Application Brief Nortel Networks Virtual Private Networking solutions for service providers Service providers addressing the market for Virtual Private Networking (VPN) need solutions that effectively meet customer requirements. Because no two customers are alike, service providers need access to a complete portfolio of VPN solutions backed by a vendor who truly understands and knows how to meet the broad spectrum of market needs. Responding to service provider requirements, Nortel Networks delivers one of the most complete VPN portfolios in the industry. The term Virtual Private Networks comes with a simple three-letter acronym VPN but in fact represents a very wide range of technologies, protocols, and service types. VPN is defined by Nortel Networks as a secure, packet-based communications network built for the use of an enterprise over a shared public infrastructure. This is a broad definition to be sure, but so are the options open to service providers for delivering secure, private enterprise communications. Nortel Networks VPN solutions at a glance: CPE-based IP-VPN solutions Nortel Networks Contivity Secure IP Services Gateway Features security and IP services in a single integrated platform and supports site-to-site, remote access, and extranet VPN service. Alteon SSL VPN Extends the reach of enterprise applications to mobile workers, telecommuters, partners, and customers through a remote access security solution leveraging the ubiquitous SSL capability inherent to virtually all Web browsers. Network-based IP-VPN solutions Services Edge Router (SER) 5500 Broadband Service Node Provides advanced IP-VPN and other IP services to subscribers and supports intranet, extranet, and remote access. Multiservice Switch (MSS) portfolio Supports security, scalability, reliability, and control with an architecture that offers a powerful, cost-effective way of creating multiple, segregated IP-VPNs within a shared environment.
Hybrid VPN solutions SER-Contivity hybrid IP-VPN solution Leading example of how Nortel Networks VPN solutions can be combined to deliver the advantages of each in a single, integrated VPN. In this example, a single VPN is created across both platform types, sharing a single remote access client (the Contivity client), which results in lower operating cost and increased user flexibility. Ethernet-VPN solutions Optical Ethernet Combines the reach and reliability of optical networking with the simplicity and cost-effectiveness of Ethernet to deliver higher bandwidth with lower cost. Optimal for the delivery of time-sensitive, mission-critical applications such as Voice over IP, storage networking, and applications hosting. Service providers planning their VPN deployment strategies must recognize the wide scope of deployment alternatives and how they map to customer applications and the competitive landscape of VPN service offerings on the market today. A strong and credible vendor can be a tremendous ally in this market, helping with technology selection, business modeling, service introduction, and ongoing evolution of the service. While many equipment vendors have approached the VPN market with a one size fits all model, Nortel Networks has been careful to develop and evolve a diversified portfolio of VPN offerings.
Nortel Networks recognizes that different end-customers have different service needs (e.g., security, user control, accessibility) and that service providers have differing delivery needs (e.g., scalability, manageability, survivability). A good solution must fit these requirements. Different VPN solutions come with different inherent strengths, and a truly comprehensive VPN solutions vendor will recommend the solution or solutions best able to meet service provider requirements effectively and economically. Nortel Networks works with service providers to deliver optimized VPN solutions that will shorten the path to service profitability. CPE-based IP-VPN solutions Intelligent devices on customer premises are able to establish secure, encrypted VPN tunnels across an IP network using the IETF standards-based IPSec protocol, or the widely available Secure Sockets Layer (SSL) protocol. Both protocols assure data confidentiality through certificate authentication. CPE IP-VPN solutions have enjoyed widespread success in enterprisemanaged deployments and, increasingly, carrier-managed deployment scenarios. (Figure 1) Nortel Networks Contivity Secure IP Services Gateway is a leading IP-VPN incumbent solution featuring security and IP services in a single integrated platform. Contivity supports site-to-site, remote access, and extranet VPN service. With the IP routing, stateful firewall, policy management, and QoS services of Contivity, service providers can offer the IP services that normally require multiple purpose-built devices. As a highly scalable family of devices, the Contivity platform offers a complete IP services portfolio, from the low-end Contivity 1000 series to the high-end Contivity 5000. This enables Contivity to address the security and IP services needs of the smallest branch site or the largest headquarters. A Contivity Secure IP Services Gateway can be installed as an IP access router, VPN gateway, or stateful packet firewall depending on enterprise need. The industry-leading Contivity client can be deployed in most types of PCs or PDAs connected to the Internet to achieve ubiquitous remote VPN connectivity. Nortel Networks Alteon SSL VPN is a remote access security solution that extends the reach of enterprise applications to mobile workers, telecommuters, partners, and customers. By using Secure Sockets Layer as the underlying security protocol, the Alteon SSL VPN allows for an unrestricted remote access with the Internet providing remote connectivity and the ubiquitous Web browser as the primary client interface. Benefits of Alteon s browser-based client approach include remote access to applications from laptops, home/partner PCs, PDAs and kiosks, and reliable remote access or extranet service from any active Web browser. Additionally, browser-based remote access yields the benefits of reduced management for administrators, who no longer have to install, configure, and manage thousands of software clients.
Network-based IP-VPN solutions An alternate way to create a provider-provisioned IP-VPN is to utilize a powerful, shared-use VPN switch on the edge of the carrier network, where it can support hundreds of individual customers simultaneously. (Figure 2) Service providers will realize tangible capex and opex benefits from the network-hosted solution s economies of scale. They ll be able to deliver rich service offerings, tailored to the needs of individual enterprise customers, while allowing those same customers to make provisioning changes to their own IP-VPNs using on-line administration tools. Figure 2. Network-based IP-VPN solutions Extranet Supplier Telecommuter with IPSec client Services Edge Router Services Edge Router Internet Headquarters BGP/MPLS VPN or Virtual Router VPN Mobile worker with IPSec client Regional office Branch office MSS 20000 MSS 7000 Branch office Nortel Networks Services Edge Router 5500 uses the power of its 100+ processors to provide advanced IP-VPN and other IP services to subscribers. Supported IP-VPN services include intranet, extranet, and remote access service. Network-based IP services include a dedicated firewall for each subscriber, advanced QoS, Network Address Translation, and personalized content delivery services. Nortel Networks Multiservice Switch 7400, 15000, and 20000 support security, scalability, reliability, and control with an architecture that offers a powerful, cost-effective way of creating multiple, segregated IP-VPNs within a shared environment. With Multiservice Switch (MSS) IP-VPN, service level agreements (SLAs) can be established with each customer, complemented by applications that allow customers to verify that commitments are being met. MSS SLAs are based on class-of-service (CoS) parameters such as bandwidth, packet loss, and transit delays. In the case of both products, network-hosted IP-VPN service can be delivered over either an IP, ATM, or Multiprotocol Label Switching (MPLS) network using IETF s BGP/MPLS VPNs (RFC2547bis) or Network-based IP-VPN Architecture using Virtual Routers drafts. Combined with the demonstrated standards-based interoperability of both products with their industry counterparts, this protocol flexibility yields outstanding flexibility in deployment alternatives for the service provider.
Ethernet-VPN solutions Optical Ethernet combines the reach and reliability of optical networking with the simplicity and cost-effectiveness of Ethernet to deliver higher bandwidth with lower cost. It also creates a profitable services solution for bridging the metro network between enterprises and service providers. Optical Ethernet provides connectivity services such as Ethernet Private Line and Ethernet VPNs, along with an entire set of enabled services such as Internet access, transparent LANs, and voice and video applications. (Figure 3) Nortel Networks Optical Ethernet delivers superior network performance including the ability to deliver bandwidth from 1 Mbps to 1 Gbps in small increments, with low latency and jitter and sub-50ms failover. These performance attributes allow Optical Ethernet to deliver a host of connectivity and value-add applications. Optical Ethernet s connectivity services include private line emulation, Internet access, and any-to-any transparent LAN service. Optical Ethernet is especially suitable for the delivery of time-sensitive, mission-critical, value-add applications such as Voice over IP, storage networking, and applications hosting. Nortel Networks Optical Ethernet, based on the Optical Metro product family, is designed to guarantee the network reliability and performance necessary to support real-time, missioncritical applications. Additionally, scalability is enabled through its ability to make disparate local area network (LAN) segments behave as one single LAN. Because there is a 97 percent penetration of Ethernet into global LAN connections, Optical Ethernet is poised to become the foundation for next-generation services and platforms. Nortel Networks is uniquely positioned to deliver this profitable services network for enterprises and service providers.
Standards leadership Standards are a crucial part of the complete VPN story, and Nortel Networks is a leader in the development and adoption of VPN standards at all levels. We continue to be a major contributor of both resources and leadership to the organizations that are driving the standardization and enhancement of MPLS, IPSec, ATM, Optical Ethernet, and various other protocols. We will continue to drive the standards process to ensure the continued utility of VPN solutions to the service provider. Conclusion Service providers encounter VPN customer requirements of every imaginable type and must serve them within the bounds of their network infrastructures and business case realities. Because there is no single VPN solution that will economically and effectively address all enterprise needs, service providers must be aware of and informed about the various deployment alternatives. Nortel Networks offers a complete portfolio of deployment options for provider-managed VPNs as well as extensive assistance with go-to-market planning and support. Nortel Networks VPN leadership and impressive portfolio of solutions make it a valued ally in building VPNs to serve today s needs as well as tomorrow s.