The values of network consolidation continue to drive efforts to build multiuse networks.
Like a bedtime story that gets better with each retelling, government users really like the tale about convergence the one in which the information technology manager combines voice, data and video applications on a single network and manages it happily ever after.
But as often happens, there are different versions of the convergence story. Some customers prefer the older version, in which the ISDN saves the day. Others prefer the one in which frame relay and Asynchronous Transfer Mode (ATM) do everything but clean their own ports. And in an era dominated by IP networking, it was only a matter of time until something like Multiprotocol Label Switching (MPLS) came along to update the convergence tale for a modern audience.
Although the delivery vehicle may vary, the benefits of convergence remain largely the same: lower monthly telecommunications service charges via fewer high-speed lines, reduced administrative costs because one staff can manage a voice and data network, and more efficient use of network and systems resources because combined applications give every switch, router, server and firewall a good workout.
MPLS has other benefits, such as distributing traffic loads more evenly across a meshed network topology, said Martin Schulman, chief technologist of Juniper Networks' federal systems unit.
"MPLS also absorbs the increased load that these applications put on your IP network without playing clever routing tricks or degrading application performance, or even requiring you to buy more bandwidth," Schulman said. Although both MPLS and IP define methods for supporting quality of service or traffic prioritization, MPLS' mechanisms are a little more refined, he added.
MPLS also contains self-healing properties that some people think are critical to survival during emergencies. Because of those properties, Rep. Tom Davis (R-Va.), chairman of the House Government Reform Committee, and others involved in continuity-of-operations plans are considering MPLS as a means to maintain communications and connectivity during disasters, said Bruce Klein, vice president of federal systems at Cisco Systems.
But convergence tales contain a simple moral: Networking, like life, is filled with trade-offs. When a single, converged network goes down, you lose both voice and data connectivity, unlike the world in which PBXs and multiplexers handle voice traffic on one network, while switches, routers and servers handle data traffic. More critical for government users is a security issue. Despite carrier and equipment vendor assurances, some critics question whether the traffic separation derived from packet labeling provides sufficient privacy and security protection.
Ready, set, converge
In MPLS, network hardware switches and routers labels each packet with information about its origin, destination, delay sensitivity and assigned priority. The MPLS network then creates a path for the label, forwards it and either deconstructs the path or retains it, depending on labeling instructions. By switching labels rather than packets, MPLS can push traffic across a variety of routes to avoid congested or failed paths, which helps the network or service provider meet guaranteed service levels.
Like frame relay and ATM methods, MPLS allows customers to build private network backbones. Or they can use lines ranging from sub-T1, which supports a limited 384 kilobits/sec, to OC-48, which is as productive as 2.488 gigabits/sec, to attach to a carrier's MPLS-based wide-area network. Monthly fees charged by the carrier typically come with basic performance guarantees and some management capabilities. In recent years, AT&T, MCI, Sprint and Verizon have built MPLS backbones, allowing them to offer a broad menu of advanced services such as IP-based virtual private networks (VPNs), voice over IP and other managed IP services.
"Plenty of government users are using MPLS for voice, and we expect that to continue as carriers migrate away from ATM to MPLS core networks," said Mark Bieberich, director of communications network infrastructure at the Yankee Group, a Boston-based consultancy. Although standards continue to improve real-time application performance for voice and video, many government users still prefer the deterministic nature of ATM, he said.
One drawback to ATM, however, is the hub-and-spoke architecture, in which branch offices and small sites are attached to big data centers. "When you try to go to multiple data centers or add a site, it gets very complex," said Rose Klimovich, vice president and general manager of VPN and integrated network services at AT&T. With ATM and frame-relay methods, users could have two or three permanent virtual circuits per site, including all the decisions about who can access what. In contrast, MPLS automates that connectivity, and IT managers don't have to worry about who can access information, she added.
Regardless of the approach, IT managers need to understand network traffic patterns and applications use. They need to be able to engineer their MPLS backbone or service to accommodate events such as sustained bursts of data at the end of the fiscal year, spikes in voice traffic when an agency's biggest branch office opens for business, or a cascade of time-insensitive e-mail traffic. All that information comes from traffic studies, protocol analysis and good network management data.
AT&T and other MPLS service providers let customers simulate traffic in labs to observe performance characteristics and identify idiosyncrasies.
"If you're going to take all your applications and run them on one network, you better make sure the network runs really well," Klimovich said. "If someone loses phone service on [the] first day, it may be your last day on the job. So you need a good carrier and someone working with you to set up classes of service."
AT&T offers four classes from Class 1 for real-time applications, such as voice, to Class 4 for time-insensitive traffic, such as e-mail.
Sufficiently locked down?
Discussions of protocol security are relative because every customer has different requirements and definitions, analysts say. MPLS contains no native encryption, though IPSec and other schemes can be easily layered onto MPLS packets.
"The 'P' in VPN stands for "private," so when I hear people talk about MPLS as a VPN, I take issue with that," said Mark Mellis, a consultant at SystemExperts in Sudbury, Mass. "If you didn't need to encrypt traffic on frame or ATM, then it may not be important on an MPLS network."
Bieberich said many agencies, particularly within the Defense Department, still require ATM-based solutions. "If you compare the security attributes of ATM and MPLS, MPLS still has a way to go to match the inherent security of ATM," he said, adding that MPLS continues to close the gap. "For voice transmissions in or between intelligence agencies, ATM is still the protocol of choice."
That sort of talk prompts the predictable retorts from MPLS stalwarts. "MPLS keeps customer routing and customer information separate, and the labels are also based on those separations," said Azhar Sayeed, Cisco's product line manager for IP routing and MPLS. "That's how you can stack those tags and keep the information separate."
Furthermore, in more than five years and more than 90,000 customer connections, MPLS-based VPNs have not misdirected any packets, he added. An MPLS device that gets a packet with the wrong label discards the packet as invalid because that's how the protocol is designed, Sayeed said. And IPSec is easy enough to add to MPLS. Although few customers add encryption, some such as those in the financial services are required by law to do so, he added.
Government customers must evaluate security levels when they weigh their convergence requirements. Security may be as important as reducing the administrative costs of separate staffs and networks for voice and data. Simplicity and survival may be powerful motivators. MPLS is no tall tale and has earned as much credibility as other vehicles for convergence. It's just a matter of which story government users like best.
Sweeney is a Los Angeles-based freelance writer who has covered IT and networking for more than 20 years. He can be reached at email@example.com.
NEXT STORY: Army announces enterprise consolidation plan