Reporter Jessica Scarpati surveyed users who made the switch from MPLS to Metro Ethernet in her recent article: WAN pros find Metro Ethernet services fast, cheap, simple alternative. As much as one can glean from the article title, the results of such a switch were favorable to WAN professionals looking to:
- Cut costs: MPLS, while cheaper and more flexible than T1 and frame relay, is still costly to roll out to every site. The cost of Metro Ethernet services, hardware and maintenance is significantly less.
- Get higher capacity: Enterprises can get anywhere from 7-20 times more capacity with Metro Ethernet than with other fiber services.
- Use less hardware: Multiple routers with frame relay line cards can be replaced with an Ethernet switch.
- Keep familiar protocols: Metro Ethernet uses the same protocols across a WAN as a LAN.
While any one of these advantages can make a company consider Metro Ethernet, consider the advantages of MPLS:
- MPLS has QoS capabilities: “This allows delay-sensitive services such as VoIP to be implemented with guaranteed bandwidth between the endpoints.” Chris Partsenidis explains in his MPLS VPN tutorial.
- MPLS is reliable: If MPLS is configured correctly, you can select routes and heal the network when something goes down to keep the WAN in working order.
- Encryption is optional: Technical editor Michael Brandenburg cited in his MPLS VPN basics tutorial that each MPLS line is isolated from another and never traverses the public Internet, so encryption between sites is optional.
While this isn’t a complete list of advantages and disadvantages, the Metro Ethernet vs. MPLS debate comes down to what your company needs and what they can get. If you decide that MPLS is still the service for you, make sure you understand the different classes of MPLS services to decide the best MPLS VPN for your WAN.
Our recent story on WAN pros who are adopting Metro Ethernet prompted one reader to chime in that Ethernet-based WAN services are not all sunshine and rainbows.
Janno Schouwenburg, a consultant for a service provider in the Netherlands, says he sees far too many enterprises get seduced by Ethernet services’ huge capacity boost and cost savings without fully considering the impact on the WAN and other IT services.
So, before you sign that contract, check out what he had to say (published with permission):
We have a high penetration of Metro Ethernet services next to other means of connectivity [in the Netherlands]. Yes, Metro Ethernet services are way cheaper than the old and almost legacy IP VPN MPLS networks. But there is also a reason for that: Metro Ethernet services are dumb, stupid and simple–for the provider.
Most customers don’t find out until a few months after migration that they got themselves into a lot of trouble. They need so much more knowledge than before, and most customers don’t have those kinds of resources or even see that they need [to learn more about the technology]. Most IP VPN customers used to outsource that knowledge to managed CPE services, and think they can do it themselves when the T1 is migrated to Ethernet.
First of all, they need the right equipment to connect to Ethernet VPNs because subrates of interfaces are very common–that is, a 300 Mbps line is not a 1 Gbps line, although it connects to a 1 Gbps interface.
Then there is no QoS or CoS. OK, if you are used to having 1.5 Mbps and now have 10 Mbps or even 100 Mbps, it seems perfect at first. But when you are [using it for] mission critical [applications] or the users just want a clean voice call, then you get into trouble. Then we all start moving servers around (consolidation, virtualization), trying to build redundancy, etc., and we are back where we came from: complexity. So, who’s gonna help the customer to get the IT infrastructure working again? I see this scenario now every week with our clients and I can only conclude: Networks are damned complex!
June 8, 2011 marked World IPv6 Day, the day where companies like Akamai, Facebook and Google simultaneously turned on IPv6 to see how it worked, where users were coming from and what connectivity broke down.
“Many people assume that everyone surfing Google or Facebook on that day used IPv6. The truth is that unless you had native IPv6 connectivity, you accessed those sites with IPv4 instead,” said IPv6 pioneer and security expert Fernando Gont.
In order to turn on IPv6 for the day, organizations had to add a AAAA DNS record to their main domain for 24 hours and accompany this with measurements, explained IPv6 expert, Silvia Hagen.
Adding these AAAA DNS records to primary domain names causes long timeouts (anywhere between 20-180 seconds) for many users who are not properly connected to IPv6, according to book author and Infoblox vice president of architecture, Cricket Liu. He said, “On World IPv6 Day, these big Web properties … deliberately attach[ed] these IPv6 addresses to those primary domain names to cause this [DNS IPv6 issue].”
One bad IPv6 migration strategy is 6to4 tunneling. Unmanaged 6to4 tunnels are designed to transfer IPv6 packets over the IPv4 Internet, but are renowned for being “flakey … [and] a big source of problems,” said Matt Levine, director of mapping engineering at Akamai Technologies.
Some enterprise WAN managers who shared their IPv6 migration strategies for World IPv6 Day said IPv6 migration was much easier than anticipated. It was mostly fear and uncertainty holding the company back. However, finding IPv6-capable network appliances is proving to be a challenge for those embarking on an IPv6 transition. In particular, lagging IPv6 security features may hamper the transition.
We’re midway through World IPv6 Day, and while some of us haven’t even noticed, participants are diligently testing and tracking the progress of their IPv6 deployments (not to mention spamming reporters with announcements to attach their name to the day). Participating network security vendor Arbor networks, for example, is monitoring World IPv6 Day across its network. This monitoring gives the organization an idea of how much IPv6 traffic is being driven to sites.
Are you wondering where you stand with other enterprises on World IPv6 Day? WAN managers share their IPv6 migration strategies on World IPv6 Day in these profiles.
“Organizations have to really assess the readiness of their existing IPv6 infrastructure: what they have to do; how much more equipment they will have to purchase; what new services they have to install…. I think this exercise will allow them to gauge how much more work there will be to fix the infrastructure or make it ready to handle IPv6 traffic,” said Blue Coat chief scientist Qing Li.
Because so many organizations are joining together in the IPv6 test, World IPv6 Day empowers service providers, content providers and hardware vendors to run IPv6 in a way that is less frightening than doing it alone. There’s no embarrassment if something is not connecting or if there’s a DNS IPv6 issue, because it’s expected. If we’re all in the learning experiment together, we can come out of it knowing more and with support across the globe.
May marked the month of Interop Las Vegas 2011. While I got to shake the hand of celebrity chef Rick Moon and meet the likes of industry experts Jim Metzler and John Curran, what I valued most was speaking with the network architects, engineers and managers who attended the show.
Attendees came from companies of all types and sizes. One headed an international Fortune 500 enterprise IT department; while another said he “is it” for the IT department –- really: the title on his business card read “IS/IT”— information systems / information technology.
Despite their varied backgrounds, these IT professionals, like many others, were interested in what breakthrough WAN technologies were shaping up in the enterprise as well as how to move to IPv6. We answered these questions on SearchEnterpriseWAN.com in our Interop 2011 Las Vegas recap, which covers the conference exclusively around wide area networks. In addition to answering the questions above we also cover what’s going on with Cisco, how the role of network manager is changing and how vendors are helping organizations embrace the cloud. Check out Q&As, blogs, articles and video on our conference page or send us your feedback from the conference by commenting below.
At Interop Las Vegas 2011, just about every WAN optimization vendor that didn’t already have a cloud computing strategy developed one this month to improve SaaS performance with cloud WAN optimization—ranging from Riverbed’s cloud performance partnership with Akamai to Silver Peak Systems’ integration with EMC VPLEX Geo for private cloud computing.
Joining the virtual WAN optimization appliance roundup is WAN optimization vendor Ipanema Technologies. The vendor announced its “Cloud Ready Networks vision” consisting of new products and partnerships. What makes Ipanema’s solution unique in the industry is its claim to superior network visibility and WAN governance that can now be applied to cloud environments.
“We guarantee the performance of the applications you’re running in your anything-as-a-service environment across your wide area network,” says Ipanama Technologies Product Manager Mark Burton.
“[Because] we’re able to guarantee the performance, we’re then able to provide SLAs for these critical business applications—for the ERP, for the CRM—while still guaranteeing the performance of the applications that are in the Internet…which is a fairly unique offering that we feel we are uniquely positioned in the market to deliver,” he said.
Ipanema Technologies’ cloud-ready products include the following:
- Ipanema’s ANS 7.0 is the upgraded software that runs on top of its ip|engine products: Ipanema’s latest Autonomic Networking System (ANS) edition can identify specific SaaS traffic—like that of Google Apps, Office 365 and Salesforce—and differentiate this from normal Web traffic. The upgrade also improves on hybrid network unification allowing companies to use multiple network combinations like dual MPLS or service providers. ANS 7.0 is available today.
- Ipanema’s virtual ip|engine appliance: This is a software image that can be uploaded into an anything-as-a-service environment or into a private virtual data center. This removes the requirement for a hardware device to get Ipanama’s WAN governance, although it won’t be available until the end of this June.
- Two new hardware devices: A low-end ip|engine 20 delivers 20 Mbps bi-directional throughput and an even lower-end ip|engine nano-appliance does 8 Mbps. Both will launch in September.*
Burton explains the reasons for Ipanema’s move to the cloud:
We’ve been talking about ‘WAN governance’ for a long time at Ipanema—getting full optimization and control over all your applications across your global network. WAN governance doesn’t change as an approach just because you move to the cloud. In fact, it becomes more important, because when you’ve got cloud-based applications, you still need to be able to discover, understand and communicate your clear key performance indicators to get the information about application performance. You must be able to control and dynamically optimize your public or private applications regardless of whether they’re flowing over the Internet or the traditional VPN.
The guaranteed performance, the application SLA associated with those applications doesn’t change, whether they’re hosted in a service provider’s data center, in Amazon’s EC2 or even your own corporate data center—you still need to be able to guarantee those application SLAs. And of course you need to take advantage of the cost benefit that comes from hybrid networks used in your traditional MPLS VPN and make better use of your Internet connectivity. The whole approach needs to encompass all of your users wherever they happen to be, to provide the flexibility and agility that the enterprise really requires in a dynamic business environment.
*Editor’s note: The devices launched in October and were renamed the nano|engine 2 and nano|engine 5. Read more about Ipanema Technologies nano|engine product line in this post.
When it comes time to refresh your network, wide area network or otherwise, what new technology should you incorporate to make your business run better? Is there such thing as implementing technology that is too advanced?
According to Glenn Evans, lead architect of InteropNet, there is such thing as being too advanced. Evans builds a vendor-sponsored network to showcase the newest technologies of the day while supporting the whims and wills of more than 250 speakers, 350 vendors and 13,000 attendees. Each year, he refreshes the network with the latest and greatest network technology, but even he recognizes that in order to make a fully-functioning production network you can’t go to the bleeding edge. At this year’s Interop, InteropNet is using a new DNS and cloud technologies to negate a single point of failure in the network. Evans was also able to use 10 gig and deploy IPv6 in InteropNet.
So what technology did he avoid? Find out in our Q&A here: InteropNet blends cutting-edge technologies with network needs. Or check out our Interop Las Vegas 2011 special news coverage.
OpenDNS, the largest reverse DNS system on the Internet (the service that connects names to numbers), launched what it calls an “IPv6 sandbox” this week–the first of many announcements that will lead up to World IPv6 Day on June 8.
What is this IPv6 sandbox? I spoke with OpenDNS CEO David Ulevitch to find out. In his words, “It’s a free, publically available DNS server that’s listening on IPv6, where IPv6 is its core competency. It will still do IPv4 DNS addressing, but it provides a way for network administrators to start testing IPv6, to try browsing IPv6 websites and make sure all of that stuff works.”
This gives all of you IPv6 newbies a chance to play with the protocol a full month before world IPv6 Day, so that you can surf the IPv6 Web on June 8th. Not only this, but using the IPv6 sandbox will help your IPv6 training so that you can apply it to your enterprise network.
Ulevitch says OpenDNS is doing this for network engineers who may not be at the cutting edge of technology experimenting with an IPv6 transition: “We want to tell them, ‘look, it’s easy to do this on your desktop even: Get an IPv6 address; you can go to someone like Hurricane Electric and they’ll give you a tunnel to the IPv6 Internet; and then you can go to OpenDNS and point your DNS to an IPv6, publically-available, reverse DNS server, and start browsing IPv6 websites without relying on IPv4 at all.”
Those unfamiliar with how IPv6 works may be wondering, why do I need to use OpenDNS? Can’t my Internet service provider (ISP) connect me to the IPv6 Internet?
According to Ulevitch, even when your ISP gives you an IPv6 address for your computer, the DNS server that you’re talking to is still over IPv4. This means ISPs haven’t done anything to solve the migration of endpoints, desktops or even content and services to IPv6–they’ve just given you a number and solved the problem of you not having an IP address.
“Most people do not use an IPv6-capable DNS server. If you don’t have one of these, you’re not going to be able to reach any resources that are only available using IPv6,” Ulevitch said.
Here’s what he means: When someone gets an IP address from their Internet provider, that often comes along with a DNS server. So when you type in something like www.yahoo.com, your Internet provider’s DNS server translates that into the IP address and takes you to Yahoo.com. Now, even if your Internet provider gives you an IPv6 address, you’re still going to be talking to that same old IPv4 DNS server, so that when you ask for www.yahoo.com, it’s only going to give you the IPv4 answer.
Is this “IPv4 answer” represented by a 404 error? No, because anyone providing IPv6 content hasn’t also shut off IPv4.
“I think that’s something that most people don’t fully understand,” Ulevitch said. “So for everyone who has IPv6, if they’re still talking to an IPv4 DNS server, they’re probably just going to get that website over IPv4 even if they have an IPv6 Internet connection. But if they’re using a DNS server that’s speaking IPv6, then they’ll go to the IPv6 website and they’ll fall back to IPv4 if the website doesn’t have it.”
Why else will OpenDNS be important come IPv6 migration time?
“One of the things that people forget with IPv6 and even DNS is that, DNS was invented so that people didn’t have to remember those IP address numbers. And while some people can remember the IPv4 numbers–with IPv6, it’s a non-starter; it’s 128 bits long, there’s no way people are going to memorize these things. So DNS is really a key piece of IPv6 adoption, so that people can start to serve resources using IPv6. But without DNS it’s not going to happen,” Ulevitch said.
He admitted that there are not a lot of resources that are only available on IPv6 today, but that’s going to change as more people start to adopt IPv6 because IPv4 addresses will have gone. “At some point they’re going to have to give up IPv4 addressing for some resources like peer-to-peer services or websites or whatever it is,” Ulevitch said. Then your only option will be to use IPv6.
At the 2011 IPv6 Summit, Oracle’s senior network engineer, Paul Zawacki, presented a session on IPv6 address planning considerations for the enterprise. He gave this advice on how to implement an internal IPv6 network successfully:
- Challenge your IPv4 experience: In the past, we had to custom-size every subnet. We may have given a /24 to a specific IPv4 network, and those choices came with consequences. It was rare that we guessed perfectly on the size and that that number was still valid eight or nine years out. We either guessed too high or too low. If we guessed too high, we wasted a lot of address space. If we guessed too low, we would be subjecting ourselves to a painful and costly re-addressing exercise. This custom sizing work in IPv4 is also required at the subnet, site and regional aggregation level—all of which is a tremendous burden on the network design teams and the backend registration functions. However, IPv6 eases this burden, which brings Zawacki to his next point.
- Look for new opportunities afforded in IPv6: With proper planning and choices in your design strategy and addressing plan, you have the potential to virtually eliminate most custom addressing design work at the site and subnet level. This opens up new opportunities for things like dense virtual environments, where you’re not at risk of running out of address space to satisfy the requirements for that group of applications. It might also mean that you can automate the backend registrations because of the vastness of the space that’s available to you.
- Standardize wherever possible: We could design an address scheme from scratch and eliminate the things that didn’t work well in IPv4, like that custom design work. If we could standardize the size of networks, sites (where possible) and regional route aggregations, then we could overcome that limitation in our IPv4 designs.
- Keep the math simple for success: If we properly design our addressing plan around some standards, we can keep the math simple. In example, if you stay on major bit boundaries wherever possible and choose to use a few of the right major bit boundaries for the needs of your organization, you’ve tremendously improved the odds for success.
- Just get started: Don’t ignore the fact that IPv4 addresses are coming to an end. Begin an IPv6 migration strategy, which is the very least enterprises should be doing, and don’t stop your IPv6 learning.
In the end, beginning an internal IPv6 migration strategy is a terrific opportunity to start anew, and one that likely only comes along once in a lifetime in your career, Zawacki said.
“It’s not uncommon for enterprises to have extremely fragmented routing tables because of a series of growth and acquisitions that have happened over the course of 20-25 years. Those things are not easily resolved without significant readdressing efforts on a global scale, and we now are presented with that opportunity [in IPv6],” Zawacki said, “It can be extremely liberating.”
Scott Hogg, coordinator of the 2011 Rocky Mountain IPv6 Task Force Summit, was kind enough to share a conference recap with SearchEnterpriseWAN.com. Here’s what you missed at the 2011 IPv6 Summit:
The Rocky Mountain IPv6 Task Force (RMv6TF) dazzled summit attendees with a dual-protocol and an IPv6-only Internet network.
“Those who used the IPv6-only Internet connectivity saw what life would be like in the far distant future when IPv6 would be the dominant IP version,” Hogg said.
The hands-on lab classes that were conducted for IPv6 learning also proved to be wildly popular.
“Is it because of the news of news of the IANA’s IPv4 depletion?” Hogg asked summit attendees.
Many of them of them nodded.
“The Big Boss comes in and says ‘OK, you network engineers, you’ve got this v6 thing under control, right?’
‘Uh, no,” they’ll say. ‘Well, go get some training. Go learn about that thing, because we need to make sure we’re ready for that.’ And then network engineers say ‘OK, Boss, I’ll go learn about it,’” Hogg explained.
This scenario describes why nearly 400 attendees showed up–their largest number of attendance yet. Hogg was astounded by the amount of enterprise interest compared to previous years. Enterprises are further along in IPv6 adoption than what was to be expected–a note IPv6 Summit attendee Jeff Doyle, president of Jeff Doyle and Associates, seconded on his blog.
In the large Imperial Ballroom that was the IPv6 Expo floor, 22 vendors presented their IPv6 technology, solutions and services to those 400 attendees. Top sponsors included:
A full list of vendors and session presentations can be found on the RMv6TF IPv6 Summit website.