January 03, 2001, 11:32 AM — Strong service-level agreements that span multiple ISP networks would be paradise for users, but so far paradise is still lost.
The proving ground for these "extended SLAs" has become VPN services because businesses want strong security and solid performance. ISPs say they can handle these requests as long as all employees and business partners connect via the same Internet backbone. Such a demand is not only inflexible but also unrealistic. By now, most midsize to large companies already have dedicated Internet connections that they won't swap merely to communicate with business partners through an extranet.
Extranets notwithstanding, users still hanker for extended SLAs. These would let users create corporate VPNs that employees could access from multiple ISP networks. As any network executive will tell you, no matter how many points of presence an ISP has, some employees will still reside in cities without one.
For now, businesses must devise their own solutions when building a VPN over multiple ISPs. For example, the Automotive Network eXchange (ANX) has contracted for cooperation among five ISPs that provide access to its extranet. Of course, with more than 10,000 businesses expected to connect, the ANX has negotiating power to get ISPs to conform to one SLA. Most companies aren't in that league.
While ISPs would ideally work together, they haven't been inclined to do so. Their reticence has opened the door for new service providers. CoreExpress, QoS Networks and SmartPipes, three start-ups launched this year, each promise to offer extended SLAs and other choices for supporting VPN traffic over multiple ISP nets.
More at the core
CoreExpress plans to offer SLAs that span all service providers that connect to its network. It already has agreements with three of the top four service providers and expects to serve nine markets when it launches its service later this month, says Tony Zeis, chief technology officer at CoreExpress.
The carrier is building a nationwide fiber-optic network with a network operations center (NOC) at its headquarters in St. Louis. It will deploy Multi-protocol Label Switching (MPLS) throughout the network, which will use 23,000 miles of dark fiber from Level 3 Communications and routers from Juniper Networks and Cisco, Zeis says. Using MPLS, CoreExpress will be able to prioritize customer traffic and offer performance SLAs for availability, latency and packet loss. Business users will use any vendor's VPN access equipment.
"hart picture"Hughes Network Systems (HNS), in Germantown, Md., plans to test the CoreExpress service. It hopes to cut costs by eliminating some of its hundreds of frame relay and private-line connections, while it maintains or improves performance, says Chris Hart, director of network security and planning at HNS.
Hart is cautiously optimistic about using one service provider and getting access to many. But first things first, he says. "Let's make sure the model works and we get quality of service from point-to-point providers. Once those requirements are satisfied, then we can look into extending a VPN over additional providers."
LDAP in the pipe
SmartPipes, in Redwood City, Calif., has developed a Lightweight Directory Access Protocol application that can support multiple quality-of-service protocols and lett customers configure and provision VPN connections. This application will run on hardware devices at SmartPipes' NOC, planned for Dublin, Ohio. SmartPipes will offer policy management monitoring and certify at least five premises VPN devices for use with its network by year-end, SmartPipes CEO Ray Bell says. Cisco and Microsoft are certified now.
When SmartPipes launched in April, it seemed it would be offering extended SLAs, but that is no longer true. Bell offers the same reason for the about-face that all ISPs give for their xenophobia: the impossibility of predicting the performance of Internet traffic through public peering points.
Without guaranteeing performance, SmartPipes will still offer VPN services that span various ISPs. The company has inked a nonexclusive deal with UUNET, in which that ISP will offer SmartPipes' service. Bell says SmartPipes will have more ISPs on board before its service is available in October. But those customers will have to get a performance SLA from each ISP. Genuity (formerly GTE Internetworking) has been offering its customers a similar option for its VPN Advantage service for more than a year.
Although it is forgoing extended SLAs, SmartPipes will offer a secure, easier-to-manage VPN, says Jeff Wilson, an analyst at Infonetics Research, a San Jose consulting firm. Network managers will be able to add, delete or change access features from their desktops. No other ISP offers such a managed VPN feature.
