Subscribe

MNOs add VPN services

Africa's wireless carriers are primed to provide protected business services for enterprises.

Siphiwe Nelwamondo
By Siphiwe Nelwamondo, technical marketing manager with Aviat Networks.
Johannesburg, 10 Jul 2014

As I have discussed in my recent Industry Insights on LTE technology and the mobile operator sector in Africa, the business model is increasingly moving to one that features private enterprises more prominently. In order to find future growth opportunities so as to leverage the infrastructure operators have put in place, many - if not most - are looking to augment their revenue stream by offering business connectivity services.

One of these business connectivity solutions mobile operators will be looking to add to their offerings is secure virtual private network (VPN) services. The VPN is a mature technology that has been in the quiver of fixed-line telecoms for some time, going back to the start of the Internet revolution. This is when companies such as Check Point Software Technologies came on the scene with some of the earliest and most widely adopted Web security offerings, like stateful firewalls.

VPNs are, by their very design, secure, as virtual tunnels or 'circuits' are established across the Internet from site to site, avoiding the unauthorised, prying eyes of those outside the company from seeing confidential content intended only for corporate insiders. However, in this day and age of advanced cyber threats, typical layer 2 VPNs (L2VPN) may not be enough for many enterprises in Africa, especially those that have operations on other continents. This will be even truer for multinationals that are headquartered outside of Africa, in North America, Europe and Asia.

African enterprise sites will be primarily outward-bound customer-facing companies and most likely go light on the support functions found in many traditional, full-service enterprise sites on other continents, which have permanent IT staff. These companies will want to rely on their service providers to maintain VPN services, in which case, layer 3 VPNs (L3VPN) will be more appropriate.

A rare find

Because there is a great paucity of fixed-line service providers in most of Africa, enterprises will be looking to their mobile network operators to fill the gap in enterprise service offerings. In order for mobile operators to be able to offer the services these enterprises require for business-class connectivity with their brethren sites inside and outside Africa, multiprotocol label switching (MPLS) based VPN services will likely be required.

As is commonly known, in Africa as in many parts of the world, microwave radio takes the lion's share of the overall backhaul network. And with microwave networking, it is necessary that L3 and MPLS services have an innate understanding of microwave protocols to achieve the low latency thresholds that must be registered in enterprise VPNs. Low latency is necessary for voice, video and other real-time communications that cannot tolerate delay in a full duplex mode of operation.

In the past, some vendors of IP/MPLS solutions believed they could reach the level of microwave intelligence required of routers with a simplistic add-in radio card. While this kind of thinking has an intuitive appeal of simplified elegance, in the field, it falls short of the mark. Adding microwave awareness as a mere afterthought to a regular router designed predominantly for the optical world - where incoming IP links are highly predictable - may suffer from poor network performance, high latency and slower failure recovery. Not to mention the extra cost of deploying a separate router.

Built for the job

Only a purpose-built router structured on the idea that microwave technology will be the primary source of IP links can ever hope to meet the level of performance required by mobile operators looking to provide business connectivity services.

The VPN is a mature technology that has been in the quiver of fixed-line telecoms for some time.

The microwave router will exhibit IP/MPLS functionality integrated directly into the microwave platform. This will ensure the router capabilities are in full harmony with the microwave transport functionality because they are the same box. Microwave networks exhibit unique characteristics, and with a microwave router, a mobile operator's network will perform at its highest level across all types of interface bandwidths, protection and diversity configurations and dynamic microwave path conditions.

Capable of delivering enterprise-class MPLS VPN services, a fully integrated microwave router supports L2/L3VPN and virtual private LAN services, which make the service provider's network look like a single Ethernet switch from the customer's viewpoint, effectively making its WAN look just like a local campus.

Backhaul optimised network management

While a fully integrated microwave IP/MPLS router will have the best positioning to effectively provision L3VPN business connectivity services to enterprises, it alone does not provide the full answer for mobile operators. A new breed of network management system (NMS) optimised for backhaul will also be needed for end-to-end VPN management.

This backhaul-optimised NMS will possess the ability to manage layers 1, 2 and 3 - if they are all deployed in the same backhaul network - from a single application with consistent operation across all three layers. Because of the added level of management sophistication required for integrated microwave networking, an NMS will have to be able to manage multiple devices found at remote cell sites, including microwave radios, switches, routers, generators, grid power, intrusion sensors, batteries, DC power plants, rectifiers/chargers, air conditioning, dehydrators and possibly others.

Though, above all else, an NMS for a backhaul network supported by integrated IP/MPLS routers must have secure backhaul management. It must have encryption for backhaul control and management traffic, secure access control for all management access methods (eg, local craft, server, Web, mobile) and secure management interfaces (eg, SNMPv3, SSL/TLS).

Share