Making IPSec VPNs Enterprise Class

The last newsletter highlighted the fact that the improvements that we have seen over the last 25 years in the price/performance ratio of wide area networking is nothing close to the price/performance improvements that we have seen for other areas of IT such as storage or processing. This newsletter will discuss a technique to turn low cost consumer-grade IPSec VPNs into an enterprise-class IPSec VPN.

Networkings 50 greatest arguments: IPSec VPNs vs. SSL

The last newsletter highlighted the fact that the price/performance of commonly used WAN services in the United States ranges from an average high of $1,200/Mbps/month for MPLS to an average low of $500/Mbps/month. The $500/Mbps/month is for an Internet VPN via a Tier 1 ISP assuming that the IT organization uses a T-1 and not DSL for access.

Some IT organizations, however, are reluctant to use an IPsec VPN because the Internet does not support any form of QoS. As a result, IPsec VPNs don’t always provide acceptable levels of latency, jitter, and packet loss for interactive enterprise applications or real-time applications. Part of the quality issue is due to the fact that packets are routed over the path that the Border Gateway Protocol (BGP) specifies regardless of whether traffic traversing those paths is encountering high levels of congestion resulting in unacceptable levels of latency, packet loss or jitter.

Not all IT organizations use a T-1 or similar facility to access an IPsec VPN. For example, IPsec VPNs can also utilize consumer-grade Internet access using cable and/or xDSL. These access technologies are high speed, and very low cost typically in the range of $3 to $15 per Mbps per month. However, while the reliability is generally regarded as acceptable for consumers, it is often regarded as being too low to meet enterprise quality standards for connectivity of branch offices to one or more central data centers.

However, a key concept in IT is the concept of adding intelligence to a multitude of consumer grade products or services and hence creating a low cost, highly reliable enterprise class product or service. For example, RAID (Redundant Array of Inexpensive Disks) arrays are created by wrapping a layer of intelligence around high volume consumer grade hard disk drives. RAID arrays have become popular because they are inexpensive, highly reliable and highly scalable.

Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. Jim Metzler is vice president of Ashton, Metzler & Associates.