Printing firm dumps MPLS service

Wise Business Forms using dual DSL and cable access to reduce cost and support comparable WAN connectivity
  • Tim Greene (Network World)
  • 05 December, 2008 06:20

Shortcomings of an MPLS service led printing firm Wise Business Forms to dump the network service in favor of an Internet-based VPN that delivers better speed at less cost and will pay for itself in 16 months.

The firm's 250 users had recurring troubles with reliability of the four AT&T T-1s feeding MPLS to its headquarters, says Marc Picardo, director of IT for Wise, but the determining factor was cost not performance.

When the private company installed a new digital printing application that would boost the bandwidth requirements among its eight locations spread out in six US states, Picardo started looking for less-expensive options than the US$1,400 to $1,800 per month per site that doubling up the 1.5M bps MPLS T-1s would cost. The monthly cost per site of the VPN connections, which double the bandwidth of the T-1s, is about US$250, he says -- less than he was paying for the MPLS service.

Wise's system integrators, Perket Technologies, recommended using the Internet as the WAN and connecting to it via lower-cost DSL and cable connections. Having a DSL link to an ISP and a cable link to another ISP at each site, they would have redundant services to maintain reliability, Picardo says.

Perket, which had initially recommended the MPLS network, recommended dual Stonesoft StoneGate firewall/VPN appliances at each site to link them to the Internet. Picardo says the firewalls can use both Internet connections simultaneously to load balance traffic at each site, and if one link goes down the devices failover to the other line.

One of the more time-consuming jobs of the transition was lining up the DSL and cable services. Because of the wide dispersion of the sites and the mix of access technologies, Picardo had to contract for WAN services with nine separate providers.

Now that all the lines are in, that number of providers doesn't create extra work. If a line fails, he makes a call to the provider of that line; he'd have to make such a call even if there were just one provider. So far, the only outages the VPN has experienced were due to problems inside the providers' networks, not on the last-mile access lines to Wise sites, he says.

Bandwidth the cable and DSL links provide is ample, and when one line has failed, the StoneGate appliances have diverted all traffic to the second connection.

At the same time, Wise moved its data center from its headquarters office to a collocation site to avoid issues the company had been having with losing power for so long at the data center that its UPS would run out of juice. Unlike the corporate sites, the data center is connected to the Internet via a 7M bps connection that can burst to 10M bps to handle peak traffic, he says. That way at peak times when corporate sites are each sending heavy traffic, the connection to the data center doesn't become a choke point.

Page Break

One downside of cobbling together DSL connections is that the available speeds vary due to the quality of copper lines and the distance between the corporate sites and the providers' central offices. The worst case for Wise is at its headquarters, where the maximum upstream DSL speed it can get is 512K bps, which is inadequate in times of high use, Picardo says. As a stopgap he installed two DSL lines to give an aggregate of 1M bps. Cable service in the area was prohibitively expensive because the provider would have to extend its network at Wise's expense.

Longer term, Picardo is looking into replacing the dual DSL connections with a T-1 Internet connection, which would have stricter service quality guarantees. Since most of the traffic from the headquarters site goes to the collocation facility where the data center now resides, he is also considering adding WAN-acceleration gear at headquarters and at the data center to boost throughput.

On the upside, the new architecture gives each site direct access to the Internet. Before, if a remote site wanted to reach the Internet, the traffic had to go over the MPLS network to the lone Wise Internet connection in Alpharetta, routing that introduced unbearable delays, Picardo says. "Before, you didn't want to get on the Internet. It was pointless," he says. Now the links are responsive and are used freely.

In shifting to the StoneGate firewalls, Wise also got rid of its Cisco and Adtran WAN routers because the firewalls handle all the VPN routing necessary. "It's not a true router, but it does what we need," he says. The transition from MPLS went smoothly. "We moved from MPLS to Stonesoft and moved the data center all in one weekend," Picardo says, "and there were no WAN issues Monday morning."

Despite abandoning MPLS for his data network, Picardo says he's ready to go back to the technology to support a corporate VoIP network that will replace an expensive Centrex service. The new Verizon T-1 MPLS links will fully mesh the eight sites and plug in via IP to Verizon's network, which will handle interfacing with the public phone network. When the MPLS network has free bandwidth, it can also carry data site-to-site to supplement the DSL and cable VPN connections, he says. All that for less per month than Wise had been paying for just MPLS data, he says.