rate your posts? Are you concerned that stalkers would skew the system towards/against certain Journalists?

Most journalistic endeavours do not interact with their "letters to the editor" like LR does. (Lord knows the Times wouldn't ever respond to feedback from the unwashed masses. That would dirty them). I like the fact that you do. But with the interaction comes a responsibility to get down in the mud with the rest of us.
LR's Plan of Action is awaited by us all.

Author: Marguerite Reardon Number: 2
Subject: Re: Optera Metro and Passport Date: 6/19/2003 12:59:04 AM
I believe the martini circuits are used within the metro network and the passport ATM switch is used to switch that traffic across the WAN.
Sign In