CoSine moves to make IP VPNs easier

An independent maker of IP service delivery switches has added Multi-protocol Label Switching capability to its flagship platform.

The move by CoSine Communications, announced last week, is designed to make its IPSX 9000 switch for service providers capable of delivering enterprise-grade IP VPNs with little or no requirement for new customer premises gear.

Together with the IPSX 9000's existing IP Security (IPSec), network-based firewall and virtual routing capabilities, CoSine executives hope the MPLS support convinces carriers to use the switch as the basis for enterprise IP VPNs serving corporate and off-net sites.

MPLS is an increasingly popular traffic-engineering technique that uses discrete labels for distinct user and application groups to separate forwarding information from IP headers. The idea is to create multiple VPNs without requiring switching and routing gear to dive deep into headers to divine quality-of-service characteristics all the way through the network.

But unlike many existing MPLS-based services from large carriers, in CoSine's implementation MPLS is tightly coupled with IPSec for a full range of end-user access options.

As called for under the IETF's MPLS specifications, the IPSX 9000 acts as a Label Edge Router to create a label-switched path through the carrier network between any two corporate sites. But the switch also adds firewall and IPSec encryption application services for public Internet communications outside the MPLS VPN -- all to give organizations fully secured extranets for extended numbers of authorized end users.

CoSine, a 1998 start-up that went public last year, largely competes with IP service switch vendors that have been snapped up by large manufacturers, such as Lucent's Spring Tide acquisition and the market-leading Nortel Networks' Shasta family of products. But the MPLS capability also brings the IPSX 9000 into the orbit of competition with carrier gear providing frame relay and ATM services, as well as customer premises gear supplied under carrier-managed IP VPNs.

Betting on all-in-one

CoSine officials are betting that service providers will spring for a network-edge platform that provides label switching and IPSec encryption all in one at the carrier site -- while eliminating the need for outfitting customer premises with their own security. "For a carrier, the notion of supporting a multinational corporation with [customer premises equipment (CPE)] is kind of scary," says David Messina, CoSine's director of product marketing.

The IPSX 9000 is a 26-slot, 19-rack-unit chassis supporting different combinations of access, trunk and processor blades. It supports up to 1,400 T-1s per switch, with OC-3c, T-3 and Fast Ethernet interface options. But it also has built-in frame relay support, announced last fall, to support user sites with frame relay interfaces in transition to pure IP VPNs -- up to 200,000 frame relay permanent virtual circuits per switch.

The IPSX 9000 is designed for carrier points of presence at the network edge, which would typiccally hand off MPLS-based traffic to Cisco or Juniper routers in the core.

The switch comes with CoSine's InVision Service Management System, which centrally manages up to tens of thousands of discrete subscriber networks. Because CoSine is gunning for carriers serving sizable companies, the vendor also provides a browser-based customer network management system called InGage that lets corporate network administrators view and configure packet filter, Network Address Translation, firewall and bandwidth policies. InGage also provides usage accounting and multiple levels of user authorization and access control.

Messina quotes a sample configuration supporting 56 T-1 connections with virtual routing, MPLS VPN and IPSec firewall capability for $125,000. More fully loaded configurations would cost the service provider considerably more, although without the expense of managing CPE at hundreds or thousands of sites, he says.

Current CoSine customers, including a mix of carriers such as Covad Communications and Sweden's incumbent Telia, can get MPLS functionality as a no-cost upgrade to the IPSX 9000's IP Network Operating System software.

This story, "CoSine moves to make IP VPNs easier" was originally published by Network World.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon