MPLS VPNs For The Little Guy
Multiprotocol Label Switching-powered virtual private networks are no longer the plaything of giant network providers.
Ardent Communications, formerly CAIS Internet, today will launch an MPLS VPN service for customers that need high-speed remote connectivity over a secure connection. The first recipients of the service are six doctors in the radiology department at Washington D.C. VA Medical Center.
"We are a hospital, the patients data is critical and needs to be protected and encrypted at all times," said Tony Perez, VA Medical Centers network engineer. "We had to come up with a solution that would be secure and, at the same time, get the X-rays over to radiologists residences at a good speed. So if they get a call in the middle of the night, they dont have to rush in to the hospital."
VA Medical Center first considered ISDN, but rejected the technology because of cost and low bandwidth. It started looking at DSL, but with an eye toward getting the necessary security. The hospital needed to shield the IP address of residential PCs from being exposed to the public Internet, a solution that Ardent was able to cobble together with MPLS-based VPNs.
The business-class ISP offers MPLS VPNs both in fully managed and customer-managed iterations. The service is easy to roll out because if a carrier runs an MPLS-enabled network, as it is the case with Ardent, all MPLS-enabled nodes participate in a VPN regardless of how many nodes are turned up.
A typical setup entails a customer owning a premise-based router. That router establishes a tunnel for encapsulated traffic to carriers network edge, and the traffic is then routed via an MPLS-enabled backbone. If a customer -- like VA Medical Center radiologists -- doesnt own an on-premise router, then the link can be established with a basic workstation.
While the hospital had a specific set of priorities that happened to fit with MPLS VPN, Ardent executives say they expect many customers will want to play with the new technology, specifically the controversial Border Gateway Protocol-based MPLS VPN.
"First, people coming in on the high end with DS3 will be coming in because the IT department wants the techie stuff, not because some business sales manager persuaded them MPLS VPN is a way to go," said Michael Abbott, Ardents senior vice president and chief technology officer. He predicted that most users wouldnt be able to take advantage of the BGP-based MPLS VPN technology because their router memory and processing power wont be adequate to process the additional BGP routes.
Marrying BGP with MPLS VPNs is suggested in the Internet Engineering Task Force document known as Request for Comments 2547. RFC 2547 describes a method -- promoted by vendors including Cisco Systems and Juniper Networks -- for providing VPNs using MPLS to forward packets over the IP backbone and BGP routing tables to establish the VPN links to determine routes. But some Internet scientists have criticized the practice, fearing a glut of new BGP routes will slow the performance of BGP routers worldwide and cause routing mistakes.