Sparton Corp WAN Analysis
Upcoming SlideShare
Loading in...5
×
 

Sparton Corp WAN Analysis

on

  • 326 views

 

Statistics

Views

Total Views
326
Views on SlideShare
322
Embed Views
4

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 4

http://www.linkedin.com 3
http://www.lmodules.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Sparton Corp WAN Analysis Sparton Corp WAN Analysis Document Transcript

  • Contents The Case for Frame Relay The Case for MPLS The Case for IPsec VPN Conclusion Sparton Corporation Wide Area Network (WAN) Analysis September 25, 2009 Page 1 of 9
  • Contents Table of Contents Introduction 3 Definition of terms 4 The Case for Frame Relay 5 The Case for MPLS 6 The Case for IPsec VPN 7 Comparison Matrix 8 Recommendations 9 Proposed Solution Diagram 9 Page 2 of 9
  • Introduction When it comes to connecting all of Sparton Corporations’ remote locations via a wide area network (WAN) there is a choice of 3 viable provisioning technologies: Frame Relay, MPLS, and IPsec VPN. Each option comes with its corresponding strengths and weaknesses. The solution most appropriate for Sparton Corporation will be measured and weighted against the following business requirements: • The classification of information being transferred between sites. Standard classifications are data, voice, & video each of which has specific latency requirements for the applications they serve. • The level of reliability and quality of service (QoS) required supporting departmental Service Level Agreements (SLAs). • The level of security required to meet all regulatory requirements and established best practices. • Flexibility and cost effectiveness. The purpose of this Analysis is to study the existing, WAN design and typology of Sparton Corporation, and determine which of the available provisioning technologies will best suit the organizations near-term and long-term needs relative to its intensive turnaround efforts. Page 3 of 9
  • Definition of Terms The following definitions will be used throughout this paper. Frame Relay Frame Relay is a communication protocol for the data transmission between local area networks (LANs) and between end-points in a wide area network (WAN). For most services providers, they provides a permanent virtual circuit (PVC), which means that the customer sees a continuous, dedicated connection without having to pay for a full-time leased line, while the service-provider figures out the route the data travels to its destination and can charge based on usage. A fully meshed design which provides any-to-any connections between sites increases the complexity and the monthly recurring cost of frame relay exponentially. MPLS - Multiprotocol Label Switching MPLS is a high performance, highly flexible communication protocol for the data transmission between local area networks (LANs) and between end-points in a wide area network (WAN). MPLS allows a business to have a fully meshed network where each location can communicate with one another without any additional charges, unlike Frame relay IPsec VPN IPsec VPN is a cost effective, highly flexible “virtual” communication protocol that transmits data across the WAN in a virtual, IPsec encrypted tunnel utilizing existing Internet connections at each remote site. It provides a fully meshed network design and collapses the WAN and Internet access on to a single network that reduces costs. Latency Latency measures the data transmission time from the source sending a packet of data to the destination receiving it. Several applications like voice, and especially video are sensitive to increases, or delays in data transmission latency. QoS – Quality of Service Quality of Service refers to the consistent performance of a network as supported by the network Service Level Agreements (SLAs). Fully meshed Design In a fully meshed network design all locations of the WAN are connected directly to each other. A meshed network offers redundancy in that if a single location becomes unavailable the other sites can continue communicating. Page 4 of 9
  • Existing WAN The Case for Frame Relay Frame Relay is the current technology used to provision the WAN throughout Sparton Corporation. Frame Relay is a data link layer communications protocol that enables the establishment of multiple independent circuits, or data links, over a single physical connection. In a frame relay network, each individual logical connection is called a Permanent Virtual Circuit (PVC). Beyond cost savings, PVCs have a distinct advantage over traditional leased lines because PVCs are software defined, so they can be created, altered or dismantled in a matter of hours. Frame Relay networks are considered private because each customer’s individual traffic is separated into a predetermined path, the PVC. Unintended recipients cannot view traffic that is not deliberately sent to them. Key Strengths • Ability to support multiple Layer 3 protocols. Frame relay is a data link layer technology, and thus can support any Layer 3 protocol. Businesses applications based on non-IP protocols, such as IPX, SNA or AppleTalk benefit from this feature. • Installed base. Frame Relay is the most prevalent of the three WAN provisioning methods (but is quickly losing ground to MPLS). Key Limitations • High cost and complexity of meshed configurations. • Potentially high network delay. Depending on the topology of the frame relay network at Sparton, packets traveling over the WAN may experience high latency relative to other IP network designs with any- to-any connectivity. Page 5 of 9
  • How About MPLS? The Case for MPLS One of the top benefits of MPLS is that it creates a fully meshed network by default. So by being connected to a MPLS network at each location, Sparton will have a direct, any-to-any connection throughout the organization without any of the additional cost or configuration that would be necessary with frame-relay or IPSec VPN. An application that most benefits from this "any-to- any" connectivity is Voice-over-IP (VoIP). VoIP is challenging to implement over IPSec site-to-site VPN tunnels because the encryption and going through multiple Internet carriers can cause too much latency. The other main benefit of MPLS is the quality of service (QoS). Either the carrier will offer QoS in its standard offering or it will be an add-on feature. With the QoS of MPLS, Sparton can prioritize certain delay sensitive traffic (such as voice and video) all the way through the carrier’s network. Key Strengths • More flexible than Frame Relay. MPLS gives the network manager a great deal of flexibility to divert and route traffic around link failures, congestion, and bottlenecks. • Fully meshed design built-in allowing any-to-any connections. • Quality of service (QoS) built-in. • Disaster Recovery Site services. Many providers provide access to a corporate DR site as an affordable, easy to setup option. Key Limitations • MPLS is a private IP network service and requires separate, dedicated connections at each location (similar to frame relay). Page 6 of 9
  • How About IPsec VPN? The Case for IPsec VPN The flexibility and ubiquity of the Internet has made it a logical substitute for the private lines, Frame Relay or MPLS ports that many companies use today to connect their remote locations. One obvious drawback, however, is the fact that a network this widely accessible is not inherently secure. IPsec VPNs use a protocol known as IP Security, or IPSec, to ensure the privacy of data traveling over the public Internet. The “virtual tunnels” that IPsec VPN uses connects remote sites across existing, lower cost/higher bandwidth internet connections and is thus, the least expensive WAN provisioning method. Key Strengths • Variety and cost-effectiveness of bandwidth options. • Fully Meshed design allowing any-to-any connections with additional configuration work. • Inherent ability to connect remote users. • Need for only one connection per site. An IPsec VPN allows Sparton employees to use the same connection for both Internet and WAN connectivity. Key Limitations • More complex access control plus dedicated routers that support IPsec VPN tunneling are required at all locations. • QoS is not supported and latency is dependant upon the internet’s “best effort” of data delivery. Page 7 of 9
  • Comparison Matrix Feature Frame Relay MPLS IPsec VPN Latency Latencies in a Frame Relay Latencies in a MPLS WAN are Latencies in a IPsec VPN WAN WAN are usually quite low as usually quite low as this too is can be variable as this traffic this is a “Private” data service a “Private” data service with travels across the public with very strict service level very strict service level internet which generally has agreements or SLAs. Frame agreements or SLAs. MPLS will poor SLAs. Internet traffic is Relay will support latency support latency sensitive delivered based on a “best sensitive applications like applications like voice and effort” model which can see voice and video very well. video very well. significant congestion at times. Reliability You have to receive all You will have to receive all Operating all your IPSec VPN Frame Relay circuits through MPLS circuits through a single tunnels through the same a single carrier, which should carrier, which helps with Internet Service Provider could increase reliability. In general, reliability. In general, Frame increase reliability (but Frame Relay and MPLS will be Relay and MPLS will be more decrease fault tolerance) over more reliable than IPSec reliable than IPSec VPNs using multiple Internet carriers. VPNs because there is less because there is less complication in the tunneling complication in the tunneling and firewall configuration. and firewall configuration. QoS While Frame Relay services QoS may be included with QoS features are limited. Once providers have very good the carrier’s MPLS offering or you send your encrypted data SLAs the configuration of QoS it may cost extra. Either way, over the Internet, little can be has to be done on Sparton with MPLS QoS, you can done to prioritize it. You can routers and ads to the prioritize certain traffic all the only prioritize data inside of amount of configuration way through the carrier’s Sparton’s AS (autonomous work involved. network. This is great for system). latency-sensitive applications, like VoIP. Security Used as a private network, Used as a private network, Although with an IPsec VPN Frame relay offers the same MPLS offers the same security WAN data is sent across the security as a MPLS network. as a Frame Relay network. public internet it is encrypted However, keep in mind that However, keep in mind that via IPsec and thus arguably as with MPLS, data sent over as with Frame Relay, data more secure. a Frame Relay network is not sent over an MPLS network is encrypted. not encrypted. Cost The cost of Frame Relay is MPLS does not charge for An IPsec VPN WAN is generally generally the highest of the individual PVCs and offers the least costly as it leverages three. The cost increases site-to-site connections as a the existing internet depending on the CIR built-in feature at no connections at each location. (committed information rate) additional cost. and number of PVCs needed to support every site-to-site connection. Page 8 of 9
  • Conclusions Recommendations While Sparton Corporation’s existing Frame Relay WAN has served its original intent this analysis has revealed that implementing new technologies (like MPLS) and leveraging existing low cost/high bandwidth internet connections at each location, the following could be achieved: • Decreased operating costs. With the proposed solution below, the existing Frame Relay WAN would be replaced with MPLS. The port speeds at each location would be sized to support only delay sensitive traffic like voice and video. The high bandwidth traffic of email messaging and file transfers would be routed through the IPsec VPN tunnels. • Built-in redundancy. Effectively having a second WAN the IPsec VPN tunnels could act as a backup path for the sensitive data which normally flows over the MPLS WAN in the event of an outage. • Quick and convenient access to a disaster recovery site. With a disaster recovery port on the MPLS WAN, we can redirect traffic from a compromised site or sites to a location we have designated as a backup location (or DR site). Proposed Solution Diagram Page 9 of 9