Vendors grappling with each other Tuesday during a forum at ComNet 2002 acknowledged there is no one right answer for enterprises looking to outsource their VPN services.
Consequently, each vendor offers a range of options, from services that build VPNs within their networks based on Multi-protocol Label Switching (MPLS), to managed services based on IP Security VPN gear at each customer site, to managed equipment/software combinations that let customers manage their own security policies.
A couple of years ago, there was debate about whether MPLS would even survive as a technology, but it is still around and Equant NV has built its VPN services around it, according to Arjen Maarleveld, head of products at Equant. "But IPSec has its place, too, so we offer both," he said.
WorldCom Inc., for its part, offers a variety of VPN services, from do-it-yourself offerings to fully managed services over its frame relay/ATM-based backbone, which Janel Crabtree, director of global VPN services for WorldCom, said supports better quality of service than MPLS.
For now, Genuity Inc. offers VPNs based on customer site-based gear, but it plans to offer network-based services in the future, said John Summers, Genuity's director of product strategy.
AT&T Corp. also realizes customers want a broad range of options, said Jonathan Cohen, director of advanced IP services for the vendor. "We're agnostic to IPSec or MPLS," he says.
The format of the debate allowed the providers to question one another directly and trade barbs. For example, Genuity's Summers noted that some vendors put an IP face on frame relay services and call it a VPN. "That's just a way to milk more money out of your frame relay customers," he said, an apparent reference to AT&Ts hybrid frame-IP services.
AT&T's Cohen responded that AT&T realizes frame relay is still growing in popularity and that it will continue to support it even as demand for VPNs grows. "We definitely don't feel the frame relay market is going away anytime soon," he said.
Cohen also said that IP tools are not yet good enough to guarantee classes of service quality, and that frame relay and ATM are the better way to go for now.
Cohen asked Summers how Genuity, which offers no frame service, plans to make a go of selling just VPN services. "Our business plan is not based on a decline of frame relay," Summers responded. Rather, by offering video, Internet access and voice over IP, it will capture customers. "We'll help enterprises re-architect their networks," he said.
Summers said Genuity's router-based network does not require MPLS yet. It is good for traffic management, and some say it speeds up routing, but so far, routers using differentiated services technology work just fine.
WorldCom's Crabtree questioned how Genuity, which buys network services from Equant in Europe, can offer service-level agreements (SLA) over another vendor's network. Summers explained that if a customer signs up for a new site that is serviced through another provider, Genuity offers an SLA by virtue of the SLA Genuity has with the provider.
Crabtree also questioned how Equant can get by with an OC-3 backbone, while others have networks based on OC-192. Equant's Maarleveld replied that his company doesn't sell backbone capacity to other providers or to large numbers of consumers as others do, so its backbone needs are smaller. "We see no reason to buy a lot of backbone we don't need," he said.
Genuity's Summers asked whether WorldCom supports voice on its VPNs, and Crabtree acknowledged that it did not but would by the end of the year. Meanwhile, she claimed customers are running voice over WorldCom VPNs anyway, even without specific support from the provider.
Equant's Maarleveld suggested that AT&T doesn't offer voice on its VPNs because AT&T is trying to protect its traditional voice business. "No, it's a matter of whether customers are interested in buying it," Cohen responded. "Maintaining voice revenues is not behind it at all."
Maarleveld also questioned AT&Ts ability to offer global coverage for VPNs, given that AT&T's global venture, Concert, has folded. AT&T is working on it, Cohen said. "AT&T is well down the path to a next-generation network."
Cohen added that the company has a US$300 million to $500 million capital expense budget that includes deploying an OC-192 packet network. "It's deliverable in certain spots already," he said.
Equant is focused on selling to Fortune 2,000 customers with international sites, said Maarleveld, boasting that Equant serves 135 countries. It is focused on delivering voice and video over these VPNs, and in the future, will offer content distribution and application specific features, he said.
WorldCom's Crabtree said her company supports services on its own network in 34 countries, and with the help of third-party providers, that number jumps to more than 60. She said WorldCom is expanding the access options it offers VPN customers, promising digital subscriber line, VSAT satellite and Ethernet access later this year.
Genuity's Summer acknowledged that his company is having a tough time on Wall Street, with its stock selling at $1.28, but noted that it has $500 million more in funding than it will need to become profitable. Part of that funding comes from Verizon Communications Inc., a 9 percent shareholder that can become an 80 percent shareholder once it clears some regulatory hurdle -essentially giving Verizon control.
Network World Editorial Director John Gallant, who moderated the debate, questioned whether MPLS as a technology could scale to support large numbers of customers. Equant's Maarleveld said that standards bodies are working on scaling issues, but so far volume is not high enough to cause a problem. "Standards are on track to stay ahead of the demand curve," he said.
AT&T's Cohen said MPLS, which AT&T uses in its network, works well because AT&T has worked out interoperability issues among the few hardware vendors it uses. But Genuity, which relies on several IPSec vendors, must face problems with interoperability, he suggested.
Genuity's Summers quickly responded that despite the complexities, Genuity has worked out interoperability. "We have all the components and we do interoperability today," he said.