|
Oct 22
2009
|
  |
 |
Local Access
Generally, the type of Internet or network access is irrelevant if the performance and repair commitments are up to needs. We’ve learned to be a little leery of wireless but fiber, cable, Ethernet or other hard-line stuff (T1s, T3s, DSL, etc) are all acceptable.
The choice typically comes down to business requirements being met and what prices are being offered by the carriers. Regardless of which you choose, MPLS/Internet for your network or copper/wireless/fiber for your local access, the performance and maintenance commitments matter: guaranteed through-put, latency, response to outage, MTTR, etc.
MPLS / Internet characteristics and differences between the two technologies
Affant’s experience regarding MPLS vs. Internet is that we have seen good results from both and most importantly; data/voice traffic can be secured across either medium.
MPLS is hosted within a single carrier’s network. The good in this is that potential latency and additional points of failure are not introduced by having to traverse multiple carriers’ backbones. However, it also means that if you add additional locations to your network you are limited to your specific MPLS carrier. If your MPLS network is through Sprint, you will need Sprint access at whatever new location you desire to add.
MPLS does not always mean that Internet is provided. There are two ways to address this:
A) Purchase an “Internet hop-off” through the MPLS carrier. This is where the carrier provides a “hop-off” path inside of their network for you and other clients to use. Do not confuse this with Internet directly to your location. An Internet hop-off in the MPLS cloud can affect services such as HTTP(S), SMTP, VPN clients etc as you don’t control the public block of addresses, the carrier does so they will have to set up a pretty tricky NAT or sell you their hosted solution.
B) Purchase a separate Internet connection through the same carrier or another. This will require a device to terminate the connection and route appropriate traffic to it and in the right conditions will provide some redundancy to your network.
MPLS is touted by carriers to be secure. This is untrue; it is actually less secure due to the lack of encryption. Carriers tend to say data is secure because it is “in their network”, in truth, your company’s sensitive data is riding in the “open” on the carrier’s network with no encryption. If someone were to tap into the [little green] telecom box out on the corner of the street by your office, they would have full unrestricted access to your unencrypted data. If your network traffic were to fall into anyone’s hands, it would be in the clear for their use.
Both MPLS and Internet networks allow for a secure VPN network to ride on top. Secure encrypted VPN’s can easily be built on top of MPLS networks just as easily as Internet based networks and is the recommended method for all businesses to secure their traffic across any connection. (Encrypting traffic may require you to find alternative ways to apply QOS / TOS to your traffic depending on your network.)
Both MPLS and Internet networks allow for the VPN network to be fully meshed. This simply means that each location can be connected to every other location over either MPLS or Internet thus providing direct site-to-site communication and or redundancy.
Both MPLS and Internet networks can be terminated on various layer 1 mediums. MPLS is typically terminated on fractional T1 and above connections. Internet typically terminates on DSL, cable, Ethernet, wireless, fiber, T1 and above.
Internet networks allow you to have a selection of carriers per location. Internet networks are not limited to a single carrier. Instead they allow for your business to add a new location with any type of Internet connection (DSL, wireless, cable, fiber, Ethernet, T1, DS3 etc.) or carrier (Sprint, AT&T, Covad, Time Warner etc.)
TrackBack URI for this entry
Subscribe to this comment's feed
Overhead is a boogey-man issue in networks. The performance hit of encryption is very low on modern equipment. The overhead created by the encryption is a small percentage that varies based on the size of the payload. The reason it’s a “boogey-man” is that there is overhead on every network protocol.
Overhead is required at every layer of the network protocols to assure reliability of delivery. In an encrypted stream, an added layer of overhead is introduced to secure the data. Relative to the overhead required for a transmission, adding MORE overhead is not the huge problem it is often introduced to be. We’ve been down this road over the years as the various protocols (point-to-point / serial, ATM, Frame Relay, MPLS, IP, SNA, etc) battled for theoretical superiority. As the price of bandwidth continues to drop, ubiquity, reliability, speed-to-repair, and security are the only issues that matter. More overhead to achieve better diagnostics or security ultimately results in better performance.
Examples of “overhead” in a typical transmission:
-layer one (binary error correction and/or framing)
-layer two (Ethernet addressing / framing and error correction)
-layer three (IP addressing and framing and error correction)
-layer four (TCP/UDP socket IDs and sequencing information and error correction)
Adding more “overhead” at the layer three (-ish) environment to encrypt is not the only overhead, nor the worst of the overhead to be experienced. Is it worth it to achieve security? We think so. We do not think ANY sensitive traffic / data should leave a building unencrypted.
IOW, traffic on an MPLS network should be encrypted, not praised for having lower overhead because it is not encrypted. That’s like pointing out how much more efficient it is to leave one’s car or house unlocked so that we don’t waste time using a key to get in.