Over the last few years, many smaller organisations have been utilising new technologies that promote the concept of Software-Defined Wide-Area Networking (SD WAN). This new strategy has helped in cases where a business wishes to create their own private WAN connections by leveraging VPN over the public Internet. While this certainly is a great benefit, there are still many use cases for dedicated or virtual leased-lines in order to provide a more secure and guaranteed throughput for the customer.
Traditionally, leased-lines where always attributed to a higher-cost and required a full or partial mesh in some cases to allow room to scale. Other alternatives existed that leveraged shared switching paths that virtualised a private circuit, such as Frame-Relay and ATM (old school WAN connectivity).
More recently, the increased growth of remote data centers, higher use of video and voice traffic, and the need to scale as needed has led to the need to provide for better virtual leased line, or VLL, options. This change created replacements for shared WAN resources, such as MPLS and VPLS, while dedicated leased line options moved towards different technologies to accommodate networks with higher demands.
Finally, its important to note that leased-lines are not solely dedicated towards connecting private networks, such as a company’s WAN infrastructure. Dedicated leased-lines can also be used for symmetrical access to the Internet, in which a customer now has their own guaranteed quality of bandwidth, latency, etc. versus using a shared medium such as DSL or cable Internet access. This article focuses on the concepts regarding private leased lines.
What options exist for dedicated leased lines?
At the most basic level, two variations of leased-lines exist: one that utilises a direct connection between customer locations, or one that leverages a shared network and virtualises a private connection. Regardless of which technology is used, there can sometimes be an overlap of concepts, such as the network type that can be used to enter the service-providers network. For instance, in the past, an E1 could have been used as a dedicated leased line between to offices, or as a way to enter a Frame-Relay network.
Modern dedicated lines have changed in that they may now lean more towards an Ethernet-based structure, and can connect via multiple forms of media. This section, Dedicated Leased Lines, refers to the concept of a completely isolated, dedicated line that does not share traffic with other organisations.
Like most aspects of networking, there are many different names for the similar topics. To begin, one of the most basic forms of dedicated fibre that a company can purchase to extend its network to a branch office is through the use of Dark Fibre.
This is nothing more than extra strands of fiber that a service-provider commonly has remaining after their installation on a utility pole or underground. As a service provider adds to their fiber network, rather than running a single pair of fiber, they run several in order to accommodate future expansion and relieve the future cost of installation in the same area. Since many of the strands go unused, they are considered “dark” and can often times be sold to customers as a way of connecting branch offices in cases where they are in the same geographic vicinity. This is a fairly straightforward setup, as the service-provider hands over a connection to this private fiber pair, and it is up to the customer to setup the connectivity. In this case, this can be a pure Layer-2, physically private connection in which each end of the fiber network lands in the customer’s site.
Getting a dedicated fibre connection in this fashion may be costly, and service-providers will only have a finite amount of fiber available. However, through the use of Dense Wavelength Division Multiplexing, or DWDM, multiple fiber endpoints can traverse a single fiber line, allowing more customers to utilise this privatised service.
T-Carrier & Optical-Carrier
T-Carrier forms of dedicated leased line is already phasing out of use across the majority of WAN offerings, it is still mentioned here because it is a dedicated service that is still available from various service-providers.
Its most popular medium is copper; however, it is also possible to have the service over fiber or microwave radio. This option provides a point-to-point network between branches, in cases were the service-provider is able to connect both locations. The lowest T-Carrier offering is E1, which only has 2 mbps. This may be suitable in cases where a traditional PBX needs multiple voice-channels, or where a system needs dedicated, guaranteed service without the need to transfer large amounts of information. However, for customers needing more bandwidth, multiple T-Carrier lines can be bonded, allowing for higher throughput.
Synchronous Optical Networking, or SONET, follows a similar bandwidth-tier approach in which service providers offer Optical Carrier (OC) classes to distinguish levels of service. This can range from OC-1 at 51mbps to OC-48 or higher for WAN based services that require more than 2.5 Gbps or more of bandwidth.
Virtual Leased Lines
In many cases, when organisations are discussing private leased lines these days, they tend to be referring to a Virtual Leased Line, or VLL. VLLs do have the capability of providing an isolated private network for its customers, however, this is different from the dedicated leased lines listed earlier which had physical isolation from other customers.
Regardless of Layer-2 or Layer-3 capabilities, the options listed below all offer private connections between branches, but do so on a backbone network that is shared among all customers in that service-provider’s area. MPLS Offerings from service-providers in regards to Multi-Protocol Label Switching, or MPLS, can often become muddled. For instance, a service provider can sell a product as “MPLS VPN” while other concepts, to be discussed later, are built on top of an existing service-provider MPLS backbone.
Therefore, this section will discuss MPLS in its most basic form: a customer performing VPN services through its network. MPLS is today’s equivalent to the now mostly obsolete Frame-Relay technology, in which routers forward packets based on locally-assigned labels versus the destination IP address. The benefit to the customer is improved traffic control, performance, security, and scalability. When purchased as a service labeled “MPLS VPN” it would typically imply that you are directly connecting to the service-provider’s edge router and using Layer-3 routing to traverse the network. This entails running a dynamic routing protocol between the branch office and service-provider router so the service provider can pass those routes to the other end of the MPLS cloud, which would end with a connection to another branch office. While the service provider isolates the routes learned from customers through Multi-Protocol BGP and uses a virtual-routing and forwarding VPN to reach the other side of the cloud, this still means the ISP has full knowledge of the routes being shared on both ends of the WAN connection.
Other offerings that utilise MPLS at Layer-2 can allow both ends of a WAN to speak directly to one-another, so the routing table on both ends are not directly shared with the service provider. VPLS Virtual Private LAN services is an example of an overlay WAN service that is structured on top of the service-provider’s MPLS network. With VPLS, customers are given an Ethernet connection into the MPLS cloud, and therefore are able to connect to other WAN endpoints as with they were on the same network segment.
Compared to the MPLS VPN option, where the ISP participates in sharing customer IP routes over the VPN, VPLS allows endpoints to reside on the same subnet. VPN can still be utilised for additional security, and offers point-to-point and multipoint capabilities. Since the endpoints connect at Layer-2, IGP routing protocols can be used to share routes from each end of the WAN.
Metro Ethernet & Carrier Ethernet
Where a technology like VPLS resides on an MPLS core, another WAN option in modern leased-lines is large-scale Ethernet. Service providers can easily scale this multipoint service while providing additional options like connectivity to the Internet. Metro Ethernet is simply a wide, geographically spaced Ethernet network provided by a service provider in which a customer is directly handed an Ethernet entry point.
This is somewhat similar to VPLS, where Layer-2 connectivity is used, however, Metro Ethernet does not sit on top of an underlying MPLS network. While this can be a more affordable option compared to MPLS, the disadvantage is that it does not scale as wide as MPLS. Metro Ethernet typically handles hundreds of sites while MPLS can scale to thousands.
Today’s wide-area-networks are becoming more demanding than ever before. With the increase in voice, video, and remote data centers, not only is bandwidth a growing concern, but latency and reliability as well. Long gone are traditional Frame-Relay and ATM networks, and last-mile options like T1 are starting to fade away. Organisations now have more options than ever before in deciding how to connect their remote offices, many of which support multipoint connectivity. Technologies like MPLS have helped create a service-provider backbone that many other services can rely on to provide both Layer-2 and Layer-3 peering options.