Cisco Systems Inc. Monday announced extensions to its routing software that enable service providers to provision Layer 2 VPN services to enterprises across a range of the company’s products.
The extensions, which Cisco calls its Unified VPN Suite, are part of Cisco’s IOS software, which runs across the company’s core and access routers. They are designed to enable service providers with IP backbones to offer VPN services using native IP or Multi-protocol Label Switching (MPLS).
The Unified VPN Suite includes two new protocols: Any Transport over MPLS (AToM) and Layer 2 Tunneling Protocol Version 3 (L2TPv3). The suite also includes enhancements for integrating IP Security (IPSec) with MPLS.
AToM enables the encapsulation of Layer 2 protocols – such as ATM, frame relay and Ethernet, for example – in MPLS for transport across an MPLS backbone. Cisco says it complies with the IETF’s Draft Martini specification for both encapsulation and signalling.
L2TPv3 is a proprietary protocol for native IP backbones that adds Cisco’s Universal Transport Interface (UTI) technology to the L2TP standard. UTI allows a pair of routers connected via an IP network to provide Layer 2 connectivity between a pair of interfaces for the construction of Layer 2 VPNs or to support legacy network migration.
Despite the proprietary extensions to L2TP, Cisco says it submitted L2TPv3 to the IETF six months ago and expects “ratification” late this year or early next.
The IPSec enhancements in the Unified VPN Suite include IPSec-to-MPLS integration, which maps enterprise-sourced IPSec VPNs to MPLS Label Switched Paths in an MPLS backbone.
Though the Unified VPN Suite is targeted at service providers with IP-based backbones, Cisco believes carriers with ATM backbones can benefit as well. Carriers faced with the limits of their regulated ATM backbones can use the Cisco software to harness bandwidth on an unregulated IP backbone and extend their global reach, says Sangeeta Anand, senior director of product marketing for Cisco’s Internet Technologies division.
Cisco is also hoping to accelerate the migration from ATM to IP/MPLS with this package by convincing service providers that they can ultimately reduce capital and operational expenditures, and simplify network operation, by consolidating everything onto an IP/MPLS infrastructure. Incumbent carriers are hesitating due to the elusiveness of revenue- and profit-rich IP services, and the immaturity and unfamiliarity of MPLS compared with ATM and frame relay.
Other elements of the Unified VPN Suite include integration of the Cisco VPN product with those of third parties for service activation, monitoring, reporting, intrusion detection and policy management. Another is Cisco Easy VPN, software that provides a consistent connection and policy and key management method across Cisco’s routers, security appliances and VPN clients.
Cisco’s Unified VPN Suite is available in Cisco IOS Releases 12.0S and 12.2T for platforms ranging from the 800 series access routers to the 12000 series Internet routers. AToM currently supports Ethernet and ATM Adaptation Layer (AAL)-5. Support for frame relay, High-level Data Link Control and Point-to-Point Protocol will emerge in the next two to three months, Anand says, and packet-over-SONET will be supported eventually as well.
The software requires no memory or other hardware upgrades, Anand says.