Tolly's column: Carrier-class conundrum

Enterprise network managers used to be torn over deploying wide-area, multifunction networks using one multipurpose box rather than several single-function devices. But the issue was rendered moot because the typical T-1-or-lower WAN speeds of enterprise nets rarely made performance an issue. As carrier-class providers seek to implement higher-function networks, though, this issue becomes important again.

Several events are triggering radical changes in the way WAN services are built. The increasing demand for Internet access is compounded by increased corporate use of virtual private network (VPN) services.

Add to this the desire of carriers and service providers to implement new services, and you end up with levels of network stress that may never have been envisioned by network device architects.

The carriers that provision high-end services and network managers who use them need to be cognisant of the shift that has taken place. Specifically, they need to be certain that the underlying network infrastructure can support the advertised services.

A recent Tolly Group benchmark of VPN tunnel services illustrates some of the issues that are likely to become even more prevalent.

The two systems we tested are advertised as having Layer 2 Tunneling Protocol (L2TP) support. Both, functioning as L2TP Network Servers, claim support for 2000 (or more) simultaneous tunnels. One is a multifunction LAN/WAN router -- architected long before VPNs existed -- onto which VPN features were grafted. The other was the brainchild of a VPN startup -- architected, one must suppose, to provide scalable VPN support as a primary objective.

Using code levels recommended by each vendor, The Tolly Group ran a basic "two tunnel" test. Result: The multifunction router delivered 1.3Mbits/sec (bps) of throughput -- close to the 1.544Mbps limit of a T-1 link. Nice, except that the test wasn't run at T-1 speed -- it was run with a pair of 100Mbps Fast Ethernet interfaces. The VPN box delivered 83.3Mbps of throughput.

The multifunction vendor was allowed another shot and came back with an experimental version of code. The vendor delivered a much more respectable 43.1Mbps of throughput.

Yet, one has to wonder what was done to produce almost a fortyfold increase in a matter of days. And what, if any, negative impact the VPN improvement might have on the other features of the multifunction box.

Unlike a single-function box that only has to prove it can do one thing well, the multifunction device really has to offer good performance in multiple areas without sacrificing performance in its other duties.

At 2000 tunnels, the single-purpose box delivered T-3-level performance of 42.5Mbps; the multifunction box, even running the special code, delivered about 25 per cent of that: 12.1Mbps.

"Carrier class" doesn't just mean "enterprise network class", and one can't assume multifunction devices that serviced the enterprise effectively will find a home in the networks of the future.

Tolly is president of The Tolly Group, a strategic consulting and independent testing company in Manasquan, New Jersey: ktolly@tolly.com

Join the newsletter!

Error: Please check your email address.

More about ProvisionSECTolly Group

Show Comments