Buzz Issue: The sketchy promise of extended SLAs.

Strong service-level agreements that span multiple ISP networks would be paradise for users, but so far paradise is still lost.

The proving ground for these "extended SLAs" has become VPN services because businesses want strong security and solid performance. ISPs say they can handle these requests as long as all employees and business partners connect via the same Internet backbone. Such a demand is not only inflexible but also unrealistic. By now, most midsize to large companies already have dedicated Internet connections that they won't swap merely to communicate with business partners through an extranet.

Extranets notwithstanding, users still hanker for extended SLAs. These would let users create corporate VPNs that employees could access from multiple ISP networks. As any network executive will tell you, no matter how many points of presence an ISP has, some employees will still reside in cities without one.

For now, businesses must devise their own solutions when building a VPN over multiple ISPs. For example, the Automotive Network eXchange (ANX) has contracted for cooperation among five ISPs that provide access to its extranet. Of course, with more than 10,000 businesses expected to connect, the ANX has negotiating power to get ISPs to conform to one SLA. Most companies aren't in that league.

While ISPs would ideally work together, they haven't been inclined to do so. Their reticence has opened the door for new service providers. CoreExpress, QoS Networks and SmartPipes, three start-ups launched this year, each promise to offer extended SLAs and other choices for supporting VPN traffic over multiple ISP nets.

More at the core

CoreExpress plans to offer SLAs that span all service providers that connect to its network. It already has agreements with three of the top four service providers and expects to serve nine markets when it launches its service later this month, says Tony Zeis, chief technology officer at CoreExpress.

The carrier is building a nationwide fiber-optic network with a network operations center (NOC) at its headquarters in St. Louis. It will deploy Multi-protocol Label Switching (MPLS) throughout the network, which will use 23,000 miles of dark fiber from Level 3 Communications and routers from Juniper Networks and Cisco, Zeis says. Using MPLS, CoreExpress will be able to prioritize customer traffic and offer performance SLAs for availability, latency and packet loss. Business users will use any vendor's VPN access equipment.

"hart picture"Hughes Network Systems (HNS), in Germantown, Md., plans to test the CoreExpress service. It hopes to cut costs by eliminating some of its hundreds of frame relay and private-line connections, while it maintains or improves performance, says Chris Hart, director of network security and planning at HNS.

Hart is cautiously optimistic about using one service provider and getting access to many. But first things first, he says. "Let's make sure the model works and we get quality of service from point-to-point providers. Once those requirements are satisfied, then we can look into extending a VPN over additional providers."

LDAP in the pipe

SmartPipes, in Redwood City, Calif., has developed a Lightweight Directory Access Protocol application that can support multiple quality-of-service protocols and lett customers configure and provision VPN connections. This application will run on hardware devices at SmartPipes' NOC, planned for Dublin, Ohio. SmartPipes will offer policy management monitoring and certify at least five premises VPN devices for use with its network by year-end, SmartPipes CEO Ray Bell says. Cisco and Microsoft are certified now.

When SmartPipes launched in April, it seemed it would be offering extended SLAs, but that is no longer true. Bell offers the same reason for the about-face that all ISPs give for their xenophobia: the impossibility of predicting the performance of Internet traffic through public peering points.

Without guaranteeing performance, SmartPipes will still offer VPN services that span various ISPs. The company has inked a nonexclusive deal with UUNET, in which that ISP will offer SmartPipes' service. Bell says SmartPipes will have more ISPs on board before its service is available in October. But those customers will have to get a performance SLA from each ISP. Genuity (formerly GTE Internetworking) has been offering its customers a similar option for its VPN Advantage service for more than a year.

Although it is forgoing extended SLAs, SmartPipes will offer a secure, easier-to-manage VPN, says Jeff Wilson, an analyst at Infonetics Research, a San Jose consulting firm. Network managers will be able to add, delete or change access features from their desktops. No other ISP offers such a managed VPN feature.

In the queue

QoS Networks will use class-based queuing and Differentiated Services traffic-prioritization technologies on Lucent gear. These will let users dedicate bandwidth to applications or user groups, and prioritize traffic. The company is teaming with Global Crossing and other service providers to link data centers it is building around the world. The Dublin, Ireland, carrier hopes to offer services internationally from the get-go.

Although none of these carriers had released pricing information by press time, their services will likely cost more than other VPN services.

Other ISPs continue their stance that extended SLAs are impossible. While they might be able to set up performance guarantees through private peering connections already in place, they claim the necessary traffic management technology and monitoring tools aren't yet sophisticated enough to handle extended SLAs. CoreExpress CEO Mike Gaddis says the real problem is the lack of an appropriate billing mechanism.

So CoreExpress has devised a plan through which the ISPs pay each other for originating and terminating traffic. The idea is that participating ISPs would give CoreExpress traffic priority over other traffic because they would be making money on that traffic.

Nevertheless, not a single ISP has tried to extend its peering agreements beyond exchanging traffic. That's a sure sign that extended SLAs from ISPs won't be arriving en masse any time soon.

This story, "Buzz Issue: The sketchy promise of extended SLAs." was originally published by Network World.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon