VPN Services For Site-To-Site Connectivity
by Irwin Lazar

Published October 2002




Is it time to consider converting your site-to-site WAN to an IP-VPN? To improve network flexibility and reduce operating costs, many large enterprises are evaluating the use of VPN devices, as well as the newer VPN services that have been announced over the past year, including those based on Multiprotocol Label Switching (MPLS), virtual routers and IP Security (IPSec). Even if they have already adopted remote access VPNs, enterprises should come up to speed on the various site-to-site VPN options to determine which best matches their network requirements.


Unlike remote access VPNs, which allow Internet-based modem access to enterprise networks and applications, site-to-site VPNs are meant to replace private-line and frame relay connections among enterprise locations. Using VPN products from companies such as Check Point, Cisco and NetScreen, enterprises can "roll their own" IP-VPNs and extend their networks anywhere there is access to the public Internet, often cutting WAN costs by 50 percent or more.


For enterprise customers who don't want to create their own site-to-site VPNs, service providers have come up with several options. For example, Virtela offers a managed IPSec-VPN service with latency and jitter guarantees, which uses proprietary routing techniques in the public Internet. Most of the major ISPs, including Sprint, WorldCom, AT&T, Qwest, Broadwing and others, also offer IPSec-based VPN services—with appropriate service level guarantees for latency and jitter—as long as all the sites connect directly into the provider's networks.


Another alternative to the IPSec-VPN services are VPN services based on MPLS or on virtual routing. These have gathered a great deal of attention from the trade press, enterprises, service providers and hardware manufacturers. Many of our clients are actively investigating these services, and a few have begun deployments. So far, U.S. pricing for these new services looks to be about the same as for the IPSec-VPNs, although MPLS or virtual router meshes can be less expensive.


The best approach, as always, is a careful evaluation of service alternatives via the use of "Requests for Information" (RFI) or "Requests for Comment" (RFC). These structured approaches allow enterprises to carefully screen and evaluate services that are capable of meeting their unique requirements. In some cases, enterprises may find that the service they currently use is still the best choice; however in many, if not most, we expect that they will find real benefits in the newer VPN service alternatives.


About the author:

Irwin Lazar is the manager of Burton Group's "Networks & Telecom Strategies" consulting practice, specializing in strategic network planning for large enterprises. He also runs the MPLS Resource Center and is the conference director for MPLScon.



Access paper

Approx. 136 kB


For help with .pdf file downloads, please check out the help topic.


Return to Business Communications Review Gold Sponsor Archives


Return to IP VPN menu

This article is reproduced by special arrangement with our partner, Business Communications Review.


Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Please encourage colleagues to download their own copy after registering at http://www.webtorials.com/reg/.