x
Optical/IP

Service Providers Jump on VPNs

LAS VEGAS -- Network-based IP virtual private networking services had their coming out at the Networld+Interop show this week. On Tuesday, three service providers announced they'd soon be offering network-based VPN services: Sprint Corp. (NYSE: FON), SBC Communications Inc. (NYSE: SBC), and Verio Inc. (see Verio Offers IP VPN Service).

It appears VPN services may finally be making some headway into the service-provider space, for the first time since equipment vendors began hyping them. According to Infonetics Research Inc., dedicated VPN hardware revenues totaled $1.3 billion in 2001 and are forecasted to reach $2.9 billion in 2005. But until recently, most of the action in VPNs has been in the enterprise. Few service providers were purchasing gear and offering services.

Now, as more and more customers become concerned about network security, VPNs are becoming de rigueur. As a result, carriers like Sprint, SBC, and Verio have jumped into the mix.

Network security isn’t the only driving force behind VPN adoption, says Mike Volpi, senior vice president of the Internet switching and services group at Cisco Systems Inc. (Nasdaq: CSCO). He says VPNs are becoming popular because enterprise end-users are becoming more mobile. VPNs allow traveling workers or telecommuters to securely hook into their corporate networks.

"When people typically think of mobile IP services they think of 2.5G and 3G wireless," he said. "But IP VPNs also play a major role in mobility. And we’ve found this to be one of our fastest growing markets."

The rollout of VPNs seems to be occurring in three phases. In the first phase, which is well underway, large enterprises have built their own VPN networks in order to securely connect multiple sites together. The second phase consists of a fully managed service from a carrier, but still requires hardware and software to be deployed on the customer site. The third phase of deployment will center around network-based VPNs that are fully based on a carrier’s network, without the need for customer equipment.

The announcements made this week are prime examples of the second and third phases of deployment. For instance, Verio announced it would be deploying VPN gear at customer sites to provide its new Global IP Security Gateway. And SBC announced plans to launch three services: The first requires software to be installed on the customer site, the second uses CPE devices from Cisco, and a future service will deploy a network-based VPN service.

Sprint, like SBC, announced multiple VPN offerings this week. It will begin offering a network-based VPN service and a Frame Relay IP VPN service starting May 15th. The carrier is using the CoSine Communications Inc. (Nasdaq: COSN) IPX 9500 to provide the network-based VPNs (see CoSine Supports Sprint VPN).

"There’s a huge value proposition for service providers to move to network-based VPNs," says Michael Howard, principal analyst and founder of Infonetics Research. "Basically, they don’t have to fuss with deploying gear at the customer site. They can easily upgrade and add additional services to customers without having to do massive truck rolls."

While network-based VPNs may one day dominate the VPN scene, the reality is that most enterprise customers are still not ready to turn their security over to their service providers.

"There’s no doubt that the cost savings and the technology are there," says Howard. "Now it’s about getting the enterprise to trust their carriers."

This is why Sprint also announced an IP VPN service running over its existing frame relay network. Essentially, Sprint is upgrading its installed base of Passport WAN switches from Nortel Networks Corp. (NYSE/Toronto: NT) with software that will allow it to create a fully meshed network.

"We’ve learned that you can’t offer just one flavor of VPN service," says Barry Tishgart, director of product management for Sprint. "I think that was the mistake we all made in the beginning."

Turning up the VPN service on the Passports was fairly simple for Sprint. All that was needed for this service was to upgrade the switches already in the field. Tishgart says it was just one way that the company could offer a new service without having to put too much out in terms of capital.

Cisco’s Volpi says that VPNs are still in the very early stages of deployment and that it will take time before customers will fully embrace the technology that is available.

"Yes, we’re seeing a lot more network-based VPN services announced," he says. "But has it hit the mainstream yet? No. Enterprises are just now starting to ask service providers to manage different services for them."

— Marguerite Reardon, Senior Editor, Light Reading
http://www.lightreading.com
JustWantToSaySomething 12/4/2012 | 10:26:01 PM
re: Service Providers Jump on VPNs When reading this article it seems that all those carriers (Sprint, SBC and Verio) offer network based IPSec (using Shasta-like IPSec equipment at service provider's premises).
What about the famous MPLS-VPNs based on 2547bis. Are there any service providers offering this network-based VPN service? It seems to me that 2547bis doesn't fly ...

scooby 12/4/2012 | 10:26:00 PM
re: Service Providers Jump on VPNs >> It seems to me that 2547bis doesn't fly ...

You want to talk about "doesn't fly", try IPsec over a dial-up connection some time. It's slower than the buffet line at an anorexic treatment center.

With extensions for remote access, MPLS-based VPNs become fairly interesting for a larger number of end-users. And the fact that QoS and content-based policy routing can be maintained (unlike many IPsec implementations) make it a much more attractive alternative to a service provider looking to deliver value added services.
scooby 12/4/2012 | 10:25:59 PM
re: Service Providers Jump on VPNs Do they have to supply and support SSL software today?
photon_mon 12/4/2012 | 10:25:59 PM
re: Service Providers Jump on VPNs Please forgive my ignorance in this area,
but how would network-based VPNs (referred
to in the article as a "phase 3" implementation)
ensure true end-to-end {i.e. desktop<->server}
security? Is it safe to assume that the carriers
would have to support (and possibly also
provide/maintain) desktop client software with this approach? Just wanted to make sure that I
understand the specifics...
JustWantToSaySomething 12/4/2012 | 10:25:50 PM
re: Service Providers Jump on VPNs >>You want to talk about "doesn't fly", try IPsec over a dial-up connection some time. It's slower than the buffet line at an anorexic treatment center.
---------------------------------------
scooby:
2547bis is NOT suited for any dial-up, DSL subscribers, or small businesses with small remote offices. The latter better use IP Sec over DSL or so.
2547 is something for very large enterprises, or even ISPs without own backbone. However, I'm afraid that just those guys want to have full control of their routing - and that they do not want to rely on a carrier doing this job.

So, who will pay for 2547bis?

jwtss
JustWantToSaySomething 12/4/2012 | 10:25:50 PM
re: Service Providers Jump on VPNs >> Please forgive my ignorance in this area,
but how would network-based VPNs (referred
to in the article as a "phase 3" implementation)
ensure true end-to-end {i.e. desktop<->server}
security? Is it safe to assume that the carriers
would have to support (and possibly also
provide/maintain) desktop client software with this approach?
-------------------------------------------
photon_mon:
phase three would mean IP Sec equipment at service provider's premises, managed by service providers. By doing so, larger customers could outsource parts of their IT to the carrier. This would apply to customers who trust their own carrier, but who do not trust the Internet.
Of course, you have customers who do not trust the carrier: they would keep the IP Sec stuff at their own premises.

jwtss
photon_mon 12/4/2012 | 10:25:34 PM
re: Service Providers Jump on VPNs jwtss,

Thanks for your response. You confirmed what I
suspected, but I wanted to make sure that I
wasn't overlooking anything. Appreciate it.

pm

----------------------------------------------

photon_mon:
phase three would mean IP Sec equipment at service provider's premises, managed by service providers. By doing so, larger customers could outsource parts of their IT to the carrier. This would apply to customers who trust their own carrier, but who do not trust the Internet.
Of course, you have customers who do not trust the carrier: they would keep the IP Sec stuff at their own premises.

jwtss
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE