OVNC 2015-Open Ethernet과 SDN을 통한 Mellanox의 차세대 네트워크 혁신 방안
Sparton Corp WAN Analysis
1. Contents The Case for Frame Relay The Case for MPLS The Case for IPsec VPN Conclusion
Sparton Corporation
Wide Area Network (WAN) Analysis
September 25, 2009
Page 1 of 9
2. Contents
Table of Contents
Introduction 3
Definition of terms 4
The Case for Frame Relay 5
The Case for MPLS 6
The Case for IPsec VPN 7
Comparison Matrix 8
Recommendations 9
Proposed Solution Diagram 9
Page 2 of 9
3. Introduction
When it comes to connecting all of Sparton Corporations’ remote locations
via a wide area network (WAN) there is a choice of 3 viable provisioning
technologies: Frame Relay, MPLS, and IPsec VPN. Each option comes with its
corresponding strengths and weaknesses. The solution most appropriate for
Sparton Corporation will be measured and weighted against the following
business requirements:
• The classification of information being transferred between sites.
Standard classifications are data, voice, & video each of which has
specific latency requirements for the applications they serve.
• The level of reliability and quality of service (QoS) required supporting
departmental Service Level Agreements (SLAs).
• The level of security required to meet all regulatory requirements and
established best practices.
• Flexibility and cost effectiveness.
The purpose of this Analysis is to study the existing, WAN design and typology
of Sparton Corporation, and determine which of the available provisioning
technologies will best suit the organizations near-term and long-term needs
relative to its intensive turnaround efforts.
Page 3 of 9
4. Definition of Terms
The following definitions will be used throughout this paper.
Frame Relay
Frame Relay is a communication protocol for the data transmission between local
area networks (LANs) and between end-points in a wide area network (WAN). For
most services providers, they provides a permanent virtual circuit (PVC), which means
that the customer sees a continuous, dedicated connection without having to pay for
a full-time leased line, while the service-provider figures out the route the data travels
to its destination and can charge based on usage. A fully meshed design which
provides any-to-any connections between sites increases the complexity and the
monthly recurring cost of frame relay exponentially.
MPLS - Multiprotocol Label Switching
MPLS is a high performance, highly flexible communication protocol for the data
transmission between local area networks (LANs) and between end-points in a wide
area network (WAN). MPLS allows a business to have a fully meshed network where
each location can communicate with one another without any additional charges,
unlike Frame relay
IPsec VPN
IPsec VPN is a cost effective, highly flexible “virtual” communication protocol that
transmits data across the WAN in a virtual, IPsec encrypted tunnel utilizing existing
Internet connections at each remote site. It provides a fully meshed network design
and collapses the WAN and Internet access on to a single network that reduces costs.
Latency
Latency measures the data transmission time from the source sending a packet of
data to the destination receiving it. Several applications like voice, and especially
video are sensitive to increases, or delays in data transmission latency.
QoS – Quality of Service
Quality of Service refers to the consistent performance of a network as supported by
the network Service Level Agreements (SLAs).
Fully meshed Design
In a fully meshed network design all locations of the WAN are connected directly to
each other. A meshed network offers redundancy in that if a single location becomes
unavailable the other sites can continue communicating.
Page 4 of 9
5. Existing
WAN The Case for Frame Relay
Frame Relay is the current technology used to provision the WAN throughout
Sparton Corporation.
Frame Relay is a data link layer communications protocol that enables the
establishment of multiple independent circuits, or data links, over a single
physical connection. In a frame relay network, each individual logical
connection is called a Permanent Virtual Circuit (PVC). Beyond cost savings,
PVCs have a distinct advantage over traditional leased lines because PVCs
are software defined, so they can be created, altered or dismantled in a
matter of hours.
Frame Relay networks are considered private because each customer’s
individual traffic is separated into a predetermined path, the PVC.
Unintended recipients cannot view traffic that is not deliberately sent to them.
Key Strengths
• Ability to support multiple Layer 3 protocols. Frame relay is a data link
layer technology, and thus can support any Layer 3 protocol.
Businesses applications based on non-IP protocols, such as IPX, SNA or
AppleTalk benefit from this feature.
• Installed base. Frame Relay is the most prevalent of the three WAN
provisioning methods (but is quickly losing ground to MPLS).
Key Limitations
• High cost and complexity of meshed configurations.
• Potentially high network delay. Depending on the topology of the
frame relay network at Sparton, packets traveling over the WAN may
experience high latency relative to other IP network designs with any-
to-any connectivity.
Page 5 of 9
6. How About
MPLS? The Case for MPLS
One of the top benefits of MPLS is that it creates a fully meshed network by
default. So by being connected to a MPLS network at each location, Sparton
will have a direct, any-to-any connection throughout the organization without
any of the additional cost or configuration that would be necessary with
frame-relay or IPSec VPN. An application that most benefits from this "any-to-
any" connectivity is Voice-over-IP (VoIP). VoIP is challenging to implement
over IPSec site-to-site VPN tunnels because the encryption and going through
multiple Internet carriers can cause too much latency. The other main benefit
of MPLS is the quality of service (QoS). Either the carrier will offer QoS in its
standard offering or it will be an add-on feature. With the QoS of MPLS,
Sparton can prioritize certain delay sensitive traffic (such as voice and video)
all the way through the carrier’s network.
Key Strengths
• More flexible than Frame Relay. MPLS gives the network manager a
great deal of flexibility to divert and route traffic around link failures,
congestion, and bottlenecks.
• Fully meshed design built-in allowing any-to-any connections.
• Quality of service (QoS) built-in.
• Disaster Recovery Site services. Many providers provide access to a
corporate DR site as an affordable, easy to setup option.
Key Limitations
• MPLS is a private IP network service and requires separate, dedicated
connections at each location (similar to frame relay).
Page 6 of 9
7. How About
IPsec VPN? The Case for IPsec VPN
The flexibility and ubiquity of the Internet has made it a logical substitute for
the private lines, Frame Relay or MPLS ports that many companies use today
to connect their remote locations. One obvious drawback, however, is the
fact that a network this widely accessible is not inherently secure. IPsec VPNs
use a protocol known as IP Security, or IPSec, to ensure the privacy of data
traveling over the public Internet.
The “virtual tunnels” that IPsec VPN uses connects remote sites across existing,
lower cost/higher bandwidth internet connections and is thus, the least
expensive WAN provisioning method.
Key Strengths
• Variety and cost-effectiveness of bandwidth options.
• Fully Meshed design allowing any-to-any connections with additional
configuration work.
• Inherent ability to connect remote users.
• Need for only one connection per site. An IPsec VPN allows Sparton
employees to use the same connection for both Internet and WAN
connectivity.
Key Limitations
• More complex access control plus dedicated routers that support
IPsec VPN tunneling are required at all locations.
• QoS is not supported and latency is dependant upon the internet’s
“best effort” of data delivery.
Page 7 of 9
8. Comparison Matrix
Feature Frame Relay MPLS IPsec VPN
Latency Latencies in a Frame Relay Latencies in a MPLS WAN are Latencies in a IPsec VPN WAN
WAN are usually quite low as usually quite low as this too is can be variable as this traffic
this is a “Private” data service a “Private” data service with travels across the public
with very strict service level very strict service level internet which generally has
agreements or SLAs. Frame agreements or SLAs. MPLS will poor SLAs. Internet traffic is
Relay will support latency support latency sensitive delivered based on a “best
sensitive applications like applications like voice and effort” model which can see
voice and video very well. video very well. significant congestion at times.
Reliability You have to receive all You will have to receive all Operating all your IPSec VPN
Frame Relay circuits through MPLS circuits through a single tunnels through the same
a single carrier, which should carrier, which helps with Internet Service Provider could
increase reliability. In general, reliability. In general, Frame increase reliability (but
Frame Relay and MPLS will be Relay and MPLS will be more decrease fault tolerance) over
more reliable than IPSec reliable than IPSec VPNs using multiple Internet carriers.
VPNs because there is less because there is less
complication in the tunneling complication in the tunneling
and firewall configuration. and firewall configuration.
QoS While Frame Relay services QoS may be included with QoS features are limited. Once
providers have very good the carrier’s MPLS offering or you send your encrypted data
SLAs the configuration of QoS it may cost extra. Either way, over the Internet, little can be
has to be done on Sparton with MPLS QoS, you can done to prioritize it. You can
routers and ads to the prioritize certain traffic all the only prioritize data inside of
amount of configuration way through the carrier’s Sparton’s AS (autonomous
work involved. network. This is great for system).
latency-sensitive
applications, like VoIP.
Security Used as a private network, Used as a private network, Although with an IPsec VPN
Frame relay offers the same MPLS offers the same security WAN data is sent across the
security as a MPLS network. as a Frame Relay network. public internet it is encrypted
However, keep in mind that However, keep in mind that via IPsec and thus arguably
as with MPLS, data sent over as with Frame Relay, data more secure.
a Frame Relay network is not sent over an MPLS network is
encrypted. not encrypted.
Cost The cost of Frame Relay is MPLS does not charge for An IPsec VPN WAN is generally
generally the highest of the individual PVCs and offers the least costly as it leverages
three. The cost increases site-to-site connections as a the existing internet
depending on the CIR built-in feature at no connections at each location.
(committed information rate) additional cost.
and number of PVCs needed
to support every site-to-site
connection.
Page 8 of 9
9. Conclusions Recommendations
While Sparton Corporation’s existing Frame Relay WAN has served its original
intent this analysis has revealed that implementing new technologies (like
MPLS) and leveraging existing low cost/high bandwidth internet connections
at each location, the following could be achieved:
• Decreased operating costs. With the proposed solution below, the
existing Frame Relay WAN would be replaced with MPLS. The port
speeds at each location would be sized to support only delay sensitive
traffic like voice and video. The high bandwidth traffic of email
messaging and file transfers would be routed through the IPsec VPN
tunnels.
• Built-in redundancy. Effectively having a second WAN the IPsec VPN
tunnels could act as a backup path for the sensitive data which
normally flows over the MPLS WAN in the event of an outage.
• Quick and convenient access to a disaster recovery site. With a
disaster recovery port on the MPLS WAN, we can redirect traffic from a
compromised site or sites to a location we have designated as a
backup location (or DR site).
Proposed Solution Diagram
Page 9 of 9