> Inperso > Full Story
Beyond basic connectivity
and connectivity' are key concern areas for most CIOs and
CTOs. A VPN (Virtual Private Network) solution is the likely
answer to both these problems. VPNs are in the early stages
of adoption in India, but provide tantalizing benefits to
customers and carriers. Features like, security and QoS
(Quality of Service), provide significant cost savings over
pure leased lines in the long run. Srinivas
Mulugu, Consulting Engineer, Juniper Networks
shares his knowledge on VPNs reveals a future path for their
evolution. by Soutiman Das Gupta
emerging VPN technology is optical VPNs. These are wavelength-based
or Lambda-based VPNs
has the nature of VPNs changed since its inception?
first corporate networks were based on dedicated leased
lines interconnecting various offices of an enterprise.
These networks offered connectivity but were expensive,
difficult to provision, and used excess bandwidth. The first
VPNs were based on Layer 2 circuits like Frame Relay, ATM
(Asynchronous Transfer Mode), and X.25 to some extent. These
VPNs were easy to provision than dedicated lines, and allowed
users to share a common infrastructure for all the VPNs.
However these traditional VPNs had drawbacks. They were
slow and not as scalable as the users would like them to
be. As organizations grew, diversified its businesses, and
spread across the globe, it felt the need for trans-continental
connectivity and efficient security mechanisms. This exposed
the limitations and inadequacies of the various VPN technologies.
Operations became difficult and the cost of maintenance
and overheads increased.
Over the last one and a half years, a standard called MPLS
(MultiProtocol Label Switching) has gained popularity. It
has emerged as the most scalable VPN implementation in the
IP and data communications world. MPLS is a standardized
protocol and MPLS-based VPNs are in the process of being
standardized. Most vendors support MPLS-based VPNs, as it
allows routers from different vendors to talk to each other.
Why don't Indian enterprises use VPNs extensively?
in Indian industries has not grown as rapidly as projected
five years ago. Most medium-sized enterprises have not established
a full-scale network that performs mission-critical functions.
This has created moderate 'pockets' of demand for VPNs.
The level of computerization achieved by an enterprise is
a big factor. Only about 40 companies in India use VPNs
in a reasonable way. The others prefer to use smaller point-to-point
or point-to-multipoint links.
MPLS-based VPNs are technologically great. But the cost
of last mile access is very high in India. This makes it
cheaper to use a leased line between two geographically
I hope that long distance licenses open up in the next few
quarters and connection fees for the last mile will drop
substantially. This will give rise to more VPN requirements
and enterprise will be happy to outsource their networking
Why do you think are enterprises not using VPNs optimally?
enterprises tend to use a VPN only as a connectivity tool
and do not think beyond basic connectivity. A VPN also performs
a major function of security for the enterprise. Moreover,
enterprises prefer to install a VPN that will only address
its current requirements. And when requirements become larger,
the company has no choice but to invest in more equipment.
This may not be the correct strategy. Companies should use
a solution that can support its requirements today and scale
up as it grows without a significant impact on costs.
What strategy can an enterprise employ for its VPN needs?
simple strategy is to invest and set up your own VPN. An
enterprise can use its own pipes and connect between offices.
This requires a substantial cost upfront, but the cost is
justified in the long run.
A strategy which is financially more attractive is to use
a VPN service provider. Service providers like, an ISP (Internet
Service Provider), NSP (Network Service Provider) or a TSP
(Telecom Service Provider) have a nationwide WAN network.
They offer connectivity to a large number of enterprises
to build its VPNs. Companies can use its own IP addressing
scheme and share common routing information within its sites.
The xSP can simply transport the packets of data safely
to a particular port. This is called a Layer 2 VPN.
The advantages of a Layer 2 VPN is that enterprises do not
have to invest and build a VPN architecture. And, it can
use its own routing and addressing scheme to provide control
and easy management. The xSP only transports the packets.
Another strategy is to use a Layer 3 VPN. A Layer 3 VPN
is a set of sites that share common routing information
and whose connectivity is controlled by a collection of
policies. The various sites of an enterprise that use the
VPN are connected over an xSP's existing backbone. This
is also known as a BGP/MPLS VPN.
BGP (Border Gateway Protocol) is an Internet protocol that
enables group of routers to share routing information. This
can establish efficient loop-free routes across the provider's
backbone. MPLS (MultiProtocol Label Switching) is a specification
for Layer 3 switching. MPLS uses labels or tags which contain
forwarding information. These are attached to IP packets
by a router that sits at the edge of the network. This enables
routers in the core of the network to examine and process
the label faster. MPLS can deliver QoS (Quality of Service)
and supports real time voice, video, and guarantees bandwidth.
What are the design and migration considerations an enterprise
needs to take?
To begin with, an enterprise should build its VPN in such
a way that the infrastructure is an asset, rather than a
burden in the next three or four years. The IT Head of an
enterprise should sit with the vendor and sort out the needs.
A company should be able to identify its data traffic and
security requirements, and have a clear picture of how the
organization is poised for growth in the next few years.
Let the vendor know, which cities are the most important,
which location has the largest customer base, and make them
the nodal points of the backbone. This can bring some sanity
in the network design and hierarchy.
A company that keeps adding more locations without much
foresight can end up having a criss-cross of links. This
kind of a 'spaghetti' network poses problems in its IP addressing
scheme and is a mammoth task to maintain and troubleshoot.
A planned migration strategy even reduces CPU and RAM utilization
in its routers and switches.
Migration from a Layer 2 VPN does not create too many issues
for a user. This is mostly because MPLS-based VPNs are indistinguishable
from traditional Layer 2 VPNs from a user perspective. This
helps alleviate customer concerns about the adoption of
new technology, which may be perceived as complex. Migration
from leased lines is simple because the routing protocols
can be easily linked to the ATM, Frame Relay, and T1 transport
How will VPN technology evolve in a few years?
emerging VPN technology is optical VPNs. These are wavelength-based
or Lambda-based VPNs. The idea is to use DWDM (Dense Wavelength
Division Multiplexing) as the core technology. DWDM and
WDM (Wavelength Division Multiplexing) are currently used
as long haul transport technologies. When there is a high
density of customers, it will evolve into an access technology.
So there will be a shift from a packet domain-based VPN
to an optical domain-based VPN. The shift will not be prominent
until the next few years, because implementation standards
and vendor support are also crucial to the adaptation of
In India we hope to see more companies build a better network
infrastructure. When the last mile pricing structure changes,
we hope to see widespread connectivity and increased sharing
of databases and applications. The growth till now is linear
and should evolve into an exponential growth. And as this
happens, the demand for VPNs for connectivity and security
Soutiman Das Gupta can be reached at