MPLS VPNs Controversial

 
 
By eweek  |  Posted 2001-10-15
 
 
 

Global Crossing today becomes the largest carrier to endorse a new generation of virtual private networks based on Multiprotocol Label Switching technology, even as its competitors voice security concerns and network scientists warn such launches may lead to an Internet meltdown.

Claiming to have the most expertise in MPLS, Global Crossing has extended the use of this technology from patching together different data network fabrics around the globe to supporting VPNs with its new ExpressRoute service. In using MPLS, which is a way to make the Internet "smarter," the carrier is using the controversial Internet Engineering Task Force specification RFC 2547, which uses Border Gateway Protocol (BGP) to program routers to support VPNs across networks.

Global Crossing - along with other carriers delivering VPN services that dont encrypt traffic between customer premises and the network - is coming under scrutiny for security reasons, with competitors claiming that the traffic cannot be protected. As AT&T, Global Crossing, WorldCom and others move to launch commercial IP VPN offerings - some on MPLS platforms - they are competing to serve smaller companies that cant afford expensive customer premises router-based VPNs, but have the budgets for network-based VPNs.

Moving into the market, these players are bound to run into stiff competition against both smaller ISPs such as Ardent Communications, which launched an MPLS-based VPN in September, and specialty companies such as Virtela Communications. They will also find that while IT budgets are smaller, security issues are still paramount.

"Our remote sites are engineering - not sales - facilities, and in moving files back and forth we wanted to make sure these links were very secure," said Dave Heafey, IT director of Winphoria Networks, an engineering firm with sites in India, Spain and the U.S., and a Virtela customer.

Global Crossing dismisses security and technology concerns that potential customers might have about VPN services.

"In the early 1990s, I was selling services for a large telephone company, and the same questions we are hearing now about IP VPNs we were hearing about frame relay and Asynchronous Transfer Mode [ATM]: How do you make sure my link is secure?" said John Longo, Global Crossings vice president of data services. "VPN is also running the market acceptance cycle."

Still, Global Crossing plans to launch a more secure VPN based at the customer premises later in the year, which would be about 70 percent more expensive than its network VPN offering.

MPLS VPNs have become controversial, with AT&T Labs Research scientist Randy Bush casting the first stone last summer. At the core of Bushs criticism is his belief that, because routing tables are essentially linked into one global database, adding BGP route information to individual tables could slow the routers individual performance, resulting in routing mistakes and eventual connectivity problems on the Internet.

Global Crossing has essentially built a private network to process MPLS VPN traffic, Longo said. But Bush countered that all BGP routes are shared among routers.

More network-based VPN launches are in the works, since carriers such as Global Crossing see MPLS-based VPNs as a vital competitive tool for migrating their ATM and frame relay users to a less expensive, more universal virtual networking technology. Global Crossings first ExpressRoute customer - SurfNet - is an old frame relay user that is making such a switch.

Rocket Fuel