One of the hottest trends in the area of service and subscriber intelligence at the edge is providing value-added integration of remote access technologies, says David Messina, vice president of marketing at CoSine Communications Inc. CoSine Communications makes an IP server platform that sits at the edge of the network to enable service providers to bundle value-added services like VPN, firewall, network address translation, denial of service protection and centrally manage all those services.
For example, he says, Equant recently launched a secure GPRS service for which CoSine supplies termination equipment to handle IPsec and other traffic. Messina notes there is a lot of movement around mobility and alternative mechanisms for remote access. He says Equant is responding to the need of large enterprises to maximize the efficiency of their workforces by offering mobile VPN service, which gives users access to every application they would have if they were working inside their companies’ walls.
Service providers can either enable such services or other services such as firewall, network address translation, denial of service protection — by putting a device like a CheckPoint firewall at each customer site or they can go with the CoSine model, which delivers a “virtualized” firewall or VPN services from within the carrier network, says Messina. He notes the latter method is less expensive both from a capital and an operational standpoint.
South Korean service provider Dacom Corp. is following a similar model. The company is deploying Quarry Technologies’ iQ Security Service Routers for networkwide deployment to deliver new services including intrusion detection to its MPLS-based VPN customers. Quarry Technologies’ iQ8000 routers will be distributed throughout South Korea, around the edge of Dacom’s MPLS backbone network. Support for VPN technologies, including IPsec and RFC-2547 Layer 3 MPLS VPNs, will ensure seamless integration of the iQ8000 into the network infrastructure, according to the vendor. The routers will terminate access-network connections, identify subscribers and classify traffic flows.
Stateful firewall filtering, intrusion detection, traffic policing, denial of service prevention, network address translation, virtual routing, VPN tunneling, encryption, traffic shaping, and other services will be provided as needed, on a per-subscriber basis.
While MPLS is clearly part of the intelligence at the edge discussion, CoSine’s Messina emphasizes that’s not the whole story.“We believe MPLS involves service intelligence at the edge and is good for VPN service,” adds Messina, who says his company’s equipment is in use by at least 35 service providers around the world including Equant, Korea Telecom, NTT and Sprint. “But as we look at our customers, they need flexible solutions to offer different VPNs — site to site, extranets, IPsec. CoSine can integrate all those elements into one platform. Equant is a classic example of offering VPN, but with the need to offer more remote access through secure GPRS to increase the productivity of its customers’ employees. MPLS is important, but you can also wrap other services around it.”
Michael Capuano, director of product marketing for Juniper Networks Inc., agrees the edge has become the critical space in networking today. Devices at the edge of carrier networks can allow service providers to customize the user experience and in doing so deliver new service models to help replace carriers’ declining voice revenue, he says.
For example, Telenor has a fair-use model for DSL based on Juniper’s ERX router and SDX server-based product that tracks customers’ per megabit use on the network monthly. If a user goes over his or her subscribed bandwidth allocation, the system automatically sends the person an e-mail asking if that individual wants to upgrade bandwidth. “We gave them the tools to automate the whole thing,” says Capuano.
A recently released application admission control module for Juniper’s E-series routers based on Microsoft Corp.’s Windows Media Services 9 Series, meanwhile, enables service providers to set up bandwidth on the fly per user request. However, when adequate bandwidth is not available to ensure a high quality customer experience, additional users requesting pipes on the network are turned away until enough bandwidth is available for all, says Capuano. He says this could help the service provider sell customers a higher quality-of-service package.
Yet another new tool Juniper unveiled this summer enables service providers to sample packets (ranging from all packets to one packet per thousand) to understand what type of traffic flow users are sending over various connections.
This J-Flow Accounting, as Juniper calls it, can allow the service provider to offer a different quality of service for each type of traffic flow (voice, video, data, for example) or to otherwise create differential service based on bandwidth, time or other considerations, says Capuano.
