As service providers strive to boost margins and find new revenue sources by moving up the customer value chain, some of their best opportunities could be in delivering advanced services based on MPLS to their enterprise customers. Virtual private networks based on MPLS are catching on in a big way, according to consulting firm Forrester, whose research indicates that 33% of North American enterprises now have deployed MPLS, up from 19% in 2005.

“It's become a question of when, not if, customers will move to MPLS,” said Lisa Pierce, Forrester vice president.

For enterprise customers that need to interconnect multiple locations, MPLS offers an economical alternative to traditional connectivity such as frame relay or T-1 circuits. Layer 3 VPNs, which use data stored in the service provider network to establish a secured community of customer locations, can be particularly appealing. Such VPNs enable any individual site within a customer's wide area network to connect with any other site, eliminating the need for multiple point-to-point connections.

As enterprise customers become more comfortable with MPLS, they are looking to expand its use to include increasingly sophisticated applications — such as multi-carrier and multi-service connectivity. Some also are beginning to use MPLS within a single enterprise location.

Sophisticated applications such as these pose challenges for service providers but also could represent new revenue opportunities, particularly in managed services. Often enterprise customers do not have the expertise on staff to manage advanced applications on their own and will seek an outsourced solution. According to recent research from Ovum, managed MPLS-based VPNs are an $8 billion market today that will climb to $13 billion by 2009.

As multinational enterprises begin to adopt MPLS-based VPNs, they sometimes find that a single service provider cannot serve every location in the enterprise's network. Some service providers address this issue through partnerships. Verizon, for example, has a deal with a local carrier in India to offer VPN connectivity throughout many areas of the subcontinent.

To date, Verizon has not interconnected its VPN offerings with other carriers in the U.S. because it has extensive infrastructure here, said Danellie Peña Young, director of private IP for the carrier. “Our success is driven by the fact that we develop services that are standards-based, and the standard for inter-carrier VPNs is still evolving,” she said. “We're keeping an eye on it, but in the U.S., we haven't needed to do it from a reach perspective.”

The fact that each carrier's MPLS offerings are different also complicates matters. “All of the carriers are rolling out their own flavor of MPLS,” Young said. “One may have five classes of service, and another may have four. It's hard to find the least common denominator features.”

Even when a single carrier can provide connectivity to every customer location, however, some enterprises are reluctant to rely on that solution — either because they feel it limits their negotiating power or because they seek a high level of network redundancy. To address this need, some enterprise customers build their own multi-carrier VPN networks by setting up ports and circuits for different carriers and managing traffic between them.

Because not every customer wants to take on that burden, however, some service providers, including Verizon, will manage other carriers' VPN services on behalf of the customer. “Customers can use our managed services offering to manage our solution and a third-party solution,” Young said.

Increasingly, carriers are competing to be what Charlie Muirhead, founder and president of software developer Nexagent, calls the “lead solutions integrator” for such projects. “Service providers all recognize that if they want an intimate relationship with their customers, they need to win that role,” he said. But traditionally, integrating services from multiple carriers has required months of development time, often handled by service providers' complex bid or special project teams. To help streamline the development and ongoing management of multi-carrier VPN services, Nexagent offers a software suite that automates many of the required processes.

“We link together what we call a grid of preferred partners, then use software to automate how the service provider captures customer requests,” Muirhead said. “We can automate many manual steps, and the system flows through data from one phase to the next.”

Such software also may appeal to non-traditional telecom competitors, including information technology companies, such as EDS and IBM, or virtual network operators (VNOs), such as Virtela. VNOs, which have no network infrastructure of their own, could have an edge in the multi-carrier VPN market because they may be perceived as being more neutral, Muirhead added.

Obtaining economical any-to-any connectivity may have been the initial driver of MPLS-based VPNs. But increasingly, enterprise customers are looking to leverage another unique MPLS capability. “We're seeing an increase in customers enabling [quality of service],” Young said. “There's more demand now for QOS and the prioritization of certain applications.”

With MPLS, service providers can deliver multiple classes of service over a single VPN link to provide what technologists call “multi-service VPNs.” Although not all service providers use that terminology, many now offer services based on that capability, often with specific service level agreements associated with each class of service.

“In most cases, this is a Layer 3 service,” said Stephen Wong, service provider marketing manager for router manufacturing giant Cisco Systems. “It needs to be able to look at the packet coming in and say, ‘Is this data or video or voice?’ then make intelligent decisions based on that information.”

Wong sees multi-service VPNs as an excellent opportunity for network operators to provide managed service offerings. “In addition to selling the VPN, they want to say ‘I can manage your router and provide configuration, provisioning and ongoing support.’ Once their foot is in the door, they can then offer managed voice and other services on top using the VPN as a foundation.””

Another innovative use of MPLS-based VPNs is within an enterprise customer's network. Rather than being used to cross great distances, such VPNs may exist within a single location or campus network. According to Tom Schepers, distinguished systems engineer for Cisco, there are several drivers for that type of connectivity. One is the desire to have strong separation between individual departments or areas within an organization — such as a state government that wants to isolate the police network from other government networks. Alternatively, a manufacturer might want to put a critical piece of networked robotic equipment on its own VPN.

“Manufacturers can't afford to have something in the network take down the production line,” Schepers said.

Such MPLS implementations are based on the same principle underlying Ethernet-based virtual local area networks (VLANs), which also are designed to enhance the security of individual enterprise networks by separating them from one another. But in certain circumstances, Schepers said, MPLS provides additional benefits. “VLAN is Layer 2 separation. By going to Layer 3, you bring in other facets,” he said. “VLANs are perfectly fine for a lot of customers. But if you have overlapping IP addresses or want robust Layer 3 infrastructure between divisions, VLANs may not be sufficient.”

If an organization has experienced numerous mergers and acquisitions, overlapping IP addresses can be a huge problem, he added.

Only the largest enterprises have MPLS expertise in-house, however, which means that managing an enterprise customer's internal MPLS network could be an opportunity for service providers — particularly if the customer also wants to connect remote locations using MPLS.

As Robert Whiteley, senior analyst for Forrester, pointed out, “Most MPLS terminates at the provider edge. Now you're talking about MPLS all the way to the demarc point. You can do it, but the customer may have to oversize their router to get the feature functionality to handle MPLS,” he said. “It's not nearly as mature as the frame-relay market, where I can choose a router and tell the provider, ‘Here's what I'm doing.’ More likely the service provider will say, ‘Here's the two or three routers we will support.’ You're apt to get one giant managed service where the carrier manages the router.”

Although MPLS applications involving multiple carriers or MPLS within the enterprise are highly specialized, they — along with multi-service VPNs — offer service providers the opportunity to tap into the lucrative and fast-growing managed services market. Service providers also should be able to leverage successes in that market to gain a higher share of business from some of their largest — and potentially most lucrative — enterprise customers.

ONLINE

Ready Ed Gubbins' “In the spotlight” with Kamran Sistanizadeh, Yipes' co-founder and chief technology officer, on managing carrier Ethernet services and SLAs.
www.telephonyonline.com