Don't get your wires crossed over IPVPN

Internet protocol virtual private networks (IPVPNs) offer companies the chance to slash their communications costs. But how does...

Internet protocol virtual private networks (IPVPNs) offer companies the chance to slash their communications costs. But how does this technology work and what should interested parties put on their shopping lists?

A host of well-known phone companies and ISPs, including BT, Telewest, NTL, KPNQuest, Cable & Wireless, Worldcom, Global Crossing, and Equant, are promoting the corporate use of IPVPN. Their offerings can be split into three different camps:

Option one
The most basic IPVPN often does not require any involvement from a service provider, with companies using a firewall and encryption software to establish intra-company communications over the public Internet.

Such a solution means a company has to line up with the rest of the world using the Internet, which means slow connection rates if broadband access like ADSL is not available. This option makes up what many would view as a traditional VPN.

Option two
The second scenario involves a service provider delivering encryption, installing equipment in the customer's premises, or providing some other network solution, and giving quality of service guarantees covering availability, delays (network latency), data packet loss, and other parameters. ISPs in particular are likely to offer this solution.

Option three
Under the third scenario a service provider, particularly a phone company would offer reserved capacity across their private phone network, possibly linked with parts of the public Internet.

This guarantees bandwidth through the use of partitioned routers and should provide strong security and even tighter quality of service guarantees. Such a solution smacks of phone companies perhaps jumping on the IPVPN bandwagon, by relying on traditional phone networks instead of the Internet. However, individual users will not notice the difference as they are still accessing the system through standard Internet browsers.

Leased lines lose out
Lower cost is a major selling point for IPVPNs. Connecting to an IPVPN and gaining access to corporate data from remote and disparate locations, including international ones, is often charged at a local rate. In addition, the installation and expansion of an IPVPN is usually far cheaper than the cost of leased lines.

If a company wants to link an extra office via a new leased line, the process can take months to plan and implement. With an IPVPN, the change could take anything from hours to a few days.

One industry estimate puts savings at about 20% when using an IPVPN instead of leased lines for international links.

Too good to be true?
This sounds great but there are some pitfalls. There is an argument that some traditional phone companies are not necessarily suited to providing a full managed IP-based service over their existing networks. The risk is that users may be locked into one particular service provider's network when it comes to developing the corporate IPVPN.

Companies such as phone group Worldcom provide some IPVPNs through an ISP, in its case, subsidiary UUNet. In turn UUNet employs companies like Vanco - which describes itself as a "virtual network operator"- to manage corporates' IPVPNs and ensure QoS standards are met.

This supply chain illustrates the complexity of making sure users get the IPVPN they pay for.

Allen Timpany, Vanco chief executive, says: "Users should have the flexibility of using whichever ISP or phone company they like to support their IPVPN, which is difficult to do when they are locked into a traditional carrier's private IP network."

Timpany believes that users may not be able to expand or modify their network as they would like to as many phone companies have limited network capacity for accommodating IPVPNs.

A lock-in could also result in users missing out on good deals for carrying their data from rival phone companies and ISPs. It is also a fact that some ISPs have far more fibre in reserve to "light up" in response to increasing demand, compared to phone companies.

The four letter protocol
To overcome issues of limited capacity some phone companies are promoting technology called MPLS (multi-protocol label switching), which prioritises different types of data to make sure it gets there at the right time.

Most ISPs do not need MPLS because they have more room on their networks to accommodate bandwidth-hungry and mission-critical data.

MPLS is also restricted in how it connects multiple locations that use different phone companies and ISPs, says Grant Farquhar, business manager, network services and security at service provider XO.

But if users feel more secure or confident with one provider, there is no reason why they should be scared of MPLS. An added bonus, says Farquhar, is that it is often cheaper to use than more flexible IPSec solutions, as less customer hardware may be required to set up the IPVPN.

With so many different solutions available, it is easy for anyone shopping for an IPVPN to be dazzled by the choice. For IT users, however, the key point is to not only consider the quality of service on offer, but also the control the provider will have over their future expansion plans.

Read more on Voice networking and VoIP