The MPLS-OPS Archive

[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]
Re: MPLS Debacle

From: "Robin Clipsham" <rclipsham@aapt.com.au>
Date: Tue, 06 Aug 2002 08:18:50 +1000
Resent-Date: Mon, 5 Aug 2002 19:21:50 -0400
To: <mpls-ops@mplsrc.com>
X-MIME-Autoconverted: from quoted-printable to 8bit by host.secure4-hosting.net id g75MJCI26483
The referenced article clearly contains a significant number of factual
innaccuracies regarding MPLS technology.
It also contained a number of statements about the way that providers are
implementing services and statements relating to market place perceptions of
the security of MPLS VPN services.
I would be interested to hear comment on the validity of these statements.
Is it reasonable to assume that since the author appears to me miss-informed
about the technology, that these conclusions are also invalid ?


" in order to make MPLS support actual services such as VPNs, or further
  down the road mission-critical data and video, carriers have to build overlay
  MPLS networks over existing MPLS-enabled IP pipes."

" Carriers have to build separate MPLS-based overlay networks to provide
   some of the services that were supposed to be the pay-off for deploying
   MPLS in the core. "

Any idea what he is getting at here ?
Is this referring to the use of a separate set of infrastructure to support business
VPN services rather than carrying them over an internet backbone ? 
Is this what carriers are in fact doing or are they running business VPN's over the
same infrastructure as public internet ? 

" Customers, on the other hand, hesitate to run their mission critical traffic over
   MPLS-enabled networks that also support Internet traffic. Just one concern
   is what happens if routers running both the Internet and priority-coded
   business traffic are shut down by the same denial of service attack.
 
" However, most companies are afraid to put mission-critical traffic onto MPLS
   VPNs that would have been fine (or are already fine) on frame. In fact, some
   organizations, like soon to be HIPPA-controlled medical businesses, are
   banned from using the technology because of the security concerns
   described above. " 

Is there any evidence to suggest that the market differentiates between VPN services
provided over an ISP backbone from those provided over a non-public infrastructure ?

Regards,
Robin Clipsham









________________________
Snr Network Engineer (CCIE 3626)
IP Development
AAPT Direct
180-188 Burnley St. Richmond Vic 3121
Ph: +613 8414 3451
Mob: 0414 657 928
email: rclipsham@aapt.com.au


>>> Christopher Lewis <chrlewis@cisco.com> 08/02/02 11:09am >>>
The author of this document seems to be poorly informed. Given the number 
of inaccuracies in the text, my opinion is that it will only be by chance 
if any of the conclusions drawn bear any relation to what happens in the 
market. Note I do not say the conclusions are wrong, I can't predict the 
future :-) Here are some of the more obvious problems with that article.

1. "First, MPLS is still not standardized. Cisco Systems routers that run 
the protocol won't talk to Juniper Networks routers. "

This is an incorrect statement, there are proven deployments of Juniper 
routers and Cisco routers running MPLS and working together

2. "Second, MPLS doesn't support services over Ethernet."

I have no idea what the author was getting at here, there are MPLS networks 
that have ethernet links in them, and there are ethernet over MPLS networks.

3."Third, there are security concerns about VPNs running over MPLS."

There are security concerns about everything. It is unclear whether 
security of payload (ie encryption) or security of devices running MPLS (ie 
Denial Of Service attacks) are the concern here.

4. "One of the founding fathers of several key MPLS standards has written 
another protocol that tries to use DNS to set up VPNs."

I assume they're referring to DNS as opposed to BGP for auto-discovery. I 
don't see the connection between the success of MPLS, GRE or any other 
tunneling technique to auto-discovery, they are both parts of a solution.

5. "Cisco, which to date has the largest number of devices that run MPLS 
deployed with carriers, posts information about the Universal Access Interface"

It's Universal Tunneling Interface, not Access, this is really L2TPv3 and 
extends that protocol to transport pdus other than PPP over a packet 
network, its really a layer 2 transport protocol, it does not enable layer 
3 VPNs.

Part of the clue maybe that the rag magazine is called Americas Network. 
Deployment of MPLS in America is behind that of Europe, so I just assume 
the authors aren't talking to people that have real MPLS experience.

Chris


At 03:18 PM 8/1/2002, Keith Benjamin wrote:

>I'd love to hear some opinions on this one...
>
>Lost in the bankruptcy shuffle — the MPLS debacle
>http://www.americasnetwork.com/americasnetwork/article/articleDetail.jsp?id= 
>26282
>
>-------
>The MPLS-OPS Mailing List
>Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml 
>Archive: http://www.mplsrc.com/mpls-ops_archive.shtml 

-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml 
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml 


-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
Follow-Ups:
- Re: MPLS Debacle
  - From: Christopher Lewis <chrlewis@cisco.com>
- RE: MPLS Debacle
  - From: "Jim Guichard" <jguichar@cisco.com>