MPLS or Site2Site VPN
I'm looking at connecting 15+ multi-state locations together to start forming a private corporate network. The sites are small with 25-30 devices. I want to avoid direct-T1's due to cost, therefore I'm looking for alternatives. I know I can do site-to-site VPN, but I've also heard a lot about MPLS and from what I've read, it may be a good option. Over the next year, we will be adding 5-10 more sites, so expansion is important. I'm not planning to do voice, but it may be an option in 2-3 years. If anyone has any suggestions on their experiences, I would greatly appreciate it. Thanks, Todd
On 29/08/05, Todd Reed <treed@astate.edu> wrote:
I'm looking at connecting 15+ multi-state locations together to start forming a private corporate network. The sites are small with 25-30 devices. I want to avoid direct-T1's due to cost, therefore I'm looking for alternatives. I know I can do site-to-site VPN, but I've also heard a lot about MPLS and from what I've read, it may be a good option. Over the next year, we will be adding 5-10 more sites, so expansion is important. I'm not planning to do voice, but it may be an option in 2-3 years. If anyone has any suggestions on their experiences, I would greatly appreciate it.
Several large corporate connectivity providers in India have setup managed MPLS VPN services, and these are quite popular .. in fact, popular enough to eat into the incumbent telco's point to point leased line revenues, so that they get their tame telecom bureaucrats to setup a new category of "VPN providing ISPs" and prescribe an arbitrarily high licensing fee and tax structure for them. So, I'd say go for it .. -- Suresh Ramasubramanian (ops.lists@gmail.com)
Technology aside (I would definitely prefer MPLS, simply because it may allow me to do more with VoIP quality, than unmanaged site-to- site VPNs), I have not been able to find MPLS providers with lesser costs than dedicated lines, for equivalent port speed. I have looked at MCI, SBC and Sprint, so far ... whom did you find more attractive than T1 providers? Stef On Aug 28, 2005, at 6:32 PM, Todd Reed wrote:
I’m looking at connecting 15+ multi-state locations together to start forming a private corporate network. The sites are small with 25-30 devices. I want to avoid direct-T1’s due to cost, therefore I’m looking for alternatives. I know I can do site-to- site VPN, but I’ve also heard a lot about MPLS and from what I’ve read, it may be a good option. Over the next year, we will be adding 5-10 more sites, so expansion is important. I’m not planning to do voice, but it may be an option in 2-3 years. If anyone has any suggestions on their experiences, I would greatly appreciate it.
Thanks,
Todd
Todd Reed wrote:
I’m looking at connecting 15+ multi-state locations together to start forming a private corporate network. The sites are small with 25-30 devices. I want to avoid direct-T1’s due to cost, therefore I’m looking for alternatives. I know I can do site-to-site VPN, but I’ve also heard a lot about MPLS and from what I’ve read, it may be a good option. Over the next year, we will be adding 5-10 more sites, so expansion is important. I’m not planning to do voice, but it may be an option in 2-3 years. If anyone has any suggestions on their experiences, I would greatly appreciate it.
Thanks,
Todd
Todd Masergy do a nice MPLS based service - you'll be transitting over T1's..and aren't cheap but are very good. If you have SDSL then you could look at running your own VPN (firewall to firewall or whatever) but you do loose the traffice QoS (esp in the internet fabric) you get with MPLS. A Packteer or similar would help but you still can't control what's happening over the internet which might affect VoIP or other sensitive applications. Habing said that I run a VoIP for a couple of users over a self managed VPN with leased line at one end and aDSL at the other with little problems, but that's all staying within 1 ISP's network and in the same country so YMMV. -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **********************************************************************
but you do loose the traffice QoS (esp in the internet fabric) you get with MPLS.
I'm curious... Does anyone, anywhere run QoS in the Internet fabric, with or without MPLS? I know that some companies (like the one I work for) do offer several levels of service in their MPLS core networks. But to my way of thinking, the Internet fabric is precisely the peering interconnections between networks whether at an exchange point or over a private peering connection. As far as I know, nobody uses QoS over these connections and nobody does MPLS peering over these connections. Am I wrong??? --Michael Dillon
On Tue, 30 Aug 2005 15:07:09 BST, Michael.Dillon@btradianz.com said:
peering connection. As far as I know, nobody uses QoS over these connections and nobody does MPLS peering over these connections.
There is no network design concept so misguided that absolutely *nobody* is doing it. It's a virtual certainty that somebody out there is either trying to do QoS/MPLS, or thinks(*) they are doing it, in these scenarios. Whether anybody on this list will 'fess up to it is a different question... (*) You know the type - code it in the config file, think it's doing something, and blissfully ignoring the warning/error messages... ;)
We are beginning to look into non-MPLS QoS enabled/aware Internet feeds. The desired product would give us some priority on some traffic with predictable end-to-end latency and jitter. I will post to the list when I get further along in the process if anyone has interest. The reason it appears MPLS won't work for us is that it introduces unnecessary complexity. Between running BGP to the cloud and the design complexity to accomodate the service...it is not worth it. TV ----- Original Message ----- From: <Michael.Dillon@btradianz.com> To: <nanog@merit.edu> Sent: Tuesday, August 30, 2005 9:07 AM Subject: Re: MPLS or Site2Site VPN
but you do loose the traffice QoS (esp in the internet fabric) you get with MPLS.
I'm curious... Does anyone, anywhere run QoS in the Internet fabric, with or without MPLS?
I know that some companies (like the one I work for) do offer several levels of service in their MPLS core networks. But to my way of thinking, the Internet fabric is precisely the peering interconnections between networks whether at an exchange point or over a private peering connection. As far as I know, nobody uses QoS over these connections and nobody does MPLS peering over these connections.
Am I wrong???
--Michael Dillon
What about doing the VPN onver the internet, with IPSec tunnels terminated in a hub and spoke model, i dont know price wise, but it would work fine. On 8/29/05, Todd Reed <treed@astate.edu> wrote:
I'm looking at connecting 15+ multi-state locations together to start forming a private corporate network. The sites are small with 25-30 devices. I want to avoid direct-T1's due to cost, therefore I'm looking for alternatives. I know I can do site-to-site VPN, but I've also heard a lot about MPLS and from what I've read, it may be a good option. Over the next year, we will be adding 5-10 more sites, so expansion is important. I'm not planning to do voice, but it may be an option in 2-3 years. If anyone has any suggestions on their experiences, I would greatly appreciate it.
Thanks,
Todd
(sorry for the continuing top-post) Speaking of Hub-and-Spokes, what about Frame Relay (from a single provider that covers all your states)? I imagine that it's probably run over their own backbone using MPLS anyway. On Tue, Aug 30, 2005 at 05:00:56AM +0300, Kim Onnel wrote:
What about doing the VPN onver the internet, with IPSec tunnels terminated in a hub and spoke model, i dont know price wise, but it would work fine.
On 8/29/05, Todd Reed <treed@astate.edu> wrote:
I'm looking at connecting 15+ multi-state locations together to start forming a private corporate network. The sites are small with 25-30 devices. I want to avoid direct-T1's due to cost, therefore I'm looking for alternatives. I know I can do site-to-site VPN, but I've also heard a lot about MPLS and from what I've read, it may be a good option. Over the next year, we will be adding 5-10 more sites, so expansion is important. I'm not planning to do voice, but it may be an option in 2-3 years. If anyone has any suggestions on their experiences, I would greatly appreciate it.
Thanks,
Todd
-- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
participants (10)
-
Henry Yen
-
Kim Onnel
-
Martin Hepworth
-
Michael.Dillon@btradianz.com
-
Network Fortius
-
Randy Bush
-
Suresh Ramasubramanian
-
Todd Reed
-
Tony Varriale
-
Valdis.Kletnieks@vt.edu