A DETAILED ANALYSIS OF FR-VPNs vs. IP-VPNs VPNs Frame Relay A Comparison of IP-VPN and Frame Relay Services

Description Secure Transmissions carriers may constitute a strong value proposi- tion for price-sensitive customers willing to Say “VPN” and most people think Internet Today, one way IP-VPNS are being deployed is give up SLA and security, a consideration that technology. Generically defined, a Virtual through ISPs who are building IP tunnels “traditional” carriers will not underestimate. Private Network (VPN) is a means of through their backbones as special, secure With the potential threat of new entrants, transmitting digital information over a shared paths for customers’ traffic. However, users carriers will have a strong incentive to protect public network infrastructure in which secure trust frame relay Permanent Virtual Circuits their installed base and resulting revenue. and reliable connectivity, management and (PVCs) to provide adequate security for most The ISP/carrier consolidation will also push addressing is equivalent virtually to that of a applications without having to create tunnels the service providers to rationalize and posi- private network. and use encryption as default. PVCs inherent- tion their own offerings within their product Despite the recent excitement about ly provide a “tunnel” of sorts in that the line so as to minimize cannibalization effects. IP-VPNs, Layer 2 VPNs have been available network operator (within the company or since the mid to late 1980s as VPDNs. Current service provider) establishes the DLCIs managed frame relay services run mission- associated with a different access device. In Flexibility and Any-to-Any critical applications and provide secure, stable addition, packets with corrupted addressing predictable and highly manageable solutions. information are systematically discarded. Connectivity The IP-VPN promise of any-to-any connectivity Several market drivers are fueling the A VPN service provisioned using PVCs on a is an attractive benefit, especially for extranet euphoria surrounding IP-VPNs. A comparison frame relay access platform, eliminates the and remote users. Frame relay Switched of IP-VPN and frame relay services in relation need to acquire special tunneling and perfor- Virtual Circuits (SVCs) offer some of the to these market drivers may serve to clarify mance enhancing options to accompany it. same benefits. SVCs can extend the reach the current situation. Current frame relay networks support many of secure and feature-rich frame relay services thousands of concurrent active PVCs with to remote users and extranet sites, such as high levels of availability, scaling and forward- trading partner locations, without using For More Information: ing performance, and minimal, predictable expensive leased lines. delay and jitter. Frame relay SVC services are available in World Wide Web the U.S. and Europe, and CPE supporting http://www.frforum.com Cost Savings frame relay SVCs is on the market today. The potential savings of IP-VPN technology Particularly in Europe, SVCs provide an alter- E-mail over other technologies should be examined native to IP-VPNs because some major service [email protected] on the basis of total cost of network owner- providers offer parity pricing for SVC and PVC ship. For example, IP-VPNs do not preclude services (for equivalent aggregate CIRs). Phone the need for security relationships to be Greater proliferation of frame relay SVCs may 510-608-5920 defined and established between each pair of also be driven in Europe by X.25 conversion. hosts that may need to communicate. This According to Vertical Systems, SVC-based FAX means that network administrators must con- X.25 network services represented a $2.7 bil- 510-608-5917 figure the rules by which individual users lion worldwide market in 1999. communicate with each other, requiring an Frame relay SVC users also have the bene- exponential number of configurations. The fit of a secure environment using Closed User savings can quickly evaporate as the cost to Groups (CUG), which is now a standard with- hire, train and retain the scarce expertise in the ITU – X.36. CUGs are applicable for required for the configuration and administra- national (NCUG) and international (ICUG) tion of complex networks is added to the networks. total cost equation. In spite of the benefits, however, frame On the positive side for frame relay, several www.frforum.com relay SVC usage is growing slowly. Point-to- factors will continue to drive tariffs down. point and star topologies are still the primary www.frforum.com Potential savings of alternative services and implementation of PVCs today, as indicated by a 1999 Distributed Network Associate Survey, preemptive warnings of over-subscription, auto- For managed services, providers also need the in which 79 percent of the respondents stated matic troubleshooting, and more. expertise and resources to determine IP-VPN they were still using the two types of network On the IP-VPN side, service providers have requirements, manage day-to-day operations, layouts. One possible reason for slow SVC started to offer Service Level Guarantees operate helpdesk, manage security (carrier adoption is that frame relay SVC services have (SLGs), but they are limited because there are liability, international legislation, key manage- not yet been deployed or priced attractively by limited standards for backbone engineering or ment and web of trust), select, install and test all carriers. In the final analysis, the drivers for network management. Therefore, any SLGs VPN products (interoperability) and monitor and that limit the adoption of SVCs as a replace- that exist tend to be fairly limited in scope and guarantee service levels (transit delays and jitter, ment for current network topologies are the in their ability to report on the individual cus- throughput) on a per tunnel basis. same market drivers that affect IP-VPN usage. tomer’s network. The connectionless nature of IP does not In addition, service providers have been cau- allow service providers to determine traffic Mixed Protocol Environments tious in their own rollouts, carefully evaluating patterns because packets can take unpre- the technological and financial risks. Their chal- dictable paths through the network. This Not all traffic is IP-based. The Infonetics lenge is to meet a whole set of user needs in a makes capacity planning quasi-impossible until Research 1998 survey showed that 44 percent complete and economical manner. A technolog- standard traffic-engineering technologies are of survey respondents required support for ically superior approach alone will not suffice. deployed and quality of service and perfor- their IPX traffic and 20 percent needed The dominant design for the infrastructure mance-oriented policies established and mas- SNA/APPN support. A recent Frame Relay will be one that offers a superior price-perfor- tered in the backbone, which is not likely to Forum survey completed by Distributed mance combination, and one that enables happen soon. Technical knowledge (experience Networking also showed that TCP/IP the delivery of services that will match, at a curve) among carriers still needs to grow and represented only 48.3 percent of the total traffic volume on frame relay networks. Other protocols included IPX, SNA/SDLC and other legacy protocols. Traditional FR-VPN vs IP-VPN This less than homogeneous environment is also a problem for IPSEC, the Layer 3 tunnel- Traditional FR Service IP-VPN ing protocol designed to securely tunnel IP traf- fic only. Multiprotocol support for IPSEC requires a proxy server to do the necessary protocol translation to IP, which represents additional burden of overhead (10 to 30 per- cent higher than frame relay) and processing. Another approach is to combine IPSEC with L2TP tunneling, or use DataLink Switching (DLSw).

Service Level Guarantees When network performance problems occur, bottom-line profitability and competitive edge • Each router connected to every other router • Each router connected to carrier’s network is negatively affected. With the increase of via frame relay PVC via a single FR PVC business dependence on networked systems, • Bandwidth guaranteed between sites • Bandwidth guaranteed on access, but not the cost of degraded application response time via FR CIR between sites (most strategic) and unplanned downtime (most important) escalates. Performance management and monitoring minimum, the business class, secure, feature- diffuse, especially when it comes to the com- are an absolute requirement for companies to rich, and high-performance solutions frame plex and diverse IP-VPN-enabling technologies, address different internal needs. Current frame relay offers today. such as MPLS (RSVP, CR_LDP), ICS, Diffserve, relay performance management tools provide Ensuring certain levels of service is tied Terabit routers, etc. the means to quantify performance on a given closely to traffic engineering, capacity planning, link down to the virtual circuit and determine equipment interoperability and performance. Multi-vendor Environments if performance is equal to levels specified in a Service providers face the non-trivial challenge There is also a need for more integration contract with a service provider, or in agree- of anticipating the growth and demand in band- and consolidation in terms of product lines ment between users and IT departments. width, which compounds the difficulty in pro- with multi-vendor interoperability (maturing Standard (see FRF.13) frame relay Service viding predictable and reliable services. of embedded technologies). Current IP-VPN Level Management “killer-applications” are Designing and tuning their networks for opti- CPE possibilities are indeed confusing, and widely available today. They enable service mum performance and operation while mini- implementers should be cautious about level verification and management, capacity mizing complexity and operating costs is a sig- interoperability issues when combining planning and trending, bandwidth optimization, nificant task. servers, functions-specific hardware, firewall and router-based equipment. Equipment will to Vertical Systems) with a 22 percent CAGR While the excitement about emerging IP-VPN need to be upgraded or enhanced (hardware between 1997 and 2001. technology will continue, it is clear that frame encryption acceleration) to provide wire-speed Based on a 1999 Infonetics Research survey relay-enabled VPNs will remain important and encryption and tunneling, as the IP-VPN CPE on VPNs and managed services, it appears that central elements in the public network infra- will create network bottlenecks. Scaling is also IP-VPNs are being used to address growing structure for the foreseeable future. a major issue facing CPE vendors and indirect- bandwidth needs rather than converting ly, service providers. existing site-to-site connections. The findings state that only 22 percent of the respondents IP Market: Still Maturing perceived the ability to replace frame relay as important for site-to-site VPNs. Cost savings Implementation Agreements Initially characterized by the lack of standards of domestic dedicated line charges was rated FRF.1.2 User-to-Network Implementation Agreement and proprietary approaches, poor quality, wide highly by 46 percent (20 percent for interna- FRF.2.1 Frame Relay Network-to-Network Interface variety and specialized distribution channels, Implementation Agreement tional) of the respondents, and was perceived the current IP-VPN market seems typical of a FRF.3.2 Multiprotocol Encapsulation Implementation Agreement as a key benefit to site-to-site VPNs. new and still maturing industry segment. The FRF.4.1 User-to-Network SVC Implementation Agreement These numbers seem to indicate that there maturing of the market is indicated by recent FRF.5 Frame Relay/ATM PVC Network Internetworking is limited direct substitution effect, but consolidations and partnerships across different Implementation Agreement growing “opportunity cost” to the frame relay industry segments (carriers/ISPs, product/tech- FRF.6 Frame Relay Service Customer Network Management service market in that growth in bandwidth nology integration, etc.). Implementation Agreement (MIB) and connectivity needs impact the leased line The lack of customer knowledge and market FRF.7 Frame Relay PVC Multicast Service and Protocol revenue pool, a $23.8 billion market according Description Implementation Agreement infrastructure explain current carrier’s “mini- to a 1998 Vertical Systems report. FRF.8.1 Frame Relay/ATM PVC Service Interworking mal and hybrid” IP-VPN offerings, mostly target- Implementation Agreement ed at early adopters. Product bundling (posi- FRF.9 Data Compression over Frame Relay tioned as solutions) and attractive pricing is the Conclusion Implementation Agreement main short -term objective for service providers It is unlikely that IP VPNs will upstage frame FRF.10 Frame Relay Network-to-Network SVC willing to tap into the VPN revenue stream. relay VPNs any time soon. After all, frame relay Implementation Agreement Today, IP-VPN providers can claim only broad services have now reached the $10 billion FRF.11 Voice over Frame Relay Implementation Agreement and unverifiable network backbone availability revenue mark and there are over one million FRF.12 Frame Relay Fragmentation Implementation Agreement and uptime numbers. Service providers do not ports installed (Vertical Systems). And with FRF.13 Service Level Definitions Implementation Agreement (and cannot) offer any guarantee on service frame relay used as the underlying technology, FRF.14 Physical Layer Interface Implementation Agreement levels on a per tunnel basis, nor can they IP-VPNs fuel the growth of the frame relay FRF.15 End-to-End Multilink Frame Relay guarantee data integrity and security. Potential equipment market. Implementation Agreement outsourcing allows much less control over net- What is more likely is that new applications FRF.16 UNI/NNI Multilink Frame Relay work security policies. Even if those guarantees suited to the characteristics of IP VPNs will Implementation Agreement were available, no service level verification use IP rather than frame relay, so this will limit FRF.17 Frame Relay Privacy Implementation Agreement tools are available to measure network perfor- frame relay’s growth over time. FRF.18 Network-to-Network FR/ATM SVC Service Interworking Implementation Agreement mance against the service provider’s claims. Practically speaking, frame relay carriers have a strong incentive to protect their Short Term Outlook installed base and resulting revenue; to ratio- nalize and position their product line so as to The main shift in the value matrix will be minimize possible cannibalization effects; and a movement along the price and later, perfor- to sustain market position. mance dimensions, which would indicate As proof of this, frame relay service prices IP-VPNs can be characterized as a sustaining have decreased by an average of 10 to 15 innovation. Given that assumption, growth percent over the past years. More recently, rates for VPNs markets could be predicted, various service providers have announced together with trajectories of technological services that combined both IP-VPNs and frame progress, with a reasonable level of confidence. relay in effort to harness the different market For the short term, however, it is clear that forces and define the fit of the two technolo- IP-VPN technology and frame relay services gies. These services allow frame relay cus- will co-exist in both a complementary and a tomers to enjoy the Layer 2 virtual private competitive state. Although ISPs do not provide network capabilities that frame relay affords. “native” frame relay services, frame relay They also extend a customer’s reach outside provides a service platform and backbone for of the closed user group without adding costly provisioning access to the Internet. ISP switch- dedicated connections to remote users and es reached close to $1.9 billion in worldwide trading partner locations across the Internet cumulative revenue between 1997 and 2001, or shared IP networks. and is the fastest growing segment (according For More Information:

World Wide Web http://www.frforum.com

E-mail [email protected]

Phone 510-608-5920

FAX 510-608-5917

www.frforum.com