Solved

VPN Performance Required for Network-based Applications

Posted on 2001-07-24
8
381 Views
Last Modified: 2010-04-12
Hi,

I'd like to seek your expert opinion on how to support users running application over wide-area IP-VPN and how to prepare an effective service level agreement with IP-VPN service supplier.

The scope of applications includes:

1. VOIP
2. Videoconferencing
3. Video-on-demand
4. Other multimedia business applications typically Oracle and Microsoft

Please advise in terms of packet loss, latency, jitter and service availability, what network performance will be acceptable to each of the above applications running  over wide-area IP network. What other performance parameters would be of concern to customers?

Also, what service levels are expected for optimal application performance?

Regards,
Nkchow
0
Comment
Question by:NKCHOW
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 6395306
Personal opinion, IP VPN product as pitched by the telco providers (Wcom, Sprint, etc) is a no-go for any Voice application, videoconferencing, or any business critical application.
What you have is an encrypted VPN through the Internet. Nobody can guarantee anything through the VPN, you cannot guarantee Quality of Service, and the added encryption layer puts too much overhead on delay-sensitive applications such as voice and vidio.
Unless you control the VPN gear and set the policies yourself, you put business applications at the mercy of the huge telco provider. When you can't get to your applications, who ya gonna call?
0
 
LVL 16

Accepted Solution

by:
The--Captain earned 50 total points
ID: 6420276
lrmoore has some good points, but I think is over-generalizing.  Voice typically occupies less than 56Kbps (bits) per connection, which shouldn't overburden the equipment too much.  Video is another story (but can be compressed, etc using popular enconding schemes).

I think what you need to do is determine the max bandwidth and min latency needed to support all your applications, and write that into your service contract with an appropriately punishing SLA.  Jitter and loss should not be issues unless you are exceeding your specified parameters (in which case you specified your parameters incorrectly).

As for experience with existing VPN service providers, lrmoore seems to have more knowledge there.

-Jon
0
 

Author Comment

by:NKCHOW
ID: 6426052
Thanks to comments from Irmoore & the captain.

I share Irmoore's comments for encrpted VPN over Internet but with a less pessimistic view. There is a different VPN technology called multiprotocol label switching (MPLS) which have been adopted by some service suppliers to provide networked-based VPN service with varying classes of services (defined in terms of packet loss. latency & jitter) guaranteed. I'm not sure how they're received by users. Can anyone share his / her views here?

Regarding captain's remark on how to specify the network performance levels desirable for the different applications, it'll be very useful if I can quote performance figures from some published standards. There are also other less ideal options, such as setting up some tests to clarify on the network performance which requires adequate resources be available. Or alternatively, take the words of the service providers which can be quite risky..

0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 
LVL 79

Expert Comment

by:lrmoore
ID: 6426347
For what it's worth:
http://www.nwfusion.com/news/2001/0806mpls.html

MPLS is what I had in mind when I stated that your telco will own every piece of the link providing you nothing more than promises. Even with an SLA, the penalties for not living up to it are rather small. I simply would not put all my eggs in someone else's basket.

0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6430324
I've heard MPLS VPNs are nothing but bad news.

IMO, most commercial VPN offerings exist simply as a means for corporate lackeys to pass the buck - much easier to blame someone else than to just do the job right yourself.

BTW, I notice you say:

"Also, what service levels are expected for optimal application performance?"

Easy.  As good as possible.  If your budget doesn't allow for that (few do), then this is a question only you can answer.

My best advice:

Use whatever non-VPN service will fit you and your clients needs, which should incorporate eventual VPN overhead.  Do the VPN yourself (cisco will be happy to help if you buy things from them), and outsource the support.

-Jon






0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7871890
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question:

I recommend: split points between lrmoore and The--Captain

if there is any objection or other expert commentary to this recommendation then please post in here within 7 days.
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post a request in Community support (with a link to this page) to refund your points. http://www.experts-exchange.com/Community_Support/

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

thanks,
lrmoore
EE Cleanup Volunteer
---------------------
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 7873199
>I recommend: split points between lrmoore and The--Captain

Sounds good to me.

BTW, I will always object to delete (not relevant here) if the original poster was not the last person to leave a comment - laziness (or worse, unwillingness to award "answer" status) should not be rewarded by pts refunds.

Cheers,
-Jon
0
 

Expert Comment

by:SpideyMod
ID: 7926297
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange

lrmoore points for you at:
http://www.experts-exchange.com/Networking/Broadband/VPN/Q_20509217.html


BTW, delete does not always mean the questioner will get their points back.  Usually (not always) the way it works is if an expert is the last to comment and a deletion is called for, the points are most likely NOT refunded.  If the questioner was the last to respond and it was related to the original question, then a refund is most likely in order.  Things that throw this off are insignificant responses, off-topic responses, added questions (for instance original question was "what is the best router" and the questioner asks another question like "My CDRW doesn't write"), etc.  Moderators look over each question they are responsible for closing in the best interest of all parties (including future PAQ purchasers).  Don't let this stop you from objecting to a recommendation.  Delete recommendations usually mean "with refund".  If no refund is recommended, this is usually specified.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question