Network Computingwww.networkcomputing.com

But though Internet VPNs are very successful in those network domains, they have not displaced traditional WAN services for LAN-to-LAN connectivity. Internet VPNs lack the reliability, security and simplicity of conventional WAN services. Often the cost of support and the cost of downtime eat away the savings of using cheap Internet bandwidth. So users have stuck with services like frame relay.

Now a new type of VPN is aimed at LAN interconnection. It's still early days for the technology, and network-based VPNs (NB-VPNs) will not become a broad success quickly, though some carriers are far ahead of the pack. The global carrier Equant has more than 500 customers on its MPLS-based service; many of those moved out of frame relay. Savvis, which has a history of providing services to the financial community (a demanding group -- you don't skimp on reliability when the network moves millions of dollars), has more than 350 customers on its Nortel Shasta-based VPN service, with the largest customer having more than 7,000 sites. Other carriers, such as AT&T and Qwest, have had more moderate success with network-based VPN services. And there are many other carriers just now starting services.

From the carrier's point of view, these services are indeed something new. They use new technologies, like virtual routing, MPLS, IPsec in the cloud or GRE tunnels. They may be layered on ATM or directly over optical. Relative to pure ATM or frame relay switching, there are cost and scale benefits for the carriers. But from the customer's perspective, it's difficult to see what's unique here.

Like frame relay, NB-VPNs let a controlled number of users share a pool of bandwidth on a common carrier backbone, isolating traffic so each customer perceives he or she is the only user on the network. But there is an important difference, and it's not the technology, but in its pricing structure.

Rather than charging for virtual circuits between locations as with frame relay, most NB-VPNs bill each network site based on an access charge, port and bandwidth/delay guarantees, making it easier to budget for and provision new services.

What are NB-VPNs' other selling points? Most NB-VPNs provide direct connectivity between all sites as a fully meshed WAN, which makes them a great match for flattened network topologies. Companies doing voice or video convergence need to eliminate network hops to reduce latency and loss, which NB-VPNs do quite nicely. For large-scale networks, NB-VPNs simplify administration by reducing the number of circuits, both real and virtual, that fan out of data-center locations. But except for reducing the circuit count, frame relay can do all of these things.

Frame relay buyers won't even have to change anything to reap the benefit of NB-VPNs. Those carriers that don't have a strong NB-VPN story will adopt the new pricing model in frame relay. WorldCom's Bundled Frame Relay Pricing Service offering is a good example. Others will heavily discount frame relay PVC charges to get the same effect. So as a buyer of WAN services, you'll find it doesn't matter whether you choose NB-VPNs or frame relay. You can win either way.