VPNs Grow Up
One of the problems with VPNs is that they vary in terms of the technology and features used to employ them. The common split comes between those using Multiprotocol Label Switching (MPLS) technology and those that use IPSec encryption.
Yesterday, Unisphere Networks Inc. announced that it would be adding two new versions of VPN: IPSec, as well as Layer 2 "Martini" and "Kompella," which are two Internet Engineering Task Force (IETF) draft standards for VPNs based on MPLS. Unisphere routers already employ Layer 3 MPLS VPNs.
By itself, the Unisphere announcement is not earth shattering, but recently several edge-routing companies and IP service switch makers have announced support for some, if not all, of these VPN flavors in their offerings, signaling that perhaps a real market for network-based VPNs is around the corner.
"Apparently, there is a market and some interest in offering different types of VPNs," says David Newman, president of Network Test Inc. "Otherwise we wouldn't be seeing Juniper, Cisco, and Unisphere making these announcements."
For years, VPN technology has been touted as the next hottest thing since buttered toast. But service providers have been slow to embrace it. Early entrants to the market, like CoSine Communications Inc. (Nasdaq: COSN), have not found a lot of customers willing to buy their products.
One problem with the VPN market is that people are confused about what each of the technologies actually does. First, there are the traditional Layer 3 VPNs based on MPLS. This type of VPN allows service providers to offer customers private tunnels through public Internet Protocol (IP) networks using MPLS tagging. The drawback with this implementation is that it can only be used with IP traffic.
Then there are Layer 2 MPLS VPNs, based on the Martini and Kompella drafts. This technology can carry all types of traffic by mapping Asynchronous Transfer Mode (ATM), Frame Relay, or Ethernet traffic into an IP/MPLS core. To the end user, it still looks like a Frame Relay or ATM connection. Supporters of Martini [Cheers!] say that it provides the best of both IP and circuit-based worlds.
But each of these MPLS VPN technologies lacks a key ingredient: Neither offers authentication and encryption, security components that many businesses require. This is where IPSec comes into play. IPSec offers authentication and encryption so that end users -- like those in the financial community or in health care -- can secure the traffic being sent across their virtual pipes.
Companies supporting these technologies fall into one of two categories: edge routers and IP service switches. IP edge router companies like Juniper Networks Inc. (Nasdaq: JNPR), Cisco Systems Inc. (Nasdaq: CSCO), and Unisphere all support Layer 3 MPLS VPNs, and some are now starting to support the Layer 2 Martini version. Then there are the IP service switches from companies like CoSine, Nortel Networks Corp. (NYSE/Toronto: NT), and Lucent Technologies Inc. (NYSE: LU), which have built devices around IPSec functionality.
These two categories have started to merge into one. Routing vendors like Juniper and Unisphere have announced support for MPLS VPNs and IPsec VPNs. As with Unisphere's version, Juniper in February announced a router blade that does this (see ...But Announces Dull Edge Upgrades ). Cosine and Nortel now say that they are offering Layer 3 MPLS VPNs. And Cosine is also claiming that its product can be used as an edge router.
So the next question is: Are there too many companies in the market? It certainly looks that way.
"The market can't support 10 companies specializing in IP services and 20 companies selling edge routers," says Kevin Mitchell, an analyst with Infonetics Research Inc. "The two categories at the edge are definitely collapsing. In the end, the winners in the category will have to do both wire-speed edge routing and provide new services."
— Marguerite Reardon, Senior Editor, Light Reading