Turning up profitability with routed network services

Dense virtual routed networking is a new architecture that enables flexible customization of routed network services.

CURT NEWTON, Crescent Networks

Over the past couple of years, optimism about new optical-networking technologies has fueled a vision of end-to-end optical networks, large quantities of low-cost bandwidth, and purely switched architectures that solve subscribers' demands. Yet, history has shown that bandwidth breakthroughs are rapidly commoditized, and speed alone cannot create sustainable competitive advantages for service providers.

While all subscribers want more bandwidth, many also want the media independence, resiliency, scalability, and administrative flexibility that only a customized routed network service can offer. Routed network services are used today, but they have become a double-edged sword. There is a large and growing demand, yet there are considerable challenges in creating a profitable routed network services business with today's tools.

Dense virtual routed networking (DVRN) is a new architecture for delivering routed network services. It solves some critical business and technical issues for today's service providers and enterprises. The DVRN technologies allow service providers and enterprises to leverage their investments in new IP/optical capacity, data-center build-outs, and back-office operations systems, while extending the value of legacy SONET, frame relay, and ATM infrastructures.

A routed network service is for a specific subscriber (e.g., a 20-site enterprise intranet) and employs dynamic Internet Protocol (IP) routing protocols (e.g., open shortest path first-OSPF, Border Gateway Protocol-BGP). Routed networks traditionally connect standalone routers over a set of Layer 2 logical connections and Layer 1 physical links (e.g., frame-relay WAN or Ethernet). Relative to a pure Layer 1 or Layer 2 WAN, a routed network service uses routing protocols to ensure strong resiliency, scalability, and addressing flexibility along with network media independence. Note that some routed networks, in particular the public Internet, are "one size fits all" and not readily customizable. Typical examples of routed network providers include interexchange carriers, Internet service providers, and wholesale "carrier's carrier" operators.

Different types of organizations use routed network services for their business operations. A multisite enterprise that outsources its IP intranet is a routed network services customer. Another increasingly important customer is the service provider that relies on IP networks but doesn't want to roll out its own network. This group includes application and storage service providers, content delivery providers, and local-exchange carriers (LECs) undergoing out-of-region expansion.

Service providers are under tremendous financial pressure to recoup their investments on high-speed transport and core IP routing infrastructure, especially since building fatter pipes does not result in sustainable margins. Organizations that operate their own routed networks represent an attractive customer base to these service providers because of their eagerness to outsource.

A routed network today is an expensive capital expenditure, but even more costly in terms of human capital. Router expertise is becoming scarce, expensive, and mercenary; the highly paid people who build routed networks today might not be around to maintain them tomorrow. Enterprises and service providers continue to absorb the high cost of maintaining customized routed networks for several reasons:

• Only routing can support media diversity. For instance, only routed networks can connect different Layer 1/Layer 2 technology islands such as headquarters and hosting center on Gigabit Ethernet, branch locations on frame relay, and mobile workers on DSLs and remote-access virtual private networks (VPNs). Switched WANs such as ATM, frame relay, optical, and Ethernet require a homogeneous Layer 1/Layer 2 network, which is not applicable to the vast majority of enterprises and service providers.
• A customized routed network is the only way to meet the quality-of-service (QoS), performance, and security requirements of enterprises and service providers. Although it is a routed network, the public shared Internet cannot deliver QoS, performance, or security.
• The "N² mesh" problems in highly interconnected custom networks are solved by routing. Greater interconnection is being fueled by the need to connect larger numbers of sites for collaboration and peer-to-peer applications. With Layer 1 or Layer 2 technologies, which include tunneling mechanisms such as secure Internet Protocol (IPSec) and Layer 2 tunneling protocol (L2TP), each pair of communicating sites must have a dedicated end-to-end connection, resulting in N² logical connections for a network of N sites. Administering these connections, especially for growing networks, is time-consuming and error-prone. On the other hand, in a routed network solution, N sites can be networked with N logical connections, and connectivity is automatically achieved by routing protocols.
• Existing IP addressing is preserved with customized routed networks. To transport existing IP addresses across the Internet requires complex network address translation and firewall administration that will not be transparent to many applications.
• High resiliency and self-healing are benefits that routing protocols lend to routed networks across any media type.
• Internet-related tools such as Web-based collaboration and workflow can be leveraged only with routed networks. When these tools run on QoS-enabled customized routed networks rather than the public Internet, their performance is much better.

Contrast that with the demands that large-to-medium enterprises and service providers place on their customized routed networks; these organizations want resilient, dynamic, any-to-any, and highly scalable services. Aggregation into best-effort shared routed networks is not an alternative. A routed network provider's customized service must provide the same fundamental advantages as a privately operated custom routed network to the enterprise or service provider at a lower cost.

While customized routed networks have clear benefits, these networks present tremendous challenges for many service providers. On one hand, these networks tend to be highly strategic and potentially quite lucrative. On the other hand, the tools to scale a customized routed network services business simply do not exist today. To handle the most pressing service demands, routed network providers must build dedicated routed network overlays, with racks of routers, and hire an army of expensive router gurus (see Figure 1). This approach has three fundamental problems:

• Physical inefficiencies. To approach the full range of services with sufficient isolation among customers, the provider must deploy many racks worth of expensive, power-hungry equipment. Each high-rent point of presence (PoP) quickly outgrows the standard 10x10-ft space. Each new service request is gated by the time to order, stage, install, and configure many physical boxes.
• Functional limitations. Dedicated customer-specific routed network overlays are complex to manage, taking months and many people to install and provision. Move/add/change backlogs grow out of control, and the brute force techniques to support service-level agreements (SLAs) don't scale. As a result, the pain increases exponentially with each new customer, and the 10th customer is much harder to support than the first.
• Fiscal barriers. The physical and functional problems have a negative impact on the service provider's bottom line. Slim margins, pricing that inhibits customer adoption, massive staff demands, and slow time-to-revenue are building to a routed network services showstopper. At a certain point, negative economies of scale develop and margins disappear. That's clearly a big problem.

Dense virtual routed networking retains the customization of dedicated routed networks, yet achieves mass-market economies of scale. It is a platform of service edge routers and service-management software used to create and support routed network services. Breakthroughs in virtual routing performance and QoS are combined with standards such as routing protocols and Multiprotocol Label Switching (MPLS) to achieve a solution that is leading edge yet eminently deployable.

DVRN is more than just a box with lots of virtual routing, as virtual routing density alone cannot address the functional and fiscal requirements of routed network services. The architecture employs three synergistic elements: dynamic virtual routing, optical-scale application QoS, and collaborative service management.

The foundation of the DVRN architecture is dynamic virtual routing. Just as there are different classes of standalone routers-from a $99 plug-and-play model that supports a single static route to sophisticated Internet-scale routers responsible for hundreds of thousands of routes and hundreds of peering sessions-the DVRN architecture supports different classes of virtual routers. Each DVRN virtual router is independent and customizable, running unique instances of dynamic routing protocols and maintaining separate forwarding information in hardware to attain wirespeed forwarding performance.

The application QoS performs dynamic, fine-grained traffic classification through deep packet inspection, application awareness, and subscriber/policy provisioning. It also gathers detailed multigigabit-rate statistics for SLAs and billing to enable new services and enhance customer trust.

The collaborative service management is used to turn the virtual routing and application QoS into deployable routed network services. The service-management system uses wizards, predefined templates, policy-based provisioning, and Web self-service to accelerate service creation and activation. The system also features customized per-subscriber application-level SLAs and billing; flexible partitioning among the different operator roles across the network operations center (NOC), service-provider partners, and subscribers; and powerful application programming interfaces (APIs) to develop flow-through automation and back-office integration.

DVRN is a candidate for deployment anywhere there is or could be racks of routers. Traditionally, that's "edge of the core" territory (e.g., the larger metro PoPs and data centers). Because it liberates routed networking from brute force connections among expensive dedicated physical routers, DVRN makes it feasible to extend a routed service presence second- and third-tier PoPs, central offices, and multitenant units.

How is DVRN different from other new IP technologies? A few examples will show that what may look similar at a high level actually turns out to be distinct and often complementary.

Edge/aggregation routers emphasize high port density and are designed to scale up Internet access services. While the DVRN services edge router also has high port density and supports Internet access services, its virtualized approach to routed network services enables a broader set of enterprise and wholesale services. The network-level service-management functions are also beyond the scope of standalone routers.

Core routers support massive aggregated throughput and route tables, large numbers of peering sessions, and some QoS but are not designed for subscriber-level intelligence, customization, and differentiation. The service edge router can be used to complement next-generation core routers, especially as these devices add MPLS traffic engineering and QoS guarantees.

Layer 3 switches have added IP packet processing, routing protocols, and some application awareness to LAN switching. On the scale of a single enterprise network, these functions can add real value. While "carrier-grade" Layer 3 switches are being used in data centers, these switches will need to be complemented with a customizable routed network platform to achieve the necessary service scale and flexibility.

IP service switches (IPSSs) have some high-level similarities with DVRN; both deliver a combination of scale economies and value-add features. However, today's IPSSs target small businesses, multitenant units, and consumer subscribers with a single-ended service model, while DVRN targets higher-scale multisite enterprise and service-provider subscribers with a customized routed network service model. Some IPSSs have a form of virtual router but generally are limited to static or small routing tables. Many of these platforms also have sophisticated service/subscriber-management software, but their focus is on the services used by the smaller customer. Since DVRN targets different services and end users, IPSSs and DVRN platforms may be deployed side by side by many service providers.

Third-party service provisioning software provides essential flow-through management for end-to-end, multivendor service provisioning. DVRN's collaborative service management can be integrated via public APIs with these service provisioning tools. IP VPNs based on Layer 2 tunneling (e.g., IPSec or L2TP) are best suited for point-to-point remote access to a corporate network. The tunneling mechanisms actually operate as Layer 2 connections and leave the provider with all of the scale, flexibility, and operations challenges of other pure Layer 2 networks. When operating across the public Internet, tunneled IP VPN services carry additional burdens of encryption performance and public key infrastructure scaling.

BGP/MPLS VPNs based on Internet Engineering Task Force RFC2547 are a means to virtualize routed IP core networks for private addresses at a scale sufficient for wholesale services. This form of MPLS VPN requires the provider to operate iBGP and MPLS protocols in their core. It permits limited customization of QoS and traffic engineering and no routing customization and relies on highly complex router configurations. DVRN services edge routers can be configured to interoperate with other RFC2547 edge routers.

DVRN can be considered a form of MPLS VPN, in that MPLS is used by the services edge routers to segregate traffic by customer and/or class of service (CoS) across core network links. MPLS is a scalable, uniform connection layer that helps build distinct virtual routed networks (VRNs) out of individual virtual routers.

Carrier deployment of MPLS has achieved critical mass as a proven method to isolate customer addresses and QoS domains and offers better scaling than other L2-based tunneling mechanisms. MPLS enables the DVRN architecture to evolve from legacy switched or routed networks to MPLS/optical or Multiprotocol Lambda Switching infrastructures. While DVRN uses MPLS, the services edge routers can encapsulate MPLS "transparently" across non-MPLS domains (e.g., across a legacy ATM permanent virtual circuit mesh or over dedicated optical Ethernet).

As highlighted in Figure 2, DVRN core connectivity uses stacked MPLS label-switched paths (LSPs). Outer LSPs act as aggregated trunks and may be traffic engineered in conjunction with other core label switch routers. Within each outer LSP are many inner LSPs, for separate subscribers and distinct CoS types. This stacked-label approach permits tremendous granularity of control and security for individual subscribers, while at the same time ensuring core scalability by aggregating the many routed network instances into a manageable number of logical connections.

For enterprise customers, a VRN provides an intranet/extranet service independent of particular access core technologies. A VRN can seamlessly network among a corporate headquarters over optical Ethernet, branch offices over frame relay and DSL, and teleworkers and partners over remote-access VPN tunnels. If an IT-managed routed network is already in place, the network can be rolled to a provider-based customized routed network service without affecting the customer's addressing.

Imagine a DVRN network with services edge routers deployed in New York, Chicago, Dallas, and San Francisco. To create a VRN for a subscriber with a national presence, virtual routers are created at each services edge router, and access connections to customer edge devices are established. The VRN is completed by enabling routing and core connectivity between the desired adjacent virtual routers. The routed network provider has complete flexibility and control over each VRN's routing adjacencies, link topologies, and QoS. These service variables are established by the NOC staff, using predefined templates, or via an API to a workflow operation support system or policy directory.

Once a VRN has been established, VRN sites can be easily added or deleted, and additional service enhancements made beyond the basic routed network service. A hosted storage service with particular QoS demands, for example, can be provisioned through a single "drag-and-drop" onto the VRN, rather than requiring hours worth of complex command line typing.

On the same DVRN platform, the routed network provider can deliver wholesale routed network services to service-provider partners-application service providers, storage service providers, content providers, and LECs looking for out-of-region expansion. VRNs for wholesale routed network services are created in a similar fashion to enterprise VRNs.

The DVRN platform of service edge routers and service-management software offers multisite enterprises and service providers a solution for customized routed IP network services. In the past, routed network service providers encountered numerous physical, functional, and fiscal barriers to profitable deployment of these services. The DVRN architecture addresses these barriers through a combination of dynamic virtual routing, application QoS, and collaborative service-management technologies. With DVRN, service providers can transform their evolving optical networks to support customized routed network services offering sustainable profitability.

Curt Newton is a founder and senior director of product marketing at Crescent Networks (Lowell, MA). He can be reached via the company's Website, www.crescentnetworks.com.