But though Internet VPNs are very successful in those network domains, they have not displaced traditional WAN services for LAN-to-LAN connectivity. Internet VPNs lack the reliability, security and simplicity of conventional WAN services. Often the cost of support and the cost of downtime eat away the savings of using cheap Internet bandwidth. So users have stuck with services like frame relay.
Now a new type of VPN is aimed at LAN interconnection. It's still early days for the technology, and network-based VPNs (NB-VPNs) will not become a broad success quickly, though some carriers are far ahead of the pack. The global carrier Equant has more than 500 customers on its MPLS-based service; many of those moved out of frame relay. Savvis, which has a history of providing services to the financial community (a demanding group -- you don't skimp on reliability when the network moves millions of dollars), has more than 350 customers on its Nortel Shasta-based VPN service, with the largest customer having more than 7,000 sites. Other carriers, such as AT&T and Qwest, have had more moderate success with network-based VPN services. And there are many other carriers just now starting services.
From the carrier's point of view, these services are indeed something new. They use new technologies, like virtual routing, MPLS, IPsec in the cloud or GRE tunnels. They may be layered on ATM or directly over optical. Relative to pure ATM or frame relay switching, there are cost and scale benefits for the carriers. But from the customer's perspective, it's difficult to see what's unique here.
Like frame relay, NB-VPNs let a controlled number of users share a pool of bandwidth on a common carrier backbone, isolating traffic so each customer perceives he or she is the only user on the network. But there is an important difference, and it's not the technology, but in its pricing structure.
Rather than charging for virtual circuits between locations as with frame relay, most NB-VPNs bill each network site based on an access charge, port and bandwidth/delay guarantees, making it easier to budget for and provision new services.