dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed

Subie Style
Seattle, WA

WAN connectivity - current scenario and proposed options-feedback?


My employer currently has 10 remote sites and one main office. We currently have a traditional setup with the following:
- 9 remote sites has a T1 (TW Telecom converged voice and data) dynamically allocated between data and 4-6 voice lines. Each site has a point to point VPN back to the main office (using Sonicwall devices)
- 1 site has a traditional ADSL line with 3/768k from Centurylink. This site also has a point to point VPN connection to the main office.
- Our corporate office has 30/30 fiber from TW Telecom with no backup WAN connection.

We also have a disaster recovery rack set up at one remote site with its own Fios business class connection with 50/10. This has a VPN connection to every site in the company also using point to point VPNs.

The reliability on TW has decreased over the past year (largely due to problems on the telco's end since they control maintenance of last mile infrastructure) and we are nearly at the end of our three year contract. We will likely retain the fiber at our corporate office for the time being as TW has offered to bump it up to 100/100 for $50/month more (which is a phenomenal deal). Additionally, application performance has become an issue since we are playing with VDI and our current fractional T1 bandwidth has become a serious bottleneck. We also run AppAssure between the main office and our remote site and its inefficient use of bandwidth has become an issue (our current setup doesn't provide serious QOS capabilities).

Our IT director is currently hot on MPLS and has been having the team work with a Cisco specialist from an external vendor to chart our path going forward. He is fed up with TW for the remote sites and wants to find a new ISP.

My proposal differs a bit and consists of the following:
- Work with Comcast to figure out a FTTP option/ethernet service for our main office.
- Work with Comcast to install either ethernet service or (as a last resort) business class cable connectivity for each site. Comcast seems to provide many of the advantages of MPLS over a traditional telco at a lower cost.
- Install WWAN backup capability at each site using Cradlepoint ARC hardware (integrated LTE modems) for fail over of mission critical connectivity.
- Retain point to point VPN structure and hope that application performance improves with additional bandwidth

I am struggling with getting the other team members on board because of the following:
- Comcast has a reputation of being less reliable/lower performance than traditional telcos. I believe a large part of this misconception is due to the fact that many have their consumer grade services and have had less than positive experiences.
- The 'worst case' Comcast setup (Businesss class cable) isn't symmetrical and seems less able to harness their 'MPLS-like' features that are offered with their ethernet products
- What to do with voice… our current setup (in my opinion) is analogous to a PRI and gets around latency and other concerns to provide a better experience than SIP trunks or other VOIP options.
- What to do with QOS… If Comcast's solution doesn't seem workable, what else should I look at? Something like a Silverpeak solution?

I'm curious if anyone else on here has gone through a similar process. What was the outcome and what advice do you have given the scenario described above? In particular, I'm interested in hearing of your experience with Comcast's business grade services when coming from a traditional telco (CLEC).


reminds me of the danse russe
Chandler, AZ
here's the issue:

when you are offered an "mpls" connection from a provider -- they are handing off a connection into their network that is in your own personal 'ip vpn'. because of some of the additional "stuffs" that come with an mpls-based carrier network, things like qos can be carried across the private wan and you can also have things like layer-2 connectivity.

that being said, you need to look at how you're handling your voice connections today. if you are simply handed a block of did's over some timeslots in a pri to a voice gateway -- you can continue with this today. otherwise -- if you are using an ip voice solution, you can carry this traffic over the private wan.

there are alternatives to this, however. it just all depends on your circuit speed and what the overhead of your kit is. at low speeds, it is very possible to use a traditional 'hub/spoke' ipsec vpn or something like a dmvpn solution. it is very possible to carry both voice and qos markings across these tunnels. however, at higher speeds, line-rate crypto becomes very expensive (though a lot of routers are getting better at this). moreover -- companies like cisco are trying to create architectures using dmvpn to provide pseudo private wan connectivity (look into cisco's "intelligent wan (i-wan)" -- which is basically a dmvpn solution with some secret sauce.

either way you slice it, you can get a workable solution -- it just comes down to hardware spend from a cap-ex perspective, and an ongoing monthly cost of circuits, etc. couple this with the level of expertise to support such a solution (mpls handoff's from provider is pure routing, no worries about setting up dmvpn profiles or setting up ipsec peers).

hope this helps.

"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."