A new hardware module and additional software features for Unisphere's ERX edge router will support several types of VPNs, all at the maximum speed of a customer's network connection, said Karen Livoli, manager of product marketing for Internet Protocol (IP) routing at Unisphere, in Massachusetts, US. This gives carriers the headroom to offer more VPNs to more customers into the future, she said.
The hardware module to be unveiled today (2 April) can perform encryption on a customer's traffic using the IPSec (IP Security) standard. Unisphere-designed ASICs (application-specific integrated circuits) in the module give it the power to encrypt as many as 5,000 concurrent data sessions at wire speed, Livoli said. The module does not have its own network interfaces but processes traffic that comes in from ports on other modules in the router. It began shipping worldwide last week and carries a list price of $65,000 (£45,226).
The latest version of the Unison OS software, available now for customer download from Unisphere's FTP site, provides code for several new VPN services. These include transparent Frame Relay VPNs over IP and MPLS (Multiprotocol Label Switching), Encrypted VPNs, MPLS VPNs and transparent LAN services. Through standard development interfaces, Unison OS can be integrated with third-party and proprietary carrier billing and management software, according to Unisphere.
Transparent Frame Relay VPNs would let carriers put customers' traffic over the core of the network using IP or MPLS without changing the existing Frame Relay connection between the customer premise and the edge of the carrier network. MPLS is a draft standard for giving higher priority to traffic that needs it on IP networks.
Encrypted VPNs use an encryption technology such as IPSec to secure packets to and from the customer's facility. Transparent LAN services use a shared carrier network but let corporate customers treat the connection between their sites as a classic Ethernet LAN. A pure MPLS VPN offers a secure connection over a shared network for customers that have an MPLS connection all the way from their own facilities to the edge of the carrier network.
Unisphere will also let carriers offer "wholesale VPNs" in which each end customer can have its own "virtual router" in software, which keeps the customer's traffic from crossing paths with that of other customers. That feature can be used either by itself or along with other VPN capabilities to secure traffic, Livoli said.
VPNs can give an enterprise, small business or consumer a connection over a shared carrier or ISP network that is secure and appears to the customer like a private network. Today many VPNs are set up through equipment at the customer's premises, but providing them on a device at the edge of the service-provider network can save carriers money and make management and provision of services easier, according to Curtis Price, an analyst with Stratecast Partners.
Although new IP-based carrier services are not catching on as quickly as had been hoped, these VPNs and other offerings eventually will, according to Stratecast's Price. A strong routing platform with advanced intelligence is a good tool for carriers to prepare for this, he added.
"The requirements have changed to the point where not only are you doing edge aggregation, but at some point you'll have to turn on new services. If you can't scale both at the service level and at the pure aggregation level, you're going to have a reliability or performance issue at the edge," Price said.
Of the new services, the most popular at first are likely to be ones that let customers stay with technologies they already have, Stratecast's Price said. These would include Frame Relay VPNs like the ones becoming available on the ERX, he said.
However, the promise for carriers of being able to run VPNs entirely in their own facilities may be elusive, he added. Large customers like to keep network security on their own premises.
"I would really question whether a large enterprise customer with mission-critical information would want security handled solely on the network," Price said.