Sign in with
Sign up | Sign in
Your question

opinions on replacing frame network with vpn?

Last response: in Networking
Share
July 21, 2004 10:50:30 AM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

I have a 15 node T1-based frame relay network and am considering
migrating to a cable or DSL-based VPN. Can anyone who has done this
comment on the tradeoff of CIR for additional bandwidth? Has
reliability been an issue? Did the end user experience change for the
better/worse?

Most of my connections are 128 or 256 CIR. I've seen both symmetrical
and asymettrical service options from broadband providers. Looking
for some opinions on what makes more sense: 3M/384K or 768K/768K?
Each of these can be purchased at similar price points.

I've read about quality of service and service level agreements. What
should I be looking for, or expect to get, and in the end, do these
really make a difference?
Anonymous
July 21, 2004 12:12:54 PM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

> I have a 15 node T1-based frame relay network and am considering
> migrating to a cable or DSL-based VPN. Can anyone who has done this
> comment on the tradeoff of CIR for additional bandwidth? Has
> reliability been an issue? Did the end user experience change for the
> better/worse?
>
> Most of my connections are 128 or 256 CIR. I've seen both symmetrical
> and asymettrical service options from broadband providers. Looking
> for some opinions on what makes more sense: 3M/384K or 768K/768K?
> Each of these can be purchased at similar price points.
>
> I've read about quality of service and service level agreements. What
> should I be looking for, or expect to get, and in the end, do these
> really make a difference?

If your traffic is not mission-critical, go for it. Otherwise, I would
not recommend replacing a commercial-grade service with a consumer-grade
service for business applications.

Not that it wont work, it is just that it is less reliable. You cannot
expect to scream at a provider if your cable/DSL goes down waving your
hands wildly that this is for business, etc. As with most things in
life, you are going to get what you pay for.

But if you can afford the potentiality of having some/all of your WAN
down for up to a day or more without significant loss of
productivity/revenue, etc. then it is a great alternative.

kr
Anonymous
July 21, 2004 3:59:56 PM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

CCIE8122 wrote:

>
> If your traffic is not mission-critical, go for it. Otherwise, I would
> not recommend replacing a commercial-grade service with a consumer-grade
> service for business applications.
>
> Not that it wont work, it is just that it is less reliable. You cannot
> expect to scream at a provider if your cable/DSL goes down waving your
> hands wildly that this is for business, etc. As with most things in
> life, you are going to get what you pay for.
>
> But if you can afford the potentiality of having some/all of your WAN
> down for up to a day or more without significant loss of
> productivity/revenue, etc. then it is a great alternative.
>
> kr
>

One thing to also look at:
If the sites are all relatively close to one another (ie: all in the
same city or surrounding towns) point to point T1's are often much
cheaper than frame relay. And you get the full T1 bandwidth. You do need
to have a router that can handle multiple T1's coming into it, tho.

That is what I did recently - all of our offices were in the same city,
and it worked out to be cheaper top have point to point T1 service
connecting the sites that it did to have 56K frame!!! We set up a "mesh"
with pt to pt cicuits between buildings that were closest to eachoer (or
at least out of the same CO) and ran ospf with ecmp. works quite well.
Related resources
July 21, 2004 5:47:14 PM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

CCIE8122 <none@none.com> wrote in message news:<cdltl4$jf8$1@news.xmission.com>...
> > I have a 15 node T1-based frame relay network and am considering
> > migrating to a cable or DSL-based VPN. Can anyone who has done this
> > comment on the tradeoff of CIR for additional bandwidth? Has
> > reliability been an issue? Did the end user experience change for the
> > better/worse?
> >
> > Most of my connections are 128 or 256 CIR. I've seen both symmetrical
> > and asymettrical service options from broadband providers. Looking
> > for some opinions on what makes more sense: 3M/384K or 768K/768K?
> > Each of these can be purchased at similar price points.
> >
> > I've read about quality of service and service level agreements. What
> > should I be looking for, or expect to get, and in the end, do these
> > really make a difference?
>
> If your traffic is not mission-critical, go for it. Otherwise, I would
> not recommend replacing a commercial-grade service with a consumer-grade
> service for business applications.
>
> Not that it wont work, it is just that it is less reliable. You cannot
> expect to scream at a provider if your cable/DSL goes down waving your
> hands wildly that this is for business, etc. As with most things in
> life, you are going to get what you pay for.
>
> But if you can afford the potentiality of having some/all of your WAN
> down for up to a day or more without significant loss of
> productivity/revenue, etc. then it is a great alternative.
>
> kr

What about commercial grade service? I have been told am I not able
to purchase consumer grade service at a business location anyway.
Anonymous
July 21, 2004 8:17:42 PM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

Brian wrote:

> I've read about quality of service and service level agreements. What
> should I be looking for, or expect to get, and in the end, do these
> really make a difference?

I like cr's comments. I have Time Warner RR business service here, and
it is definitely not reliable. We sometimes suffer several short
outages per month. I don't whine too much about it because we only do
email and web surfing, and our web site is hosted by a service. Support
is also about as good as their consumer service, if you catch my
meaning. They don't offer SLAs.

The alternative costs about twice as much, at a minimum. I looked into
Sprint's service, and they do offer SLAs with cash penalties when they
screw up.
Anonymous
July 21, 2004 11:43:28 PM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

>> If your traffic is not mission-critical, go for it. Otherwise, I
>> would not recommend replacing a commercial-grade service with a
>> consumer-grade service for business applications.
>>
>> Not that it wont work, it is just that it is less reliable. You
>> cannot expect to scream at a provider if your cable/DSL goes down
>> waving your hands wildly that this is for business, etc. As with most
>> things in life, you are going to get what you pay for.
>>
>> But if you can afford the potentiality of having some/all of your WAN
>> down for up to a day or more without significant loss of
>> productivity/revenue, etc. then it is a great alternative.
>>
>> kr
>>
>
> One thing to also look at:
> If the sites are all relatively close to one another (ie: all in the
> same city or surrounding towns) point to point T1's are often much
> cheaper than frame relay. And you get the full T1 bandwidth. You do need
> to have a router that can handle multiple T1's coming into it, tho.

> That is what I did recently - all of our offices were in the same city,
> and it worked out to be cheaper top have point to point T1 service
> connecting the sites that it did to have 56K frame!!! We set up a "mesh"
> with pt to pt cicuits between buildings that were closest to eachoer (or
> at least out of the same CO) and ran ospf with ecmp. works quite well.

Excellent point. Since T-1 chan terms are in the $100- $150 range, if
you have a lot that are out of the same CO, or a nearby CO, you can get
very cheap private lines (in the $200-300 range).

Additionally, once you hit about 8-10 T-1s in a single loc, it becomes
cheaper to bring the T-1s across fiber, purchasing a MUXed DS-3 access
from the LEC.

Also noteworthy is that if all your sites are in a single state,
intraLATA Frame Relay from the LEC is typically going to be a lot
cheaper than dedicated internet access.

Of course all of these services are going to run you a fair amount more
than DSL/Cable.

kr
Anonymous
July 21, 2004 11:44:57 PM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

>>>I have a 15 node T1-based frame relay network and am considering
>>>migrating to a cable or DSL-based VPN. Can anyone who has done this
>>>comment on the tradeoff of CIR for additional bandwidth? Has
>>>reliability been an issue? Did the end user experience change for the
>>>better/worse?
>>>
>>>Most of my connections are 128 or 256 CIR. I've seen both symmetrical
>>>and asymettrical service options from broadband providers. Looking
>>>for some opinions on what makes more sense: 3M/384K or 768K/768K?
>>>Each of these can be purchased at similar price points.
>>>
>>>I've read about quality of service and service level agreements. What
>>>should I be looking for, or expect to get, and in the end, do these
>>>really make a difference?
>>
>>If your traffic is not mission-critical, go for it. Otherwise, I would
>>not recommend replacing a commercial-grade service with a consumer-grade
>>service for business applications.
>>
>>Not that it wont work, it is just that it is less reliable. You cannot
>>expect to scream at a provider if your cable/DSL goes down waving your
>>hands wildly that this is for business, etc. As with most things in
>>life, you are going to get what you pay for.
>>
>>But if you can afford the potentiality of having some/all of your WAN
>>down for up to a day or more without significant loss of
>>productivity/revenue, etc. then it is a great alternative.
>>
>>kr
>
> What about commercial grade service? I have been told am I not able
> to purchase consumer grade service at a business location anyway.

I know that in Qwest's 14-state region, if you qualify, you can get DSL
anywhere, they do not discriminate between res and commercial.

Also, I think Comcast doesnt care either.

kr
Anonymous
July 22, 2004 1:20:35 PM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

In comp.dcom.frame-relay, <cdn63s$ki8$1@news.xmission.com>, CCIE8122
<none@none.com> wrote:

>Additionally, once you hit about 8-10 T-1s in a single loc, it becomes
>cheaper to bring the T-1s across fiber, purchasing a MUXed DS-3 access
>from the LEC.

I'm not terribly experienced with DS-3 service to the customer, but
much of the LEC-to-AT&T DS-3 service is still coax (electrical) rather
than fiber (optical). And all the DS-3 equipment I've encountered has
used coax, whether for Frame Relay, ATM, or IP. Were you thinking of
OC-3 rather than DS-3?

Jack Dominey
AT&T Network Disaster Recovery
July 22, 2004 2:20:57 PM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

I have done this very thing at my company. We've migrated 75% of our
AT&T frame network over to VPN's. The speed went up, prices went
down. However, most of those sites use Internet T1's, not broadband.
We've also lost the ability to do QoS and VoIP is now out of the
picture.

For the few sites that have a cable modem, they work well, but I limit
those to sites with fewer than 5 people.

-Robert



On 21 Jul 2004 06:50:30 -0700, n0g0@comcast.net (Brian) wrote:

>I have a 15 node T1-based frame relay network and am considering
>migrating to a cable or DSL-based VPN. Can anyone who has done this
>comment on the tradeoff of CIR for additional bandwidth? Has
>reliability been an issue? Did the end user experience change for the
>better/worse?
>
>Most of my connections are 128 or 256 CIR. I've seen both symmetrical
>and asymettrical service options from broadband providers. Looking
>for some opinions on what makes more sense: 3M/384K or 768K/768K?
>Each of these can be purchased at similar price points.
>
>I've read about quality of service and service level agreements. What
>should I be looking for, or expect to get, and in the end, do these
>really make a difference?
Anonymous
July 23, 2004 5:29:25 PM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

CCIE8122 wrote:

> Also, I think Comcast doesnt care either.
>
> kr
>
Out here in CT, Comcast sure as heck cares. it's 99.00 a month for the
"pro" service if you are a business. (as oppsed to the 39.95 or whatever
that residential folks pay)
Anonymous
July 24, 2004 12:10:19 PM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

>>Additionally, once you hit about 8-10 T-1s in a single loc, it becomes
>>cheaper to bring the T-1s across fiber, purchasing a MUXed DS-3 access
>
>>from the LEC.
>
> I'm not terribly experienced with DS-3 service to the customer, but
> much of the LEC-to-AT&T DS-3 service is still coax (electrical) rather
> than fiber (optical). And all the DS-3 equipment I've encountered has
> used coax, whether for Frame Relay, ATM, or IP. Were you thinking of
> OC-3 rather than DS-3?
>
> Jack Dominey
> AT&T Network Disaster Recovery

No, DS-3 service is delivered by the LEC over fiber from the CO to the
optical equipment.

Now if you are provisioning an entire DS-3 to an IXC, the NI would
indeed be coax, but the facility from the prem to CO would still be
fiber, as the service is pretty much always delivered over optical
circuit from CO to prem. The optical equipment is just carded for DS-3
(or MUXed DS-3).

In this example however, you may not see fiber at the NI with the
customer or with the IXC. The reason for this is the LEC offers a
finished MUX DS-3 service which is MUXed and carded out at the
electrical DS-1 level on both ends (cust prem as well as IXC interconnect).

There is of course another option in which you would see coax at the
customer NI. The LEC can deliver the DS-3 as a channelized circuit to
the customer from the optical shelf. The NI in this case is coax, and
the customer needs to purchase their own M13 to MUX out the DS-1s. But
in the POP, the LEC is going to hand off to the IXC at DS-1 level rather
than DS-3. The IXC will typically aggregate all these DS-1s into
DS-3/OC-x leaving the POP.

By the way, can you tell me why when AT&T provisions a "total service"
circuit (i.e., AT&T orders copper loop from the LEC) the process goes
fairly smoothly, but when AT&T provisions a "baseline" or "STSI" circuit
(i.e., customer/LEC gives AT&T CFA or tie-down on a LEC high-cap
facility) the process is a nightmare?

It would seem logical that if all you need to do is interconnect in your
POP to the LEC, that would be easier than leasing copper from LEC from
the POP to the cust prem.

TIA

kr
Anonymous
July 24, 2004 12:11:51 PM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

>> Also, I think Comcast doesnt care either.
>>
>> kr
>>
> Out here in CT, Comcast sure as heck cares. it's 99.00 a month for the
> "pro" service if you are a business. (as oppsed to the 39.95 or whatever
> that residential folks pay)

Hmm

So does Comcast give you SLAs or anything, or is it just the same
service, same guarantees as res, but you just pay more?

kr
Anonymous
July 24, 2004 12:21:58 PM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

> I have done this very thing at my company. We've migrated 75% of our
> AT&T frame network over to VPN's. The speed went up, prices went
> down. However, most of those sites use Internet T1's, not broadband.
> We've also lost the ability to do QoS and VoIP is now out of the
> picture.
>
> For the few sites that have a cable modem, they work well, but I limit
> those to sites with fewer than 5 people.
>
> -Robert

In my experience, this is the way most businesses do it.

Additionally, there is another alternative that is really catching on.
Pretty much all the tier-one carriers now offer network-based VPN services.

With network-based VPN, their is no need to upgrade your
router/firewall, and the carrier does not colo anything at your prem.
They give you a private-line or frame/ATM circuit to your prem. This is
just a vanilla circuit--in the case of FR/ATM, you only have a single
PVC to the carrier IP cloud -- in the case of PL, you have a PTP to
there IP cloud.

The carrier gives you a fully-meshed, secure IP WAN that is on-net the
entire way -- it never leaves their backbone. Because of this, they
will give you SLA guarantees on latency, availability, delivery, and in
some cases (Qwest, Sprint), even jitter. Because all
tunneling/encryption is done an the provider's carrier-grade platform,
you never need to troubleshoot an IPSec tunnel again.

The upshot is that the carriers that are smart about this, are offering
it for little more than dedicated Internet circuits (I have seen as
little as $50 more per full T-1).

Qwest will actually also give you integrated Internet access/WAN/managed
firewall in the cloud all on the same circuit for an additional $50-100.

I have one customer that converted their entire IXC FR network to this
network-based VPN service and took their telecom billing from $35,000 a
month down to about $8,000.

kr
Anonymous
July 26, 2004 2:20:40 PM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

In comp.dcom.frame-relay, <cdtqjs$o2p$1@news.xmission.com>, CCIE8122
<none@none.com> wrote:

>>>Additionally, once you hit about 8-10 T-1s in a single loc, it becomes
>>>cheaper to bring the T-1s across fiber, purchasing a MUXed DS-3 access
>>
>>>from the LEC.
>>
>> I'm not terribly experienced with DS-3 service to the customer, but
>> much of the LEC-to-AT&T DS-3 service is still coax (electrical) rather
>> than fiber (optical). And all the DS-3 equipment I've encountered has
>> used coax, whether for Frame Relay, ATM, or IP. Were you thinking of
>> OC-3 rather than DS-3?
>>
>> Jack Dominey
>> AT&T Network Disaster Recovery
>
>No, DS-3 service is delivered by the LEC over fiber from the CO to the
>optical equipment.

Ok. Google got me a reference to DS3 fiber modules by Telect, so I
can't say I haven't seen it anywhere. Just something I'm unfamiliar
with.

<snip>


>By the way, can you tell me why when AT&T provisions a "total service"
>circuit (i.e., AT&T orders copper loop from the LEC) the process goes
>fairly smoothly, but when AT&T provisions a "baseline" or "STSI" circuit
>(i.e., customer/LEC gives AT&T CFA or tie-down on a LEC high-cap
>facility) the process is a nightmare?

Sorry, but I have no idea.
--
Jack Dominey
AT&T Network Disaster Recovery
Anonymous
July 26, 2004 8:53:23 PM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

CCIE8122 wrote:

>>> Also, I think Comcast doesnt care either.
>>>
>>> kr
>>>
>> Out here in CT, Comcast sure as heck cares. it's 99.00 a month for the
>> "pro" service if you are a business. (as oppsed to the 39.95 or
>> whatever that residential folks pay)
>
>
> Hmm
>
> So does Comcast give you SLAs or anything, or is it just the same
> service, same guarantees as res, but you just pay more?
>
> kr
>

Nope. No sla's. Back a year or two ago, they used to block IPSEC and GRE
on residential customers lines (or so they told me - never actually
tested it, but they said that they "block all VPN connections")
If you wanted VPN access to work you HAD to get the pro service.
The pro service was also always 3000 down, 384 up. The residential used
to be 1.5 down, 256 up, but now I think they changed it and the speed is
the same as pro service. The only difference now is the pro service
allows up to 5 ip addresses to be assigned. Residential only gets one.
July 27, 2004 7:43:07 AM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

"T. Sean Weintz" <strap@hanh-ct.org> wrote in message news:<10g2inlsgi08h29@news.supernews.com>...
> CCIE8122 wrote:
>
> > Also, I think Comcast doesnt care either.
> >
> > kr
> >
> Out here in CT, Comcast sure as heck cares. it's 99.00 a month for the
> "pro" service if you are a business. (as oppsed to the 39.95 or whatever
> that residential folks pay)

In some regions (MA) the PRO service offers static IPs. Most likely,
you'll need static IP addresses for your VPNs so you'll probably have
to go with business-class DSL which adds $10-20 per month. For many
years we had our business connected with DSL 2mb/2mb which was rock
solid (replaced by a T1 when we moved). If the connection is
critical.... you'll really need a business class service so when you
call the provider they (sort of) care.

Ken
Anonymous
July 27, 2004 1:37:01 PM

Archived from groups: comp.dcom.frame-relay,comp.dcom.vpn (More info?)

In comp.dcom.frame-relay, <10garq4suidot5e@news.supernews.com>, "T.
Sean Weintz" <strap@hanh-ct.org> wrote:

>CCIE8122 wrote:

<snip>

>> So does Comcast give you SLAs or anything, or is it just the same
>> service, same guarantees as res, but you just pay more?

>Nope. No sla's. Back a year or two ago, they used to block IPSEC and GRE
> on residential customers lines (or so they told me - never actually
>tested it, but they said that they "block all VPN connections")
>If you wanted VPN access to work you HAD to get the pro service.

Interesting. I'm reading this over a Comcast connection from home,
using AT&T's internal VPN software. It uses IPSec.

Jack Dominey
AT&T Network Disaster Recovery
!