'MPLS VPNs are globally acknowledged to be the most secure, fast and next generation VPN technology'

Tata Internet Services, which offers its services under the Tata Indicom brand, is one of the few service providers in the country that is offering IP VPN services in India. Prasoon Srivastava, GM-Infrastructure Solutions group, TATA Internet Services Ltd. (TISL), speaks to Voice and Data on IP VPN and why its good for
corporates.

How would you define IP VPN? How pronounced is the trend towards use of IP as the underlying technology for VPN deployment in Asia-Pacific? Are you offering IP VPN? Do you think the trend is likely to pick up in India?

As it is most commonly defined, VPNs are private WAN carved out over public networks like the Internet and offering similar or better level of reliability and security of an equivalent WAN carved out of point to point leased lines. Layer-3 VPNs are known to us more as IP VPNs. The Layer3 of networking protocol provides flexibility, facilitates its easy integration into customers' applications thereby seamlessly extending the application capabilities over WAN. Hence IP VPNs are rated high on scale of flexibility. An IP-VPN link can be set up anywhere in the world between two end points, with the network automatically handling the traffic routing.

Layer2 VPN is identified more with point to point circuits (Permanent Virtual Circuit in frame relay) and hence Layer2 VPNs are considered relatively more secure with a committed data throughput, both of which are present by virtue of these links being point to point. However, Layer2 VPNs do not offer the flexibility offered by Layer3 VPNs. It is because of this that for most of service providers offering VPNs, both Layer2 and Layer3 are important and are addressed by either IP over Frame Relay VPN or IP VPN with IPSec or IPSec MPLS VPN. IPsec is the end-to-end encrypted tunnel between the branch CPE and central VPN device thereby enhancing security in IP VPNs. In all the above cases IP VPN figures to be the underlying layer.

Do you think carrier networks in India are fit for IP VPN? 

Yes and live testimony to this fact is that we are providing IPSec MPLS VPN services to mission critical customers in almost every Vertical segment like Banking and Finance, Manufacturing, Process and Retail, Media etc by utilizing the infrastructure of various long distance service providers.

How does MPLS facilitate IP-based VPNs? 

IP MPLS VPN is the best mix of Layer2and Layer3 technology thereby making it the best bet for any customer requirements as also explained below. MPLS VPNs are globally acknowledged by many (including Cisco and Juniper) to be the most secure, fast and next generation VPN technology. One of the features in MPLS which contributes to its speed and security is that in MPLS there is a unique label (hence cannot be spoofed unlike IP header) for every packet transmitted. This label is checked only at the service provider edge routers unlike IP header analysis happening at every Hop which made an IP VPN relatively less secure and also slower. 

For integrated video, voice and data applications, MPLS helps to guarantee differential QOS (quality of service) levels for multi-service deployments by way of packet prioritization/bandwidth reservation required by voice/video.

End to end security is further strengthened by use of IPsec (IP + encryption) encrypted tunnel initiated by branch CPE with Central site VPN device where the tunnel is expected to terminate. IPsec over MPLS hence would offer layered security and is acknowledged by many service providers worldwide to be the most secure VPN option in data transmission today.

Who could be the potential customers for IPSec MPLS VPNs?

The prominent users of IPSec MPLS VPNs would be mission and business critical networks like banking and finance. Since IPsec MPLS networks are considered to be most secure, predictable and flexible at same time, they serve well the needs of mission critical customers like those in banking and finance. In these verticals, flexibility is often compromised for more security. This is why they opt for fixed point to point CUG networks. With the advent of net banking and other Internet based applications, the flexibility offered by IP can no longer be ignored. We have been quite successful with our IPSec MPLS offering. We have acquired VPN orders from large number of BFSI customers including three well known banks in 2002 .In addition we have acquired large customer base for mission critical network deployments in other verticals like manufacturing, process and retail, and media. 

We also happen to be single largest installation in India for some of vendors Supercomputing Server/storage hardware offerings like Sun F15K and EMC Symmetrix 8830 and installation for other vendor midrange and high end servers/storage with their deployment across geographies. This rich IDC infrastructure with a geographical spread compliments well its superior network (VPN) offering giving it an edge for providing an end-to-end infrastructure service for CDNs and distributed resource management for high availability to mission critical customers. 

TISL has its eyes set on computing on tap by way of optimum use of network and IDC resources in synchronization. 

What kind of advantages IP VPN offers over frame relay or ATM? 

It is not just IP VPN alone but IPSec MPLS VPNs that provide numerous advantages vis a vis Layer2-VPNs (e.g.: Frame relay). MPLS VPNs are globally acknowledged to be the most secure, fast and next generation VPN technology. One of the features in MPLS which contributes to its speed and security is that in MPLS there is a unique label (hence cannot be spoofed unlike IP header) for every packet transmitted. This label is checked only at the service provider edge routers unlike IP header analysis happening at every Hop which made an IP VPN relatively less secure and also slower. 

For integrated video, voice and data applications, the use of MPLS helps to guarantee differential QoS (quality of service) levels for multi-service deployments by way of packet prioritization/bandwidth reservation required by voice/video.

The use of IP for video, voice and data is a key enabler for easy integration of voice/video calls into customer's application thereby bringing down the overall TCO for large and complex enterprise deployments. End to end security is further strengthened by use of IPsec (IP + encryption) encrypted tunnel initiated by branch CPE with Central site
VPN. 

Are there any problems associated with IP VPN that still need to be overcome? 

There are no problems as such with IP VPNs as long as there is encrypted tunnel running end to end over IP so the final product is a IPSec VPN which is a good bet. 

MPLS when added to IPSec VPN provides predictability and another layer of security further strengthening this offering with final product now IPSec MPLS VPN which is best bet. 

Ravi Shekhar Pandey