MPLS (multi-protocol label switching) VPNs (Virtual Private Network) have long been recognized as a preferred option for dedicated, high performance connectivity over a wide area network (WAN), such as linking data centers or branch offices that require high volume and reliability. Often these MPLS VPNs would use a broadband internet connection, either DSL, Cable or LTE, as a backup option. It has become more common recently to leverage that broadband for internet offload. In fact, the broadband internet is also being used as the primary VPN link for many locations and is even being combined with single user remote access options. Regardless of the use case for the broadband VPN, it uses the IPSec protocol to encrypt the VPN traffic to keep it secure.
The MPLS VPN is a high-speed, single-carrier-operated network. An enterprise can directly link any of its MPLS VPN sites directly and at high speeds and enjoy highly predictable and reliable performance.
Better quality transport
Because MPLS is under the control of a single operator and supports traffic policy enforcement, it provides better quality transport for time-sensitive traffic, such as streaming real-time video/audio or live voice-over-IP (VoIP) calls. Furthermore, because it is multiprotocol it can handle multiple types of data streams, including IP, ATM and frame relay.
IPsec VPNs work well for lower-speed data transfers from small satellite offices, home offices and individuals connecting from public access sites using readily available, low-cost remote-access broadband connections to connect to a VPN server or the MPLS VPN server. If an organization is a largely “hub-and-spoke” configuration, with lots of small sites that need to communicate only with a data center, an all-IPsec VPN environment may make sense.
As Frost & Sullivan recently observed, “The choice of MPLS versus Internet comes down to whether the CIO is comfortable with entrusting his/her company's applications to the Internet or prefers to keep them on a private network that does not touch the Internet.”
Choosing among VPN options
What typically determines whether a given location connects using an IPsec or an MPLS VPN are factors such as:
- The size of the site to be connected
- How much bandwidth is needed at that site
- Performance reliability requirements for that site
- The degree of direct connectivity to other corporate sites
- The WAN connectivity budget available for the site
Most larger, multi-location organizations use multiple VPN technologies to keep offices connected to shared networks. This mixed connectivity environment is drawing many enterprises to a hybrid VPN architecture that "allows an organization to mix and match connectivity" and differentiate and prioritize data streams based on policy. A hybrid VPN is created when individual IPsec VPN sites connect to an enterprise MPLS VPN.
Best of both worlds
A hybrid VPN approach is particularly appealing as enterprises increasingly adopt cloud and need a secure connection from IP-based VPNs in satellite locations to a centralized MPLS VPN. In this way companies can benefit from the flexibility and reach of broadband as well as the quality of service offered by a managed MPLS solution. By creating virtual tunnels with end-to-end encryption, no matter where data travels between point A and point B, it should be highly secure.
But implementing that hybrid VPN may be “easier said than done” as somebody still had to undertake the task of configuring systems and policy-based routing to integrate multiple disparate voice, video and data networks to a single MPLS IP network. Furthermore, enterprises will increasingly look to take advantage of networking services hosted in the cloud, adding additional complexity.
In many cases, it is prudent for enterprises to rely on managed services and managed network providers to handle that complexity. Network Services from AT&T can be combined to form a responsive, agile and highly secure network that provides consistent, protected access to corporate information across locations, connecting business partners, cloud providers, and mobile workers.
New era for MPLS
Traditionally, the biggest issue with MPLS-based WAN VPNs has been the time and costs required to make changes to the dedicated, proprietary customer premises equipment (CPE) required to connect to the carrier’s MPLS service. (In fact, our next blog will preview a recent survey that illustrates how costs and other financial factors are limiting enterprise network modernization efforts.)
In today’s highly competitive markets, enterprises want flexibility and on-demand services that they have become accustomed to from cloud providers. The AT&T flexible MPLS network scales to accommodate changing bandwidth and application needs. The company’s network-based IP VPN solution is provided over the Global Network from AT&T utilizing MPLS and provides high-performance, any-to-any connectivity to a single network. That makes it possible to integrate different types of data and different types of access to a single MPLS IP network while being able to assign class of service to prioritize traffic.
In a competitive environment, the network is critical to increasing productivity, supporting applications and connecting locations anywhere a business needs to be. With managed VPN services, enterprises can choose from a variety of options today and adapt with other options as their needs evolve over time.
AT&T provides a cloud based and SDN configured Broadband IP VPN Remote Access service that provides a virtually seamless hybrid VPN solutions based on IPsec and MPLS – thus providing the best that both technologies have to offer – in a single, highly secure managed solution.
The IP VPN Remote Access service is ideal for telecommuters and remote staff in an office setting. The AT&T Virtural Private Network gateway as a component of the AT&T Network-based IP VPN Remote Access provides a complete solution. IP VPN Remote Access also provides fast connections via wireless or Wi-Fi to a range of mobile devices, extending the reach of the corporate VPN.
The ability to utilize both IPsec and MPLS VPNs is a crucial factor in enabling the agile enterprise to transmit data in a highly secure fashion—to business partners, cloud providers, and remote and mobile workers. Organizations can utilize the most cost-effective and most efficient access method to suit each particular location and worker that needs access, and reallocate resources quickly to offload non-priority traffic from the MPLS or use IPsec as a backup option. No matter which VPN option you choose, AT&T is the market leader in VPN services.
AT&T Virtural Private Network addresses the importance of providing an agile, converged network to connect an enterprise’s locations and integrate both legacy and leading edge technologies in a highly secure, reliable environment that provides full advantages from networking investments. To find out more about the broad range of solutions we offer, click on AT&T Virtual Private Network services or get more insights and though leadership papers at http://att.com/ipnetworking.