Cisco Systems Inc. is bringing its VPN products under a single umbrella called the Unified VPN suite in an effort to enable service providers to support both legacy Layer 2 and newer Layer 3 VPN services across IP or MPLS core networks.
Allowing service providers to support both existing TDM and cell- or frame-based services along with new packet-based services over a single backbone network can help service providers significantly reduce both their capital and operational costs, notes Cisco.
But today service providers tend to run traditional services like ATM, frame relay and leased lines over ATM or frame relay backbones. And they often have separate optical core networks to support services like metro Ethernet.
Service providers can terminate Layer 2 access onto an IP or MPLS packet network, but it’s difficult to transport Layer 2 across a packet core. Termination is standard routing whereas transport involves handling Layer 2 information – such as a frame relay address -- end to end. That end-to-end tracking is important for billing and control and in some cases regulatory reasons. Cisco’s products provide that end-to-end control over either pure IP or MPLS network backbones, according to the company.
The company does that using what it calls Any Transport over MPLS (AToM), for services running over an MPLS backbone, and Layer 2Tunneling Protocol, version 3 (L2TPv3), for service running over pure IP backbone networks.
Cisco’s AtoM, based on the IETF ‘martini draft’, supports Layer 2 technology for Ethernet over MPLS, ATM AAL5, ATM cell relay, frame relay, PPP, and HDLC over MPLS. Packet over SONET is slated for availability at an unspecified future date. Cisco also has added IPSec to MPLS integration, which enables enterprise-sourced IPSec VPNs to be combined with an MPLS backbone.
L2TPv3, currently an IETF draft which Cisco helped pioneer, incorporates support for frame relay, ATM, HDLC, PPP and Ethernet. L2TPv3 can also provision transit tunnels across multiple MPLS and IP packet core networks. As one example of how a service provider could use L2TPv3, Sprint is interesting in running frame relay over its IP core backbone in Europe, where it doesn’t own a frame relay backbone, according to Cisco spokesmen.
Both AtoM and L2TPv3 are now shipping as 12.0S and 12.2T software upgrades to IOS on Cisco’s service provider edge routing products. In the next two quarters Cisco expects to make major additional enhancements.
Also as part of its Unified VPN announcement today, the company has unveiled its VPN Solution Center (VPNSC), which leverages both Cisco products and partner solutions, such as WANDL, Concord NHM, and Visual Networks to provide service activation, monitoring, reporting, intrusion detection and policy management, for frame relay, ATM, PoS, PPP, HDLC, IPSec, and Ethernet VPNs. Additionally, the company unleashed Cisco Easy VPN, a software enhancement based on Cisco's Unified Client Framework, which was designed to provide a consistent connection and policy and key management method across Cisco's routers, security appliances and VPN clients. This feature allows users to deploy any Cisco Easy VPN-enabled device within a common VPN framework. For remote connections, Cisco Easy VPN enables Cisco routers and security appliances to automatically establish and maintain a VPN tunnel to a Cisco Easy VPN-enabled head-end device without complex remote configuration. For head-end applications, Cisco Easy VPN accepts incoming calls from remote Cisco Easy VPN-enabled devices and insures those connections have up-to-date policies in place before the connection is established. In addition, Cisco IOS-based head-ends can now terminate VPN connections from Cisco VPN software clients.
