Network-Hosted IP Services Find Legs

Posted: 12/1999

Network-Hosted IP Services Find Legs
By Peter Lambert

DSL (digital subscriber line) carrier, Zyan Communications, Los Angeles, is using the
Cisco 6400 access device to offer its own custom version of Cisco’s Service Selection
Gateway to teleworkers. Through the gateway, teleworkers can sign-on to multiple Internet
protocol (IP) network connections, an Internet service provider (ISP), a company’s private
intranet, a videoconferencing service, a voice over IP (VoIP) service, or an extranet
shared by trading partners. Authentication software enables the 6400 to allow or disallow
entry into these private networks according to each user’s contracted privileges.

It ain’t your daddy’s data access network any more.

On the ‘uncool-and-on-the-way-out’ list:

On the way in:

One catalyst for the shifts in technology lies with an emerging class of machines known
as Internet protocol (IP) service provisioning platforms, or IP services switches. While
faster access gains a foothold in homes and businesses–driven by cable modem, digital
subscriber line (DSL) and local multipoint distribution service (LMDS) wireless broadband
access technologies–the new IP service switches promise to marshal all that speed to
create a longer menu of services to be sold and resold by Internet service providers
(ISPs).

Like the remote access server (RAS) in the narrowband world, the IP service switch is
designed to reside inside service provider networks at the metropolitan area level,
aggregating traffic from multiple DSL access multiplexers (DSLAMs), cable modem
termination systems (CMTS) or other broadband access devices.

However, beyond simple traffic aggregation, the IP service switch also uses dozens of
microprocessors to "X-ray" data packets for information on a user and his
privileges, then to apply intelligent routing, security, quality of service (QoS) and
other services to each data flow according to rules stored in policy databases.

"The typical DSL business case calls for getting a major footprint first, and we
don’t believe Internet access alone will sustain that model because of downward pressure
on Internet access pricing," says Enzo Signore, DSL business unit marketing director
for Cisco Systems Inc., San Jose, Calif. "Instead, we think success will require
premium services with higher margins."

Additional players are claiming this premium IP services seemingly every week, and so
far they include Cisco; Abatis Systems Corp., Burnaby, British Columbia; Aplion Networks
Inc., Piscataway, N.J.; the Ascend Communications arm of Lucent Technologies Inc., Murray
Hill, N.J.; CoSine Communications Inc., Redwood City, Calif.; Ennovate Networks Inc.,
Boxboro, Mass.; the Shasta IP Services Unit of Nortel Networks Corp., Research Triangle
Park, N.C.; the NorthChurch Communications arm of Newbridge Networks Corp., Kanata,
Ontario; Redback Networks Inc., Sunnyvale, Calif.; SpringTide Networks Inc., Boxboro,
Mass.; and Unisphere Solutions Inc., Burlington, Mass. (using recently acquired Redstone
Communications Inc. technology).

According to South San Francisco, Calif.-based industry analyst RHK, new revenue
incentives will make IP service switches an increasingly important segment of the overall
edge switch and router market, which reached $1.44 billion in the first half of 1999.

"Core devices are optimized for high-speed traffic forwarding, while edge devices
aggregate traffic and provide advanced services," says Tracey Vanik, director of edge
switching and routing for RHK. "New-generation aggregators from Ascend, Cisco, Nortel
and new entrant Unisphere promise to upset the apple cart [and] volume shipment of IP
services systems from CoSine, Ennovate, Nortel and SpringTide will reshape the market at
the edge."

Value Add

According RHK and other observers, a key element of that reshaping will be a
fundamental shift for data service providers away from selling bandwidth or speed and
toward selling specific services.

"You and I consume voice minutes with guaranteed QoS every day," notes John
Seminerio, president of Abatis Systems, developer of hardware and software systems
dedicated to enabling "consumable IP." As voice service consumers, "we buy
telephone service, call forwarding and other add-ons, but we never buy all this as
64-kilobit circuits."

According to Paul Doolan, vice president and chief technical officer for Ennovate
Networks, the leap to selling services will require creation of a "virtual services
layer" of technologies that operates above pure routing. This higher layer begins
with what Ennovate calls "high-touch routing"–the ability to examine a data
packet for not only its destination address, but for information specific to the
application carried in the packet and specific to the user and his privileges. The virtual
services layer supports automated provisioning of virtual private networks (VPNs),
dedicated "virtual routers" for each VPN, and support for private address space
for each customer.

"Table stakes" for entering the IP services switch race start with virtual
router capability, Doolan says. The basic stakes also include the ability to apply
prioritized bandwidth to specific users and specific applications, such as delay-sensitive
voice.

In this way, one-size-fits-all routing is replaced by "application-adaptive QoS,
the ability to define and enforce service levels per application," says Todd
Krautkremer, vice president of marketing for Packeteer Inc., Cupertino, Calif.

In October, Packeteer introduced its Packet Appvantage application subscriber
management system, a platform designed to produce what the company calls "application
dial tone." Targeted to application service providers (ASPs) that host and manage
applications for businesses and consumers, Appvantage in-cludes service level management
software, application performance analysis and application-specific billing tools which
Krautkremer says can complement IP service switch hardware and software from CoSine,
Shasta and others.

The goal of high-touch routing: application-aware provisioning of network resources; in
other words, to use knowledge about subscribers and applications to allocate network
resources in a way that is sized to user and service needs.

The vision contrasts starkly with plain vanilla, one-size-fits-all IP network access,
wherein premium service opportunities have proved limited. Incumbent local exchange
carriers (ILECs) and competitive local exchange carriers (CLECs) have made a business of
wholesaling managed RAS modem ports to ISPs, routing dial-up telephone lines around voice
switches to RAS modems and then to the ISPs’ networks. Supplying road warriors with remote
access into their corporate networks back home (generally via firewalls managed by
customers) has emerged as virtually the only value-added service on the narrowband dial-up
menu.

That model is being repeated in DSL with data CLECs wholesaling DSL broadband RAS
(B-RAS) ports to ISPs. Such B-RAS platforms are slightly more intelligent point-to-point
protocol (PPP) aggregation boxes–smart enough to route this subscriber to that ISP and
that subscriber to this ISP.

However, IP service switches promise to expand the service provider’s ability to make
money from a broader range of network-hosted services, each of which can carry its own
price tag: firewall authentication service, digital certificate and public key exchange
service, intrusion detection service, compression service, VPN tunnel termination service,
public-to-private network address translation service, prioritized bandwidth allocation,
voice over IP (VoIP) gateway services and a range of other services yet to be invented.

IP service switch makers expect that the network-hosted model will prove especially
attractive to small and medium-sized businesses that do not have the in-house resources to
build and maintain complex systems.

"Instead of forcing tens of thousands of customers each to buy a firewall,"
says Anthony Alles, president and general manager of Nortel’s Shasta unit, "we
provide tens of thousands of firewalls in a single platform."

In addition to unburdening business customers from costly administration of complex
technologies such as VPN tunnels and firewalls, the new IP service switches also promise
the ability to offer more personalized services.

The IP Service Operating System (iSOS) that runs Nortel’s Shasta Broadband Service Node
(BSN) hardware "knows who the subscriber is, and the hardware has the processing
power to apply sophisticated services to each individual subscriber," Alles says.
"Through policy-based automation, it can do this at very large scale."

The initial Shasta BSN box claims to manage up to 32,000 subscribers and up to 250,000
simultaneous virtual connections–a virtue cited by data CLEC DSLnetworks, San Francisco,
when it purchased the Shasta Subscriber Service System Oct. 13. "As DSLnetworks
continues to attract corporate accounts where hundreds and thousands of lines are ordered
at once, it’s increasingly important to get more functionality out of our equipment while
maintaining minimum complexity," said DSLnetworks president and CEO Brad Connors of
the purchase.

Swiss Army Box

One way in which IP service switches promise to reduce complexity for service providers
is through integration of multiple boxes into one. CoSine, SpringTide and others note that
each of their switches employs dozens of microprocessors, each dedicated to performing a
special function at as high a speed as possible.

Implementing these functions is analogous to allowing each customer to pass through the
innards of the IP switch-gathering privileges depending on how much he has paid. Some
processors provide encryption, firewall authentication and other functions that enable
access to private intranets, trading partner extranets or ASP networks. Other processors
might assign class of service (CoS), QoS, content filtering or other special services.

Although startups such as CoSine are setting the pace in this access revolution,
edge-switching and routing market leader Cisco Systems isn’t ceding control yet.

Like Redback’s market-leading broadband access concentrator, the Cisco 6400 Universal
Access Con-centrator now features integrated virtual routers, the key to enabling carriers
to wholesale their IP infrastructure to hundreds of different ISPs or enterprise networks,
Signore says.

DSL carrier Zyan Communications, Los Angeles, is using the 6400 to offer its own custom
version of Cisco’s Service Selection Gateway to teleworkers. Through the gateway,
teleworkers can sign on to multiple IP network connections–to an ISP, a company’s private
intranet, a videoconferencing service, a VoIP service or an extranet shared by trading
partners.

For the customer, says Zyan CEO Terry Lee, the whole operation is reduced to simple
point-and-click choices on a common browser interface. "The emerging virtual router
technology takes difficult customer premises equipment management out of the
equation," says Lee, who adds that the Service Selection Gateway’s ability to offer
users entry into multiple IP services simultaneously gave Cisco an edge over competitors.

Portals and Contracts

"If you’ve put fundamental table stakes like virtual routers and traffic
prioritization in the platform, the question then is, ‘How easy and fast are you making it
for service providers to create new services along the way?’" says Ennovate’s Doolan.
"Rather than proprietary operating systems, it ought to be a card you can slide into
the box and then let any third party, including service providers themselves, program
it."

Indeed, IP services may be paving the way for a world in which both connectivity
services (such as VPNs and IP telephony) and business applications (such as messaging,
payroll or commerce transaction processing) are hosted on service provider networks and
rented on demand by anyone with a service selection browser.

Toward that end, Abatis hopes to foster standardized processes for publishing a
network-hosted application to web portals (including definition of the application’s
network resource requirements); subscribing to those applications via ASPs; contracting
bandwidth and other resources from network service providers; and tracking usage and
billing for those applications.

"We’re advocating a cable channel-type of model for IP services, in which the
service channels are per-application logical pipes that the user can tune to," says
Abatis’ Seminerio. "A business customer says, ‘I want a voice VPN and here’s how many
users,’ and then the application contracts with the network service provider, which in
turn takes on all the capacity engineering, quality of service, billing and other
responsibilities necessary to deliver the service end to end."

Although Abatis advanced that cause earlier this fall when it introduced a Network
Service Contractor software system to carry out that process–and make it repeatable
across any application, any portal and any IP network to any subscriber–even Seminerio
expects baby steps on the way to a network-centric services world.

"Systems being built today are custom networks for each application to a limited
set of customers," he says. "Network service providers will jump at the chance
to instead build them in an open fashion, publishing any application to any portal and
delivering it through any service provider."

Session-Level Tunnel Switching

Peter Lambert is features editor for PHONE+ magazine.