MCI Inc. is making it possible for users to upgrade to IP while maintaining their investment in legacy technology with the second phase of its Secure Internet Gateway service.
The service, called VPN Network Gateway, lets private IP, frame relay, ATM and IP VPN customers communicate securely as if they are on one network. The carrier has deployed gateways between its traditional data, public IP and Multi-protocol Layer Switching networks to provide users with one unified WAN despite disparate network connectivity at multiple sites.
Conestoga-Rovers & Associates uses the service to migrate to IP at some sites while maintaining its investment in legacy frame relay. The professional services company in Waterloo, Ontario, has upgraded five of its 20 sites to MCI's IP VPN service, which supports secure IPSec tunnels over the Internet.
The company needed more bandwidth than frame relay could economically provide, says David Hacker, IS manager at Conestoga-Rovers. "We're expecting to save about 20 percent to 30 percent depending on our ongoing bandwidth requirements," he says.
Four of the five sites have burstable T-1s and the fifth has a dedicated T-1. "We're getting more bang for our buck," he says.
To support the service across its multiple networks MCI has deployed five Nortel Shasta 5000 BSN gateways in the U.S. and one in London. Another gateway is expected to be deployed in Hong Kong by the end of June.
MCI has touted its SIG offerings for a year, but service deployment hit a snag not long after it launched its first phase in June 2003. This offering lets users support dial-up access to their VPN without the need to deploy and maintain a separate Nortel Contivity device.
But interoperability issues forced MCI to push off the rollout of its VPN Network Gateway service, the second phase of its SIG offering. MCI cited interoperability issues related to IPSec tunnel monitoring across Cisco Systems Inc., Lucent Technologies Inc. and Nortel Networks Corp. devices as the reason for missing its planned October launch date.
The IETF is working on a draft specification, RFC-3706, to address this problem, which is called Dead Peer Detection, a keep-alive mechanism used with IPSec so a carrier knows instantly if a tunnel goes down.
MCI expects all its vendors to support this specification, but has opted to support a proprietary method of monitoring IPSec tunnels instead of waiting. When all three vendors support the standard, the carrier says it will upgrade to RFC-3706-compliant software.
The third phase of MCI's SIG offering, a network-based firewall, is expected by year-end. This service will offer customers another level of filtering and security between network sites connecting at the SIG.
The VPN Network Gateway service is available in the U.S. and to U.S.-based multinational customers. MCI says it will be available to users based in Europe and the Asia-Pacific region by year-end.
VPN Network Gateway customers are charged based on how much bandwidth they use. A 256K bit/sec interconnect costs about US$200 per month, and a 1.544M bit/sec interconnect costs about $800 per month. Customers also pay the same monthly rates for their traditional data or IP services in addition to the VPN Network Gateay fees.