It seems everyone and their dog is offering a ‘unique proposition’ for a VPN service that can give you high quality, bandwidth and security at a low price. What’s the secret — are there really that many different technologies out there? We offer you a way to cut through the marketing blurb and pin the sales guys down with some no-nonsense questions that should help you figure out what they’re really selling.

VPN options
There are only two ways that someone can provide a VPN service. Either you connect your various sites together, using the Internet at some point, or you don’t, in which case you use a provider’s privately built and maintained core network.

That’s it. Don’t let anyone try to tell you differently. Of course, you can quite happily build a VPN that uses both forms, and that’s what most of us do, with major sites connected over a core network, and remote offices and teleworkers using the more cost effective method of hitching a lift over the Internet.

If you connect over the Internet, you will have to put in place security, and the QoS will be dubious at best. Connecting to a SP’s core network — which may be ATM, Frame, or MPLS-based, you may not have to add your own security mechanisms and you should be able to negotiate the levels of QoS you want. In both cases there are different access methods, from ISDN dial-up or DSL to a fixed leased line, frame or ATM circuit.

Get the details
So how do you tell what’s on offer and what it actually means? As an example, the following is taken from the product page of a major provider, with some names removed. This particular provider is no better nor worse than most when it comes to marketing speak.

Service A enables data and storage connectivity between different metropolitan sites.

Service B offers end-to-end, high-speed data transmission.

Service C provides a high quality, cost effective, flexible LAN-LAN Ethernet service between cities.

Service D is an international-managed bandwidth service designed to provide fast, reliable connections.

Now, it’s possible to tell from this that service C is a National Ethernet-type offering, and service D appears to be a managed service, but who on earth do they think they’re helping with the descriptions for A and B? In fact there is a lot of very useful technical detail given for all these products on the relevant web site, but you have to dig into each separately to figure out the differences.

There are some key areas that you’ll need to have clarified before you can choose between all the offerings. Some of these are reasonably straightforward, such as whether you’re after a managed service, or just want the bandwidth, so you can do your own thing. Some services will only be available as a managed service — many IP VPNs are sold like this so the vendor can control QoS etc from your site, while EoMPLS and Layer 2 circuits tend not to be managed. This isn’t a hard and fast rule though.

You’ll also need to know up front if you want a point-to-point, hub and spoke, or fully meshed WAN, as this will to some extent limit the type of service you can get — EoMPLS, for instance is great for point to point, but the technology for multipoint (VPLS) is pretty bleeding edge and the providers are still testing it.

Now you can start to pin your suppliers down on the nitty gritty of what they’re actually offering. Let’s start with the access presentation in your offices: What access types and speeds are available? Probables are leased line, frame, DSL, MPLS, Ethernet, ATM, and dial. Speeds could be anything from 56kbit/s to 155Mbit/s or even Gigabit speeds — this isn’t necessarily the end-to-end bandwidth you’ll get. If you’re looking at DSL, what is the contention rate? You’ll need an uncontended, or at worst 5:1 contention rate if you expect to use this to provide any sort of QoS. You might also be able to get ISDN — some providers now offer an unmetered, fixed-rate ISDN service for where you can’t get DSL or satellite access.

Who actually provides the access, the ‘last mile’ connectivity? If it’s DSL, there’s a good chance BT is wholesaling it to the provider — who still somehow manages to charge less than BT (although to be fair the different parts of BT are separate business units and cross-charge each other too). There are a lot of smaller providers that make extensive use of larger carriers’ infrastructures, and seem to be able to do it cheaper. For instance, Switch IP’s InPurple portfolio (see http://www.techworld.com/comms/news/index.cfm?NewsID=1484&Page=2&pagePos=6), which ‘is available in the UK wherever BT can deliver Broadband services’ basically because it uses BT DSL from your site to the BT core network. The BT core network goes to a central PoP in London Docklands, hops out onto IP Switch co-located equipment for the routing part, then goes back over the BT network. This isn’t unusual, but you need to be aware of how much of the infrastructure is someone else’s, as this could affect SLAs, fix times and fault reporting procedures.

What is the underlying transport technology? Perhaps you shouldn’t have to care, but with providers pushing their services on the basis of high-tech MPLS cores, or secure layer 2 ATM PVCs, it’s worth finding out. ATM isn’t dying out as quickly as anyone expected, and is being used for some offerings where the vendor’s pushing an end-to-end PVC as a selling point. While this may be fine for fairly static hub and spoke topologies, it’s not particularly suitable for meshed networks.

The number of classes of service supported, and how the likes of multicast is supported is important—we’ve seen sales guys sell services that the techies haven’t yet tested out in their labs before now, so ask for references and technical details. If you’re connecting into their MPLS network, which routing protocols will they support for you—most will do BGP and static, but not all offer OSPF, which you might prefer if that’s what’s in your network and you don’t want to have to do redistribution.

Then there are the usual discussions round resilience, diverse routing, coverage, SLAs, and reporting.

When you get right down to it, there probably aren’t as many options as suppliers would have you believe. What they call their flash service isn’t important, once you’ve figured out how it actually works. So put together a list of questions for your account manager the next time he tries to sell you something — and hope he’s brought a techy with him.