From fantasy to reality

Featured eBooks
Health Tech
Read Now

Next-Generation Computing

Read Now

Space Tech

Read Now
Insights & Reports
Stay Ahead of the Latest Threats with Intelligence-driven Security Operations
Presented By Google Cloud
Download Now
Strengthening cloud security for federal agencies
Presented By Wiz
Download Now
By Terry Sweeney

By Terry Sweeney

|

The values of network consolidation continue to drive efforts to build multiuse networks.

Like a bedtime story that gets better with each retelling, government users really like the tale about convergence — the one in which the information technology manager combines voice, data and video applications on a single network and manages it happily ever after.

But as often happens, there are different versions of the convergence story. Some customers prefer the older version, in which the ISDN saves the day. Others prefer the one in which frame relay and Asynchronous Transfer Mode (ATM) do everything but clean their own ports. And in an era dominated by IP networking, it was only a matter of time until something like Multiprotocol Label Switching (MPLS) came along to update the convergence tale for a modern audience.

Although the delivery vehicle may vary, the benefits of convergence remain largely the same: lower monthly telecommunications service charges via fewer high-speed lines, reduced administrative costs because one staff can manage a voice and data network, and more efficient use of network and systems resources because combined applications give every switch, router, server and firewall a good workout.

MPLS has other benefits, such as distributing traffic loads more evenly across a meshed network topology, said Martin Schulman, chief technologist of Juniper Networks' federal systems unit.

"MPLS also absorbs the increased load that these applications put on your IP network without playing clever routing tricks or degrading application performance, or even requiring you to buy more bandwidth," Schulman said. Although both MPLS and IP define methods for supporting quality of service or traffic prioritization, MPLS' mechanisms are a little more refined, he added.

MPLS also contains self-healing properties that some people think are critical to survival during emergencies. Because of those properties, Rep. Tom Davis (R-Va.), chairman of the House Government Reform Committee, and others involved in continuity-of-operations plans are considering MPLS as a means to maintain communications and connectivity during disasters, said Bruce Klein, vice president of federal systems at Cisco Systems.

But convergence tales contain a simple moral: Networking, like life, is filled with trade-offs. When a single, converged network goes down, you lose both voice and data connectivity, unlike the world in which PBXs and multiplexers handle voice traffic on one network, while switches, routers and servers handle data traffic. More critical for government users is a security issue. Despite carrier and equipment vendor assurances, some critics question whether the traffic separation derived from packet labeling provides sufficient privacy and security protection.

Ready, set, converge

In MPLS, network hardware — switches and routers — labels each packet with information about its origin, destination, delay sensitivity and assigned priority. The MPLS network then creates a path for the label, forwards it and either deconstructs the path or retains it, depending on labeling instructions. By switching labels rather than packets, MPLS can push traffic across a variety of routes to avoid congested or failed paths, which helps the network or service provider meet guaranteed service levels.

Like frame relay and ATM methods, MPLS allows customers to build private network backbones. Or they can use lines ranging from sub-T1, which supports a limited 384 kilobits/sec, to OC-48, which is as productive as 2.488 gigabits/sec, to attach to a carrier's MPLS-based wide-area network. Monthly fees charged by the carrier typically come with basic performance guarantees and some management capabilities. In recent years, AT&T, MCI, Sprint and Verizon have built MPLS backbones, allowing them to offer a broad menu of advanced services such as IP-based virtual private networks (VPNs), voice over IP and other managed IP services.

"Plenty of government users are using MPLS for voice, and we expect that to continue as carriers migrate away from ATM to MPLS core networks," said Mark Bieberich, director of communications network infrastructure at the Yankee Group, a Boston-based consultancy. Although standards continue to improve real-time application performance for voice and video, many government users still prefer the deterministic nature of ATM, he said.

One drawback to ATM, however, is the hub-and-spoke architecture, in which branch offices and small sites are attached to big data centers. "When you try to go to multiple data centers or add a site, it gets very complex," said Rose Klimovich, vice president and general manager of VPN and integrated network services at AT&T. With ATM and frame-relay methods, users could have two or three permanent virtual circuits per site, including all the decisions about who can access what. In contrast, MPLS automates that connectivity, and IT managers don't have to worry about who can access information, she added.

Regardless of the approach, IT managers need to understand network traffic patterns and applications use. They need to be able to engineer their MPLS backbone or service to accommodate events such as sustained bursts of data at the end of the fiscal year, spikes in voice traffic when an agency's biggest branch office opens for business, or a cascade of time-insensitive e-mail traffic. All that information comes from traffic studies, protocol analysis and good network management data.

AT&T and other MPLS service providers let customers simulate traffic in labs to observe performance characteristics and identify idiosyncrasies.

"If you're going to take all your applications and run them on one network, you better make sure the network runs really well," Klimovich said. "If someone loses phone service on [the] first day, it may be your last day on the job. So you need a good carrier and someone working with you to set up classes of service."

AT&T offers four classes from Class 1 for real-time applications, such as voice, to Class 4 for time-insensitive traffic, such as e-mail.

Sufficiently locked down?

Discussions of protocol security are relative because every customer has different requirements and definitions, analysts say. MPLS contains no native encryption, though IPSec and other schemes can be easily layered onto MPLS packets.

"The 'P' in VPN stands for "private," so when I hear people talk about MPLS as a VPN, I take issue with that," said Mark Mellis, a consultant at SystemExperts in Sudbury, Mass. "If you didn't need to encrypt traffic on frame or ATM, then it may not be important on an MPLS network."

Bieberich said many agencies, particularly within the Defense Department, still require ATM-based solutions. "If you compare the security attributes of ATM and MPLS, MPLS still has a way to go to match the inherent security of ATM," he said, adding that MPLS continues to close the gap. "For voice transmissions in or between intelligence agencies, ATM is still the protocol of choice."

That sort of talk prompts the predictable retorts from MPLS stalwarts. "MPLS keeps customer routing and customer information separate, and the labels are also based on those separations," said Azhar Sayeed, Cisco's product line manager for IP routing and MPLS. "That's how you can stack those tags and keep the information separate."

Furthermore, in more than five years and more than 90,000 customer connections, MPLS-based VPNs have not misdirected any packets, he added. An MPLS device that gets a packet with the wrong label discards the packet as invalid because that's how the protocol is designed, Sayeed said. And IPSec is easy enough to add to MPLS. Although few customers add encryption, some — such as those in the financial services — are required by law to do so, he added.

Government customers must evaluate security levels when they weigh their convergence requirements. Security may be as important as reducing the administrative costs of separate staffs and networks for voice and data. Simplicity and survival may be powerful motivators. MPLS is no tall tale and has earned as much credibility as other vehicles for convergence. It's just a matter of which story government users like best.

Sweeney is a Los Angeles-based freelance writer who has covered IT and networking for more than 20 years. He can be reached at terry@tsweeney.com.

Efforts to converge voice, data and video communications on a single IP network have been going on for several years. But in many cases, the goal seemed more like fantasy than reality.

Proponents of the concept cite convergence's benefits, including lower telecommunications service charges, reduced administrative costs and more efficient use of network and system resources. Now, technology managers' efforts to build multiuse networks could get a boost with the maturity of certain network technologies.

With that in mind, we begin a series of three articles that focus on how various networking strategies and technologies are making convergence a reality.

We start with a look at Multiprotocol Label Switching (MPLS), a vehicle for distributing traffic loads more evenly across a meshed network. Because MPLS can handle any type of traffic, some experts view it as an ideal medium to bridge the gap between diverse technologies and applications. Beginning on Page 20, we review MPLS' benefits and drawbacks and where the technology is being applied in the federal sector.

Next week, we will explore how satellite communications are being implemented to bring data, voice and video to emergency and military personnel. Satellite links don't mirror standard telecom performance, but the technology has become more attractive in recent years with the emergence of TCP/IP networks.

We wrap up the series with voice-over-IP security. We'll examine the security measures and technologies federal officials must have in place to adequately secure VOIP communications.

We hope these articles give you a better sense of the potential MPLS, satellites and VOIP offer for convergence and the issues involved for successful deployment.

— Rutrell Yasin

DOD's high-performance computing centers like MPLS

Many users like to talk about ease of use and flexibility during procurement. As officials at the Defense Research and Engineering Network (DREN) talked with vendors and service providers about how to connect more than 70 sites nationwide, those attributes were implicit in a network of such breadth and depth.

Officials at DREN, operated by the High Performance Computing Modernization Program Office in Arlington, Va., explored options such as Asynchronous Transfer Mode (ATM) and Multiprotocol Label Switching (MPLS). After careful consideration, they decided to work with numerous local carriers and Juniper Networks to run MPLS traffic across MCI's network.

Both protocols appeared highly effective for running converged voice and data applications. But "the problem with ATM was its inefficiency in handling IP-based traffic ... an inability to achieve high-performance TCP flows and a lack of affordable high-bandwidth segmentation and reassembly components," a Defense Department spokesperson said.

DREN also observed diminishing support for ATM from industry.

The network is a combination of high-performance computing centers, user sites and other networks. DREN aims to hasten the delivery of innovative materials to the military through its many collaborative applications. The Joint Strike Fighter, Comanche helicopter and Javelin Missile programs have benefited from DREN efforts.

DREN officials share oversight of the MPLS network with MCI and generally like the visibility the network gets for its performance metrics and management capabilities. The quality-of-service mechanisms associated with MPLS aren't as rich as ATM's, at least in terms of control of delay variation, or jitter.

"This makes it somewhat more challenging to implement services such as circuit emulation, which requires extremely low jitter," the DOD spokesperson said.

As a result, DREN uses an ATM service on top of its MPLS infrastructure to facilitate sufficient quality of service for all but the most demanding applications.

Although network officials said MPLS labeling provides enough logical separation for most users, the research network uses a fully encrypted mesh network and IPSec between wide-area network routers. Virtual private networks and Secure Sockets Layer encryption are also used in the network for some applications.

As one of the first federal agencies to transition from ATM to MPLS, DREN is looking ahead. First, researchers are evaluating MPLS implementations that support and interact with IP Version 6 as well as they do in the existing IPv4 world. DREN has also recently begun testing Virtual Private Local-Area Network Services, a way of getting Layer 2 data link connectivity, which ensures that data is transferred correctly between network nodes, over MPLS.

"We are also interested in the development of Generalized MPLS, which extends MPLS capabilities and control to optical switched networks," the DOD spokesperson added.

— Terry Sweeney

Education sticks with ATM

Education Department officials like their Asynchronous Transfer Mode (ATM) backbone for combining voice and data, while retaining control of management and administration.

Peter Tseronis, Education's director of converged communications and networking, laughed at the suggestion that he is being stubborn about sticking with ATM.

"We've invested a lot of time and money and energy into a solution that we're extremely happy with," Tseronis said. "The cost benefit to move to MPLS is not a good use of taxpayer dollars."

Almost six years ago, the department was looking to move beyond its point-to-point networks and collapse all its voice and data applications onto a single network. Tseronis and his staff gave ATM and Multiprotocol Label Switching (MPLS) a good review at the time.

"We looked at this as the opportunity to switch to [a] new framework," he said. "And ATM provides us the ability to do voice and video infrastructure and the redundancy using [permanent virtual circuits] to regional offices."

The resulting network, Ednet, is essentially a private ATM backbone within Sprint's network. It connects offices in Washington, D.C.; Kennesaw, Ga.; Boston; and Dallas.

Tseronis said the choice of ATM was based in part on the relative maturity of the technology in comparison to MPLS.

"ATM isn't superior — it's different," he said. "There are reasons to go to a technology like MPLS, and there are reasons to stay with ATM."

So when planning began in 1999, the department needed to not only make way for voice and video across the wide-area network but also add quality of service into the mix to ensure peak performance.

It took about a year to implement quality of service and get the bandwidth mix just right. Quality of service "is the most widely overlooked aspect of convergence," Tseronis said. "It's one thing to buy bandwidth and another thing to build an HOV lane — that's where I put video and voice, because I can't afford delay or jitter there." That approach gives voice and data applications priority because delays affect performance and usability.

Education has also implemented unified messaging that lets users retrieve voice mails through their e-mail inboxes. Ednet users also get follow-me numbering, which lets users choose where to forward calls, and can send e-mail over phone lines as part of the IP solution, Tseronis said.

Half of the department is still on the old Centrex phone system, but as it deploys more IP phones, savings will increase. "Our costs are dropping annually since we're not paying for three distinct services: voice, video and data," he added.

In addition to the productivity and mobility for users, Tseronis likes the level of control he and his staff retain, as opposed to outsourcing network management, which many MPLS users do. He said in-house maintenance lets him react a lot quicker than he could with a trouble ticket or a hot line phone number.

Those are all good reasons for Education officials to stick with what they have.

— Terry Sweeney

NEXT STORY: Army announces enterprise consolidation plan