The MPLS-OPS Archive

[Christopher Lewis <chrlewis@cisco.com>]

Robin,

Comment in-line, hopefully this is the last we hear about this mis-informed 
journalist at the previously unknown publication.

At 05:18 PM 8/5/2002, Robin Clipsham wrote:
>The referenced article clearly contains a significant number of factual
>innaccuracies regarding MPLS technology.
>It also contained a number of statements about the way that providers are
>implementing services and statements relating to market place perceptions of
>the security of MPLS VPN services.
>I would be interested to hear comment on the validity of these statements.
>Is it reasonable to assume that since the author appears to me miss-informed
>about the technology, that these conclusions are also invalid ?

That seems a reasonable assumption.


>" in order to make MPLS support actual services such as VPNs, or further
>   down the road mission-critical data and video, carriers have to build 
> overlay
>   MPLS networks over existing MPLS-enabled IP pipes."
>
>" Carriers have to build separate MPLS-based overlay networks to provide
>    some of the services that were supposed to be the pay-off for deploying
>    MPLS in the core. "
>
>Any idea what he is getting at here ?

He seems to be suggesting that MPLS requires another separate network in 
order to function, separate from the ATM, IP or other network. This is not 
the intention.

>Is this referring to the use of a separate set of infrastructure to 
>support business
>VPN services rather than carrying them over an internet backbone ?

So there are a few options here.

Separate P and PE routers for MPLS services (not common at all). The 
suggestion from the article is that this is the model followed by all MPLS 
deployments and is clearly wrong.

Common P routers, but separate PE routers, this is roughly half of deployments.

Common P and PE routers, this is roughly half of deployments.

>Is this what carriers are in fact doing or are they running business VPN's 
>over the
>same infrastructure as public internet ?

See above, but remember, SPs ran internet traffic over their ATM and F/R 
networks in the past, the VC separating private from public services, the 
difference here is that the LSP provides the separation, not the DLCI or 
VPI/VCI identifier.


>" Customers, on the other hand, hesitate to run their mission critical 
>traffic over
>    MPLS-enabled networks that also support Internet traffic. Just one concern
>    is what happens if routers running both the Internet and priority-coded
>    business traffic are shut down by the same denial of service attack.

This is a legitimate concern that is addressed via careful design and in 
some cases separate PE routers as noted above.

>
>" However, most companies are afraid to put mission-critical traffic onto MPLS
>    VPNs that would have been fine (or are already fine) on frame.

Not true, in fact the marketing of MPLS technology has been so successful 
that enterprises are demanding MPLS service from SPs.

>  In fact, some
>    organizations, like soon to be HIPPA-controlled medical businesses, are
>    banned from using the technology because of the security concerns
>    described above. "

He is probably referring to some requirement to have traffic encrypted and 
as MPLS does not encrypt there is some tenuous link made to MPLS not being 
suitable.


>Is there any evidence to suggest that the market differentiates between 
>VPN services
>provided over an ISP backbone from those provided over a non-public 
>infrastructure ?

Yes, VPN over a private backbone generally commands a higher price.


>Regards,
>Robin Clipsham
>
>
>
>
>
>
>
>
>
>________________________
>Snr Network Engineer (CCIE 3626)
>IP Development
>AAPT Direct
>180-188 Burnley St. Richmond Vic 3121
>Ph: +613 8414 3451
>Mob: 0414 657 928
>email: rclipsham@aapt.com.au
>
>
> >>> Christopher Lewis <chrlewis@cisco.com> 08/02/02 11:09am >>>
>The author of this document seems to be poorly informed. Given the number
>of inaccuracies in the text, my opinion is that it will only be by chance
>if any of the conclusions drawn bear any relation to what happens in the
>market. Note I do not say the conclusions are wrong, I can't predict the
>future :-) Here are some of the more obvious problems with that article.
>
>1. "First, MPLS is still not standardized. Cisco Systems routers that run
>the protocol won't talk to Juniper Networks routers. "
>
>This is an incorrect statement, there are proven deployments of Juniper
>routers and Cisco routers running MPLS and working together
>
>2. "Second, MPLS doesn't support services over Ethernet."
>
>I have no idea what the author was getting at here, there are MPLS networks
>that have ethernet links in them, and there are ethernet over MPLS networks.
>
>3."Third, there are security concerns about VPNs running over MPLS."
>
>There are security concerns about everything. It is unclear whether
>security of payload (ie encryption) or security of devices running MPLS (ie
>Denial Of Service attacks) are the concern here.
>
>4. "One of the founding fathers of several key MPLS standards has written
>another protocol that tries to use DNS to set up VPNs."
>
>I assume they're referring to DNS as opposed to BGP for auto-discovery. I
>don't see the connection between the success of MPLS, GRE or any other
>tunneling technique to auto-discovery, they are both parts of a solution.
>
>5. "Cisco, which to date has the largest number of devices that run MPLS
>deployed with carriers, posts information about the Universal Access 
>Interface"
>
>It's Universal Tunneling Interface, not Access, this is really L2TPv3 and
>extends that protocol to transport pdus other than PPP over a packet
>network, its really a layer 2 transport protocol, it does not enable layer
>3 VPNs.
>
>Part of the clue maybe that the rag magazine is called Americas Network.
>Deployment of MPLS in America is behind that of Europe, so I just assume
>the authors aren't talking to people that have real MPLS experience.
>
>Chris
>
>
>At 03:18 PM 8/1/2002, Keith Benjamin wrote:
>
> >I'd love to hear some opinions on this one...
> >
> >Lost in the bankruptcy shuffle ¯ the MPLS debacle
> >http://www.americasnetwork.com/americasnetwork/article/articleDetail.jsp? 
> id=
> >26282
> >
> >-------
> >The MPLS-OPS Mailing List
> >Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
> >Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
>
>-------
>The MPLS-OPS Mailing List
>Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
>Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
>
>
>-------
>The MPLS-OPS Mailing List
>Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
>Archive: http://www.mplsrc.com/mpls-ops_archive.shtml

-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml