"Companies like these services because they offer considerably more bandwidth with little or no increased WAN costs compared to their legacy counterparts - frame relay, ATM, private lines," says Michael Howard, principal analyst with Infonetics.
That is prompting customers to boost the bandwidth they buy for their MPLS VPN connections above the T-1 speeds that are typically the top size for frame relay connections.
"The demand for higher speeds is going up, and that's a function of availability and pricing, depending on who the provider is," Cochrane says. "Is it an incumbent that is cannibalizing its own [frame relay base] or is it a competitive provider offering lower-price access?"
Hands-on customers stand to save more on monthly bandwidth costs building their own MPLS VPNs and shopping around for the best bandwidth costs, she says. "In that case because you're not limited to one provider, you can shop for the best price in each of your locations and then make the connections yourself with hardware and software you own," Cochrane says.
3. Should I build my own VPN?
If you do, you won't be alone, but prepare to spend time and develop expertise in-house.
According to Cochrane, more WAN connections are made over build-your-own VPNs - where businesses buy their own VPN gear and attach it to WAN connections they have purchased separately - than are made over MPLS VPN services.
This can range from installing and configuring MPLS gear at each site - an expensive proposition - or using site-to-site IPSec equipment that is often packaged with firewalls and is generally less expensive.
The trade-off vs. VPN services is the do-it-yourself part. Businesses have to provide the time and expertise to design, install, maintain and troubleshoot the VPN, says Mark Lewis, a networking design consultant and blogger for Network World. And that means training. Without it, troubleshooting VPNs can be "random, time consuming, and will often not resolve your problem at all - it might even exacerbate it," he writes.
4. Should I use IPSec or Secure Sockets Layer (SSL) for remote access VPNs?
SSL. In almost all cases, SSL VPNs can be set up to deliver the same access that IPSec VPNs do. And SSL offers more options.
SSL VPNs offer application-layer secure access over the Internet using capabilities common to most browsers, which means not having to distribute and maintain client software on remote machines. The limitation is that browsers access only Web-based or Webbified applications.
By pushing Java or Active X SSL VPN plug-ins to the remote machines on the fly, SSL VPNs can create network-layer connections comparable to IPSec, without having to distribute dedicated VPN client software.