Industry sources emerge from the woodwork with complaints about obstacles to VPN deployment

February 6, 2003

3 Min Read
Readers Take Shots at IP VPNs

Virtual private networks (VPNs) based on IP technology have many drawbacks -- and will take years before they're ready for prime time.

That's the message from a number of readers who have responded to a recent article in Light Reading about services from AT&T Corp. (NYSE: T) and Sprint Corp. (NYSE: FON). These products aim to move customers to IP VPNs by linking existing Frame Relay and ATM networks to core IP services, allowing users to run both kinds of services simultaneously (see Crossing Over to VPNs).

At least one large Frame Relay customer says that's not what he's looking for at all. Art King, who manages a 500-site international network for a large U.S. manufacturer (King preferred his employer remain unnamed), says carriers have yet to "make the math work" to move him to an IP VPN -- though they're trying.

While he's open to having a faster network that's cheaper and easier to manage, he claims his leading carriers, including two major IXCs, are showing him alternatives nearly double the cost of what he's paying for Frame Relay services now. He says they tell him it costs less to move from Frame Relay to an IP VPN, but they're basing that on Frame Relay configurations that are a lot denser than his hub-and-spoke setup. There may be other adjustments required, as well, such as moving from using OSPF to BGP. Even a transition service can't erase the ultimate pain of the added costs, King says.

"I have a very simple charter. I'm never technology driven. I want faster for less money. Is it sexy? Who cares?"

Carriers also have their issues with the technology. They differ on just how to port customers to IP VPNs. There are differences about design, protocols to be used, and whether or not to deploy private or public Internet Protocol (IP) links.

Rob McCormick, CEO of Savvis Communications Corp. (Nasdaq: SVVS), for instance, doesn't see the benefit of transition services, which he says complicate existing networks. And he's not sold on popular methods of supporting VPNs, either.

Like Sprint, Savvis gives Multiprotocol Label Switching (MPLS) a thumbs down at present (see Sprint Spurns MPLS for Global VPNs). McCormick says MPLS lacks failover and quality-of-service guarantees and is at least four years away from being fully developed enough to perform all the functions it needs to for corporate VPNs.

"Two years ago, I was more bullish on MPLS. Now I don't have confidence the R&D is there to finish it. It will be four to five years before it reaches an acceptable maturity for corporate data networks," McCormick says. Ditto high-speed Ethernet access links: McCormick says they're just not in big demand on corporate nets and probably won't be for another five years at least.

In the meantime, Savvis uses dedicated Layer 2 links from customer to POP, with Shasta gear from Nortel Networks Corp. (NYSE/Toronto: NT) converting the traffic and performing "virtual routing" and IP switching functions. Savvis's core is based on Asynchronous Transfer Mode (ATM) switches from Lucent Technologies Inc. (NYSE: LU). Savvis is offering access links at 128 kbit/s to 1 Gbit/s.

With so many points at issue, it's easy to see why the "great VPN migration" isn't taking the world by storm.

Still, the need is there, pushing customers to seek solutions and carriers to put their cards on the table. McCormick says at least 75 percent of Savvis's business consists of putting in IP VPNs for Frame Relay users who can't get one or another application to work on their networks any longer.

For his part, IT manager King says carriers need to come up with a reasonable way to get VPN performance at lowest cost. He says he may have figures to share in a month or so. Stay tuned.

— Mary Jander, Senior Editor, Light Reading

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like