This concept is not new. MPLS/BGP/VPNs has long been a “carrier technology” used for isolating customer traffic A from customer traffic B. As typical hardware in the distribution layers of campus networks such as Cisco 6880, Brocade MLX and Juniper MX switches have had or added MPLS support more have begun adopting the strategy. The Cloud Connectiv team has subject matter experts that can help you with any type of MPLS and/or WAN deployment whether you need a basic BGP peering for your provider managed MPLS network or you very own VPN V4/ LDP deployment.
It used to be…unless you work for a WAN service provider, you don’t really need to know how the MPLS cloud works at the micro-level but the Cloud Connectiv team realizes times are changing. Also to better understand and appreciate the benefits inherent in the technology, it’s good to have an understanding of the basics. To help with that, were going to use common enterprise MPLS deployment architecture, using the network diagram shown above. Our scenario shows an enterprise company that is leveraging an MPLS provider to interconnect three geographically dispersed locations.
IS SD-WAN the right fit for your infrastructure?
The use of bandwidth intensive applications, increased adoption of cloud computing and data centre consolidation all place demands on a business’ Wide Area Network (WAN). Unfortunately, network budgets are struggling to keep pace with this demand. Internet connectivity provides a reliable and cost-effective solution but security must be carefully managed due to its public nature. Cloud Connectiv’s Managed SD-WAN service lets you securely expand your WAN with Internet connectivity and dynamically route traffic for each business application through the best available path. WAN bandwidth and performance are increased and improved while costs are reduced.
MPLS - VPN
The combination of the Border Gateway Protocol (BGP) and a label distribution protocol are used to communicate prefix and label information. These protocols permit a nearly automatic set-up of the Layer 3 VPN as any-to-any or hub-and-spoke topologies. Compare this with the messy techniques required to scale and manage VLANs in large Layer 2 networks.
Although service providers have been offering managed MPLS-based VPN solutions for years, the largest enterprise customers are now beginning to investigate and deploy MPLS in their own networks to implement self-managed MPLS-based VPN services. The concept of self-managed enterprise networks is not new; many enterprise customers purchase Layer 2 TDM, Frame Relay, or ATM circuits and deploy their own routed network for these circuits. The largest of enterprise customers even manage their own core networks by implementing Frame Relay or ATM-based switching infrastructures and “selling” connectivity services to other organizations within their companies.
Both of these solutions have had disadvantages; deploying an IP-based infrastructure over leased lines offers little flexibility and segmentation capabilities that are cumbersome at best. Deploying a switched Frame Relay or ATM infrastructure to allow for resiliency and segmentation is a solution within reach of only the largest and most technically savvy enterprises.
As noted, the self-managed MPLS-based network is typically reserved for larger enterprises willing to make a significant investment in network equipment and training, with an IT staff that is comfortable with a high degree of technical complexity. A self-managed MPLS VPN can be an attractive option if a business meets these requirements and wants to fully control its own WAN or MAN and to increase segmentation across multiple sites to guarantee delivery of specific applications. The level of security between separated networks is comparable to private connectivity without needing service provider intervention, allowing for consistent network segmentation of departments, business functions, and user groups.
Maximizing Business Potential
While the technology enables you to create the logical separation across networks, it is important to understand the reasons for creating these logical networks. Enterprise customers increasingly require segmentation for a number of different reasons:
• Closed User Groups (CUG)—The CUGs could be created based on a number of different business criterias, with guest Internet access for onsite personnel being the simplest example. Providing NAC/isolation services also creates a need to separate the non-conforming clients. While this can be done using VLANs within a Layer 2 campus network, it requires Layer 3 VPN functionality to extend it across Layer 3 boundaries. CUGs could be created with partners, either individually or as a sub-group, where the segmentation criteria are resources that are to be shared/accessed. This simplifies the information sharing with partners while still providing security and traffic separation.
• Virtualization—Segmentation to the desktop is driving virtualization in the application server space. This means that even existing employees can be segmented into different CUGs where they are provided access to internal services based on their group membership.
• Enterprise as a Service Provider—With some of the Enterprise networks expanding as their organization expands, IT departments at some of the large Enterprises have become internal Service Providers. They leverage a shared network infrastructure to provide network services to individual Business Units within the Enterprise. This not only requires creating VPNs, but also requires the ability of each of the BUs to access shared corporate applications. Such a model can be expanded to include scenarios in which a company acquires another company (possibly with an overlapping IP addressing scheme) and needs to eventually consolidate the networks, the applications, and the back office operations.
• Protecting critical applications—Another segmentation criteria could be based off the applications themselves rather than the users. An organizations that feels that its critical applications need to be separated from everyday network users can create VPNs for each or a group of applications. This not only allows it to protect them from any malicious traffic, but also more easily control user access to the applications. An example of this is creating separate VPNs for voice and data.
Connected Globally, Quickly, Securely
When it comes to connectivity, colocation means a business is connected globally, quickly and securely. We find that many companies with onsite server rooms often do not have onsite access to a resilient Internet connection, nor do they have dedicated personnel monitoring traffic flow to ensure they always remain on.
Colocation enables organizations to benefit from faster networking and resilient connectivity at a fairly low price – delivering 100 mbps of bandwidth might be hard at an office location and trying to create a redundant solution is often financially unviable. Data centers are connected to multiple transit providers and also have large bandwidth pipes meaning that businesses often benefit from a better service for less cost.
Location, Location, Location
Choosing a colocation provider away from a city or data center hub with optimal connectivity options – both to the capital, Europe and further afield – means having the advantages of all central data centers with the added benefits of having attractive power capabilities and the security of being away from centrally targeted terrorist activity. Out-of-town colocation providers allow businesses to take full advantage of the capital’s infrastructure without the premium costs associated with it.
A colocation solution provides companies with a variety of opportunities, with exceptional SLAs and having data secured off-site, providing organizations with added levels of risk management and the chance to invest in better equipment and state-of-the-art servers. This can enable IT teams the possibility to explore options such as virtualization and condense the amount of racks and servers required.
Colocation providers are able to meet business requirements at a lower cost than if the service was kept in-house. Data centers and colocation providers have the ability to have businesses up and running within hours, as well as provide the flexibility to grow alongside your organization. Colocation space, power, bandwidth and connection speeds can all be increased where required to ensure that all sizes of colocation clients can be catered to.
Did your computing needs shoot up overnight? Or did they drop drastically during your slow season? Instead of having to hire — or fire — new staff or purchase more equipment to handle it yourself, you can just make a call to your colocation provider and scale your service up or down as needed.
Colocation providers keep your servers in climate-controlled data centers, with high bandwidth speeds, and excellent redundancy for network connections. You won’t have to pay the costs to purchase and maintain this kind of IT infrastructure in your own offices, and your internal IT staff can focus on other business operations.
Quality colocation providers house your servers in secure data centers, with security measures that include biometric scanners, closed circuit cameras, on-site security, coded access, alarm systems, and more. And with colocation, you don’t have to hire or purchase any of these security measures yourself — it’s all included in your service plan.
If you have to move offices, or are hit with a power outage, or suffer a natural disaster, you won’t have to worry about your data or services going down. A colocation provider will have multiple backup generators and contingencies in place to ensure that there is never an interruption in service, for you, or for your customers.
Not only does using a colocation provider often save money, but it also turns unpredictable capital outlays into predictable monthly expenses. You only pay for your own equipment, not a whole datacenter. Your company will be able to budget for IT needs and allocate existing resources more efficiently.