Archives ||  About Us ||  Advertise ||  Feedback ||  Subscribe-
 About Us

Home > Inperso > Full Story

VPNs: Beyond basic connectivity

'Security and connectivity' are key concern areas for most CIOs and CTOs. A VPN (Virtual Private Network) solution is the likely answer to both these problems. VPNs are in the early stages of adoption in India, but provide tantalizing benefits to customers and carriers. Features like, security and QoS (Quality of Service), provide significant cost savings over pure leased lines in the long run. Srinivas Mulugu, Consulting Engineer, Juniper Networks shares his knowledge on VPNs reveals a future path for their evolution. by Soutiman Das Gupta

An emerging VPN technology is optical VPNs. These are wavelength-based or Lambda-based VPNs

How has the nature of VPNs changed since its inception?
The first corporate networks were based on dedicated leased lines interconnecting various offices of an enterprise. These networks offered connectivity but were expensive, difficult to provision, and used excess bandwidth. The first VPNs were based on Layer 2 circuits like Frame Relay, ATM (Asynchronous Transfer Mode), and X.25 to some extent. These VPNs were easy to provision than dedicated lines, and allowed users to share a common infrastructure for all the VPNs.

However these traditional VPNs had drawbacks. They were slow and not as scalable as the users would like them to be. As organizations grew, diversified its businesses, and spread across the globe, it felt the need for trans-continental connectivity and efficient security mechanisms. This exposed the limitations and inadequacies of the various VPN technologies. Operations became difficult and the cost of maintenance and overheads increased.

Over the last one and a half years, a standard called MPLS (MultiProtocol Label Switching) has gained popularity. It has emerged as the most scalable VPN implementation in the IP and data communications world. MPLS is a standardized protocol and MPLS-based VPNs are in the process of being standardized. Most vendors support MPLS-based VPNs, as it allows routers from different vendors to talk to each other.

Why don't Indian enterprises use VPNs extensively?
Computerization in Indian industries has not grown as rapidly as projected five years ago. Most medium-sized enterprises have not established a full-scale network that performs mission-critical functions. This has created moderate 'pockets' of demand for VPNs. The level of computerization achieved by an enterprise is a big factor. Only about 40 companies in India use VPNs in a reasonable way. The others prefer to use smaller point-to-point or point-to-multipoint links.

MPLS-based VPNs are technologically great. But the cost of last mile access is very high in India. This makes it cheaper to use a leased line between two geographically distant locations.

I hope that long distance licenses open up in the next few quarters and connection fees for the last mile will drop substantially. This will give rise to more VPN requirements and enterprise will be happy to outsource their networking requirements.

Why do you think are enterprises not using VPNs optimally?
Most enterprises tend to use a VPN only as a connectivity tool and do not think beyond basic connectivity. A VPN also performs a major function of security for the enterprise. Moreover, enterprises prefer to install a VPN that will only address its current requirements. And when requirements become larger, the company has no choice but to invest in more equipment. This may not be the correct strategy. Companies should use a solution that can support its requirements today and scale up as it grows without a significant impact on costs.

What strategy can an enterprise employ for its VPN needs?
A simple strategy is to invest and set up your own VPN. An enterprise can use its own pipes and connect between offices. This requires a substantial cost upfront, but the cost is justified in the long run.

A strategy which is financially more attractive is to use a VPN service provider. Service providers like, an ISP (Internet Service Provider), NSP (Network Service Provider) or a TSP (Telecom Service Provider) have a nationwide WAN network. They offer connectivity to a large number of enterprises to build its VPNs. Companies can use its own IP addressing scheme and share common routing information within its sites. The xSP can simply transport the packets of data safely to a particular port. This is called a Layer 2 VPN.

The advantages of a Layer 2 VPN is that enterprises do not have to invest and build a VPN architecture. And, it can use its own routing and addressing scheme to provide control and easy management. The xSP only transports the packets.

Another strategy is to use a Layer 3 VPN. A Layer 3 VPN is a set of sites that share common routing information and whose connectivity is controlled by a collection of policies. The various sites of an enterprise that use the VPN are connected over an xSP's existing backbone. This is also known as a BGP/MPLS VPN.

BGP (Border Gateway Protocol) is an Internet protocol that enables group of routers to share routing information. This can establish efficient loop-free routes across the provider's backbone. MPLS (MultiProtocol Label Switching) is a specification for Layer 3 switching. MPLS uses labels or tags which contain forwarding information. These are attached to IP packets by a router that sits at the edge of the network. This enables routers in the core of the network to examine and process the label faster. MPLS can deliver QoS (Quality of Service) and supports real time voice, video, and guarantees bandwidth.

What are the design and migration considerations an enterprise needs to take?
To begin with, an enterprise should build its VPN in such a way that the infrastructure is an asset, rather than a burden in the next three or four years. The IT Head of an enterprise should sit with the vendor and sort out the needs. A company should be able to identify its data traffic and security requirements, and have a clear picture of how the organization is poised for growth in the next few years.

Let the vendor know, which cities are the most important, which location has the largest customer base, and make them the nodal points of the backbone. This can bring some sanity in the network design and hierarchy.

A company that keeps adding more locations without much foresight can end up having a criss-cross of links. This kind of a 'spaghetti' network poses problems in its IP addressing scheme and is a mammoth task to maintain and troubleshoot. A planned migration strategy even reduces CPU and RAM utilization in its routers and switches.

Migration from a Layer 2 VPN does not create too many issues for a user. This is mostly because MPLS-based VPNs are indistinguishable from traditional Layer 2 VPNs from a user perspective. This helps alleviate customer concerns about the adoption of new technology, which may be perceived as complex. Migration from leased lines is simple because the routing protocols can be easily linked to the ATM, Frame Relay, and T1 transport technology.

How will VPN technology evolve in a few years?
An emerging VPN technology is optical VPNs. These are wavelength-based or Lambda-based VPNs. The idea is to use DWDM (Dense Wavelength Division Multiplexing) as the core technology. DWDM and WDM (Wavelength Division Multiplexing) are currently used as long haul transport technologies. When there is a high density of customers, it will evolve into an access technology.

So there will be a shift from a packet domain-based VPN to an optical domain-based VPN. The shift will not be prominent until the next few years, because implementation standards and vendor support are also crucial to the adaptation of new technology.

In India we hope to see more companies build a better network infrastructure. When the last mile pricing structure changes, we hope to see widespread connectivity and increased sharing of databases and applications. The growth till now is linear and should evolve into an exponential growth. And as this happens, the demand for VPNs for connectivity and security will increase.

Soutiman Das Gupta can be reached at



- <Back to Top>-  

Copyright 2001: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by The Business Publications Division of the Indian Express Group of Newspapers. Site managed by BPD