Variety of VPN services on tap from Verizon

Verizon is mustering a managed VPN push that will offer customers more advanced service choices and further distance itself from once-close IP partner Genuity.

Verizon is mustering a managed VPN effort that will offer customers more advanced service choices and further distance the carrier from once-close IP partner Genuity.

The local exchange carrier (LEC) says it will introduce its first Verizon-managed IP VPN service in March. Verizon is building a Multi-protocol Label Switching (MPLS) network to support a handful of fully meshed VPN offerings that include IP-enabled frame relay and ATM services.

Verizon is expected to announce a fully managed site-to-site IP Security (IPSec) VPN in March that will let users transmit corporate data over the Internet using secure tunnels, says Tom Roche, director of offer management. The site-to-site IPSec service includes customer premises equipment deployed at each site that’s connected to the VPN.

Verizon will use Nortel’s Contivity and Cisco’s 3000-series devices to support the service that will be managed from Verizon’s network operating centers in Frazier, Pa., and Austin, Texas.

The service, which Verizon is promising by June, will offer customers three service classes with performance guarantees. Verizon says it’s still working out the details of its service-level agreements.

This service description might sound familiar to Verizon customers. It essentially describes the VPN Advantage service that Verizon resells today. But VPN Advantage is a Genuity service that is managed by the ISP and runs over Genuity’s network.

“Many of our customers are happy with Genuity’s service, but they are also looking for a more flexible offer in terms of management,” Roche says.

Verizon has been moving away from Genuity since 2002 when it became clear the ISP might not recover from its financial woes. Verizon officially severed financial ties to Genuity in July.

In November, Verizon also launched its long-distance Enterprise Advantage initiative, which has accelerated Verizon’s move away from Genuity. At that time the LEC said it would launch services to customers in the Northeast in the first quarter of 2003 and roll out nationally to 56 markets over the next two years

While Verizon’s IP network spans coast to coast, it’s not a true national backbone because it misses significant portions of the map, which is why Verizon also is partnering with Sprint. About a month ago, Verizon quietly inked a deal with Sprint to use its IP network to support customers in areas where its own IP network will not reach, says Jason Summers, director of advanced network services at Verizon.

Verizon also is in the process of building an MPLS network over its own IP network. The LEC is testing many MPLS switches that support the IETF’s RFC 2547.

This specification lets the LEC support VPN services at Layer 3 by dedicating paths over its network for individual customers. These services usually are called network-based VPNs. Each user’s routing tables are stored on the switches throughout Verizon’s network using Border Gateway Protocol.

The benefit of RFC 2547 is that it’s transparent to customers, who can interconnect IP and frame relay networks at Layer 3, says Jennifer Rosales, a group manager at Verizon. The specification is more scalable because customer routing tables are stored on MPLS switches in the network that can be updated at the same time from a Verizon network operations center, as opposed to updating individual devices on a site-to-site VPN that might not be as accessible.

Verizon’s MPLS services are expected to roll out in a few cities in August or September, with networkwide support later in the year, Summers says.

Verizon initially might have a hard time winning over customers who want to fully outsource their IP VPN, says Lisa Pierce, an analyst at Giga Information Group. While it has offered a variety of router, server and application management services for some time, this is Verizon’s first foray into fully managing IP VPNs. Verizon “has little IP VPN expertise,” she says. Fortune 1000 customers likely will not switch from a longtime IP service provider to Verizon, but instead might use them for backup initially, she says.

And some firms will continue to run their own VPNs, unless given compelling financial incentive to switch.

Paul Ladd, director of MIS at Suffolk University in Boston, says he recently decided to run his own VPN rather than outsource, because of the cost.

“It seemed more cost-effective to do our own, and we already manage our own network,” he says. “When I looked at having third parties provide a VPN, it’s an ongoing cost every month, and over time I felt buying our own platform and doing it ourselves presented significant potential savings.”

Verizon isn’t the first LEC to pitch this type of service. Qwest, the only LEC to operate its own national IP network, has offered site-to-site and network-based VPNs for years. SBC and BellSouth offer site-to-site VPN services with MPLS VPN services planned for this year.

While MPLS will work over a one carrier’s network, getting it to run across a partner’s network out of region isn’t easy, says Roddy Tranum, director of product management for VPN and security with BellSouth.

“MPLS doesn’t have a great deal of effectiveness across a network-to-network interface [NNI],” he says. “That’s something we’ll look at this year. We want to see whether we can partner and do MPLS NNIs, or whether we should stick to connecting at the Layer 2 level out of region.”