The mandate for MPLS support

* In the last of a series, Jim Metzler focuses on security

This is our last newsletter in a series of five newsletters that examined some of the factors that are driving IT organizations to rethink their approach to routing. This newsletter will discuss the need for routers to support MPLS.

As noted in a previous newsletter, the routers that an IT organization deploys today must support both the current requirements as well as the ones that will emerge over time. One such requirement is security. Because it connects with entities outside of the enterprise, the WAN is a source of security vulnerabilities. 

In addition, today it is widely accepted that the majority of security incidents originate from within the enterprise. As such, in addition to keeping separate the traffic between an enterprise and its customers, suppliers and distributors, the WAN must also provide separation between the communications of individual departments and work groups. One of the security mechanisms that is inherent in MPLS-based VPNs is traffic separation. In order to separate traffic, each MPLS-enabled VPN is assigned to a unique Virtual Routing and Forwarding (VRF) instance. Traffic destined for each VRF carries its own label value. As such, each VPN is kept logically and physically separate from every other VPN.

Unlike most WAN services, MPLS supports traffic engineering. Traffic engineering refers to the process of selecting the paths that the traffic will take as it transits through the network. Traffic engineering can be used to accomplish a number of goals. For example, a network organization could traffic engineer their network to ensure that none of the links or routers in the network are either over or under utilized. 

Perhaps more importantly, traffic engineering can allow an IT organization to support myriad existing and emerging requirements. For example, most IT organizations have already deployed VoIP. A network organization can use traffic engineering to control the path taken by voice packets in order to ensure appropriate levels of delay, jitter and packet loss. 

In addition, many IT organizations have consolidated servers into centralized data centers and some IT organizations are beginning to deploy virtualized desktops and virtualized applications. A network organization can use traffic engineering to ensure that the WAN traffic between the virtualized desktops in the branch office and the consolidated data centers experiences low delay and packet loss.

This is our last WAN newsletter for a while on the topic of enterprise routing. You can read more about the need to rethink routing here. You can also provide feedback at our blog.

Learn more about this topic

Is routing undergoing a midlife crisis?

The need to rethink routing

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.