Move on for IP Voice Over VPNs

Technical gains on several fronts are opening a new
business opportunity for cable-data providers to use secure Intranets to deliver
packet-voice services, as well as the usual data files.

Until now, latency obstacles have stymied attempts to
provide voice over so-called virtual-private networks in the IP (Internet protocol)
domain. Encryption, buffering and other processes required to create a secure private feed
over a public IP infrastructure have created the latency problem.

But innovations in the VPN-enabling gear and software, as
well as the implementation of a new routing protocol in backbone networks, have suddenly
made delivery of IP voice over VPNs a major goal of service providers of every stripe.

"Many of the service providers that we're working
with plan to offer IP-telephony services over the VPN," said Susan Scheer, senior
marketing manager for VPN applications at Cisco Systems Inc.

It's easy to see why, noted Chris Aronis, an analyst
with Boston-based consulting firm Strategic Networks.

By Aronis' calculations, big companies with several
branch offices interconnected via VPNs can reduce telecommunications-services costs by
nearly one-third. This can be done, the thinking goes, by putting voice traffic on the VPN
data feed and cutting back on the use of public-switched-telephone-network lines to where
the latter are used strictly as backup and to handle voice-traffic overflow.

"The big issue for companies looking at this option is
uncertainty about the technology and whether voice over IP meets their performance and
security requirements," Aronis said. "The technology is right on the cusp of
making this a viable option."

Indeed, said Heidi Bersin, vice president of marketing for
IP-voice-technology supplier Clarent Corp., the technology at her company is now ready for
primetime, thanks to close cooperation between Clarent and suppliers of VPN technology.

"There are three major categories of products that go
into making VPNs, and we're working with suppliers in all three categories," she
said.

"What we find when we simply interconnect our system
with a VPN is that both systems must be fine-tuned to bring the latency down to acceptable
levels," Bersin added. "The voice packets have to be encrypted, along with
everything else, before going through the router."

IP VPNs have become big business in the data-communications
domain: Companies that once had to lease bandwidth or build private networks specifically
to carry their in-house data traffic can now meet many data-carriage needs over public
networks without having to set aside private conduit space.

As Bersin noted, this capability rests on three uses of
IP-adapted techniques to establish an absolutely secure, dependable quality link for such
applications. The three areas are: encryption -- specifically, the industry-adopted
"Triple DES" (Digital Encryption Standard); firewalls, which prevent unwanted
access into local-area networks; and quality of service, typically in the form of PPTP
(point-to-point tunneling protocol), which prioritizes packets for dedicated applications.

"VPNs require 20 to 100 times more processing per
packet than other [nonvoice] applications, which, when added to voice, takes you over the
latency requirements on the voice end," said Richard Kagan, vice president of
marketing for VPNet Technologies Inc.

VPNet has teamed up with PicturTel Corp. to provide support
for a videoconferencing-over-VPN service offered by tier-one ISP (Internet-service
provider) Concentric Network Corp.

Virtually all of VPNet's carrier customers are
demanding voice-capable systems to ensure that they will be able to deliver these
applications as the corporate community becomes comfortable with putting voice into their
data traffic, Kagan said.

VPNet -- an OEM (original-equipment manufacturer) partner
with Nortel Networks, ADC Telecommunications Inc.'s ADC Kentrox and others -- has
managed to cut its products' contribution to latency to under 3 milliseconds at each
location, typically averaging 1 ms, Kagan said.

"This allows service providers to stay under the
latency bar for IP voice if they use [IP-voice] gateway systems that fit our
criteria," he added.

VPNet has begun a program aimed at certifying various
IP-voice systems as compliant with its technical requirements. Clarent was the first to
pass muster, but others will soon be certified, as well, Kagan said.

Assured Digital Inc. is another supplier preparing to boost
support for voice-over-VPN capabilities, said Adrian Bisaz, vice president of marketing
and sales for the Littleton, Mass.-based VPN-switch manufacturer.

"By midyear, we plan to introduce features that allow
carriers to plug delay-sensitive IP-phone and fax connections directly into our VPN
boxes," Bisaz said.

These boxes -- sitting at the edge of networks, in
conjunction with IP-voice gateways or at end-user premises -- will encrypt and assign the
VPN QOS parameters to the IP-voice signals, Bisaz said. By using DSPs (digital signal
processors) dedicated to the time-sensitive encryption task, ADI's boxes
significantly reduce the delays imposed by encrypting the voice signal, he added.

"The security piece is as important, if not more so,
for voice as it is for data," Bisaz noted. "We think that this barrier to voice
over VPN is going to fall."

Adding momentum to the trend is the emergence of another
technology, MPLS (multiprotocol label switching), which was recently adopted as a standard
by the Internet Engineering Task Force. Cisco -- inventor of the technology, which was
formerly known as "tag switching" -- believes that it will be a major factor in
persuading corporations to exploit the economies of IP voice, said Rob Redford, director
of marketing for Cisco's multiservice-switching unit.

"With MPLS, the latency problems associated with
security and QOS over VPNs go away," Redford added.

MPLS eliminates much of the processing heretofore required
for implementing QOS in IP packets and for performing QOS functions in routers and ATM
(asynchronous transfer mode) switches by assigning user- and function-specific labels to
packets.

These labels, typically matched to a cluster of
end-users' directory addresses, automatically trigger the appropriate responses in
MPLS-equipped router switches without requiring the routers to "read" the full
packet headers.

"By using a VPN ID in MPLS applications, you preserve
the traffic inside the VPN using labels, rather than dedicated encryption and QOS
software," Redford said. "For every VPN user group, there is a set of directory
addresses that can be assigned a label ensuring that only those users will receive the
data stream targeted to them."

Voice falls out as a "natural occurrence" within
the intended QOS and user-access parameters assigned via MPLS, Redford added. "When
you buy into MPLS infrastructure, you allow all of these applications and many more to
operate without adding a lot of special instructions," he said.

High-speed-data service @Home Network will soon be putting
MPLS into its backbone, enabling wide-scale delivery of VPN services to big corporate
customers, noted @Home chief technology officer Milo Medin. He said the company was
negotiating with Cisco and Juniper Corp., both of which are offering MPLS solutions, in
preparing to implement next-generation gigabit routers over its new OC-48 backbone.