From fantasy to reality

The values of network consolidation continue to drive efforts to build multiuse networks.

Like a bedtime story that gets better with each retelling, government users really like the tale about convergence — the one in which the information technology manager combines voice, data and video applications on a single network and manages it happily ever after.

But as often happens, there are different versions of the convergence story. Some customers prefer the older version, in which the ISDN saves the day. Others prefer the one in which frame relay and Asynchronous Transfer Mode (ATM) do everything but clean their own ports. And in an era dominated by IP networking, it was only a matter of time until something like Multiprotocol Label Switching (MPLS) came along to update the convergence tale for a modern audience.

Although the delivery vehicle may vary, the benefits of convergence remain largely the same: lower monthly telecommunications service charges via fewer high-speed lines, reduced administrative costs because one staff can manage a voice and data network, and more efficient use of network and systems resources because combined applications give every switch, router, server and firewall a good workout.

MPLS has other benefits, such as distributing traffic loads more evenly across a meshed network topology, said Martin Schulman, chief technologist of Juniper Networks' federal systems unit.

"MPLS also absorbs the increased load that these applications put on your IP network without playing clever routing tricks or degrading application performance, or even requiring you to buy more bandwidth," Schulman said. Although both MPLS and IP define methods for supporting quality of service or traffic prioritization, MPLS' mechanisms are a little more refined, he added.

MPLS also contains self-healing properties that some people think are critical to survival during emergencies. Because of those properties, Rep. Tom Davis (R-Va.), chairman of the House Government Reform Committee, and others involved in continuity-of-operations plans are considering MPLS as a means to maintain communications and connectivity during disasters, said Bruce Klein, vice president of federal systems at Cisco Systems.

But convergence tales contain a simple moral: Networking, like life, is filled with trade-offs. When a single, converged network goes down, you lose both voice and data connectivity, unlike the world in which PBXs and multiplexers handle voice traffic on one network, while switches, routers and servers handle data traffic. More critical for government users is a security issue. Despite carrier and equipment vendor assurances, some critics question whether the traffic separation derived from packet labeling provides sufficient privacy and security protection.

Ready, set, converge

In MPLS, network hardware — switches and routers — labels each packet with information about its origin, destination, delay sensitivity and assigned priority. The MPLS network then creates a path for the label, forwards it and either deconstructs the path or retains it, depending on labeling instructions. By switching labels rather than packets, MPLS can push traffic across a variety of routes to avoid congested or failed paths, which helps the network or service provider meet guaranteed service levels.

Like frame relay and ATM methods, MPLS allows customers to build private network backbones. Or they can use lines ranging from sub-T1, which supports a limited 384 kilobits/sec, to OC-48, which is as productive as 2.488 gigabits/sec, to attach to a carrier's MPLS-based wide-area network. Monthly fees charged by the carrier typically come with basic performance guarantees and some management capabilities. In recent years, AT&T, MCI, Sprint and Verizon have built MPLS backbones, allowing them to offer a broad menu of advanced services such as IP-based virtual private networks (VPNs), voice over IP and other managed IP services.

"Plenty of government users are using MPLS for voice, and we expect that to continue as carriers migrate away from ATM to MPLS core networks," said Mark Bieberich, director of communications network infrastructure at the Yankee Group, a Boston-based consultancy. Although standards continue to improve real-time application performance for voice and video, many government users still prefer the deterministic nature of ATM, he said.

One drawback to ATM, however, is the hub-and-spoke architecture, in which branch offices and small sites are attached to big data centers. "When you try to go to multiple data centers or add a site, it gets very complex," said Rose Klimovich, vice president and general manager of VPN and integrated network services at AT&T. With ATM and frame-relay methods, users could have two or three permanent virtual circuits per site, including all the decisions about who can access what. In contrast, MPLS automates that connectivity, and IT managers don't have to worry about who can access information, she added.

Regardless of the approach, IT managers need to understand network traffic patterns and applications use. They need to be able to engineer their MPLS backbone or service to accommodate events such as sustained bursts of data at the end of the fiscal year, spikes in voice traffic when an agency's biggest branch office opens for business, or a cascade of time-insensitive e-mail traffic. All that information comes from traffic studies, protocol analysis and good network management data.

AT&T and other MPLS service providers let customers simulate traffic in labs to observe performance characteristics and identify idiosyncrasies.

"If you're going to take all your applications and run them on one network, you better make sure the network runs really well," Klimovich said. "If someone loses phone service on [the] first day, it may be your last day on the job. So you need a good carrier and someone working with you to set up classes of service."

AT&T offers four classes from Class 1 for real-time applications, such as voice, to Class 4 for time-insensitive traffic, such as e-mail.

Sufficiently locked down?

Discussions of protocol security are relative because every customer has different requirements and definitions, analysts say. MPLS contains no native encryption, though IPSec and other schemes can be easily layered onto MPLS packets.

"The 'P' in VPN stands for "private," so when I hear people talk about MPLS as a VPN, I take issue with that," said Mark Mellis, a consultant at SystemExperts in Sudbury, Mass. "If you didn't need to encrypt traffic on frame or ATM, then it may not be important on an MPLS network."

Bieberich said many agencies, particularly within the Defense Department, still require ATM-based solutions. "If you compare the security attributes of ATM and MPLS, MPLS still has a way to go to match the inherent security of ATM," he said, adding that MPLS continues to close the gap. "For voice transmissions in or between intelligence agencies, ATM is still the protocol of choice."

That sort of talk prompts the predictable retorts from MPLS stalwarts. "MPLS keeps customer routing and customer information separate, and the labels are also based on those separations," said Azhar Sayeed, Cisco's product line manager for IP routing and MPLS. "That's how you can stack those tags and keep the information separate."

Furthermore, in more than five years and more than 90,000 customer connections, MPLS-based VPNs have not misdirected any packets, he added. An MPLS device that gets a packet with the wrong label discards the packet as invalid because that's how the protocol is designed, Sayeed said. And IPSec is easy enough to add to MPLS. Although few customers add encryption, some — such as those in the financial services — are required by law to do so, he added.

Government customers must evaluate security levels when they weigh their convergence requirements. Security may be as important as reducing the administrative costs of separate staffs and networks for voice and data. Simplicity and survival may be powerful motivators. MPLS is no tall tale and has earned as much credibility as other vehicles for convergence. It's just a matter of which story government users like best.

Sweeney is a Los Angeles-based freelance writer who has covered IT and networking for more than 20 years. He can be reached at terry@tsweeney.com.

Efforts to converge voice, data and video communications on a single IP network have been going on for several years. But in many cases, the goal seemed more like fantasy than reality.

Proponents of the concept cite convergence's benefits, including lower telecommunications service charges, reduced administrative costs and more efficient use of network and system resources. Now, technology managers' efforts to build multiuse networks could get a boost with the maturity of certain network technologies.

With that in mind, we begin a series of three articles that focus on how various networking strategies and technologies are making convergence a reality.

We start with a look at Multiprotocol Label Switching (MPLS), a vehicle for distributing traffic loads more evenly across a meshed network. Because MPLS can handle any type of traffic, some experts view it as an ideal medium to bridge the gap between diverse technologies and applications. Beginning on Page 20, we review MPLS' benefits and drawbacks and where the technology is being applied in the federal sector.

Next week, we will explore how satellite communications are being implemented to bring data, voice and video to emergency and military personnel. Satellite links don't mirror standard telecom performance, but the technology has become more attractive in recent years with the emergence of TCP/IP networks.

We wrap up the series with voice-over-IP security. We'll examine the security measures and technologies federal officials must have in place to adequately secure VOIP communications.

We hope these articles give you a better sense of the potential MPLS, satellites and VOIP offer for convergence and the issues involved for successful deployment.

— Rutrell Yasin

DOD's high-performance computing centers like MPLS

Many users like to talk about ease of use and flexibility during procurement. As officials at the Defense Research and Engineering Network (DREN) talked with vendors and service providers about how to connect more than 70 sites nationwide, those attributes were implicit in a network of such breadth and depth.

Officials at DREN, operated by the High Performance Computing Modernization Program Office in Arlington, Va., explored options such as Asynchronous Transfer Mode (ATM) and Multiprotocol Label Switching (MPLS). After careful consideration, they decided to work with numerous local carriers and Juniper Networks to run MPLS traffic across MCI's network.

Both protocols appeared highly effective for running converged voice and data applications. But "the problem with ATM was its inefficiency in handling IP-based traffic ... an inability to achieve high-performance TCP flows and a lack of affordable high-bandwidth segmentation and reassembly components," a Defense Department spokesperson said.

DREN also observed diminishing support for ATM from industry.

The network is a combination of high-performance computing centers, user sites and other networks. DREN aims to hasten the delivery of innovative materials to the military through its many collaborative applications. The Joint Strike Fighter, Comanche helicopter and Javelin Missile programs have benefited from DREN efforts.

DREN officials share oversight of the MPLS network with MCI and generally like the visibility the network gets for its performance metrics and management capabilities. The quality-of-service mechanisms associated with MPLS aren't as rich as ATM's, at least in terms of control of delay variation, or jitter.

"This makes it somewhat more challenging to implement services such as circuit emulation, which requires extremely low jitter," the DOD spokesperson said.

As a result, DREN uses an ATM service on top of its MPLS infrastructure to facilitate sufficient quality of service for all but the most demanding applications.

Although network officials said MPLS labeling provides enough logical separation for most users, the research network uses a fully encrypted mesh network and IPSec between wide-area network routers. Virtual private networks and Secure Sockets Layer encryption are also used in the network for some applications.

As one of the first federal agencies to transition from ATM to MPLS, DREN is looking ahead. First, researchers are evaluating MPLS implementations that support and interact with IP Version 6 as well as they do in the existing IPv4 world. DREN has also recently begun testing Virtual Private Local-Area Network Services, a way of getting Layer 2 data link connectivity, which ensures that data is transferred correctly between network nodes, over MPLS.

"We are also interested in the development of Generalized MPLS, which extends MPLS capabilities and control to optical switched networks," the DOD spokesperson added.

— Terry Sweeney

Education sticks with ATM

Education Department officials like their Asynchronous Transfer Mode (ATM) backbone for combining voice and data, while retaining control of management and administration.

Peter Tseronis, Education's director of converged communications and networking, laughed at the suggestion that he is being stubborn about sticking with ATM.

"We've invested a lot of time and money and energy into a solution that we're extremely happy with," Tseronis said. "The cost benefit to move to MPLS is not a good use of taxpayer dollars."

Almost six years ago, the department was looking to move beyond its point-to-point networks and collapse all its voice and data applications onto a single network. Tseronis and his staff gave ATM and Multiprotocol Label Switching (MPLS) a good review at the time.

"We looked at this as the opportunity to switch to [a] new framework," he said. "And ATM provides us the ability to do voice and video infrastructure and the redundancy using [permanent virtual circuits] to regional offices."

The resulting network, Ednet, is essentially a private ATM backbone within Sprint's network. It connects offices in Washington, D.C.; Kennesaw, Ga.; Boston; and Dallas.

Tseronis said the choice of ATM was based in part on the relative maturity of the technology in comparison to MPLS.

"ATM isn't superior — it's different," he said. "There are reasons to go to a technology like MPLS, and there are reasons to stay with ATM."

So when planning began in 1999, the department needed to not only make way for voice and video across the wide-area network but also add quality of service into the mix to ensure peak performance.

It took about a year to implement quality of service and get the bandwidth mix just right. Quality of service "is the most widely overlooked aspect of convergence," Tseronis said. "It's one thing to buy bandwidth and another thing to build an HOV lane — that's where I put video and voice, because I can't afford delay or jitter there." That approach gives voice and data applications priority because delays affect performance and usability.

Education has also implemented unified messaging that lets users retrieve voice mails through their e-mail inboxes. Ednet users also get follow-me numbering, which lets users choose where to forward calls, and can send e-mail over phone lines as part of the IP solution, Tseronis said.

Half of the department is still on the old Centrex phone system, but as it deploys more IP phones, savings will increase. "Our costs are dropping annually since we're not paying for three distinct services: voice, video and data," he added.

In addition to the productivity and mobility for users, Tseronis likes the level of control he and his staff retain, as opposed to outsourcing network management, which many MPLS users do. He said in-house maintenance lets him react a lot quicker than he could with a trouble ticket or a hot line phone number.

Those are all good reasons for Education officials to stick with what they have.

— Terry Sweeney

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.