ADSL vs IS MPLS

R

rhowes

Active Member
Joined
Oct 19, 2006
Messages
89
Reaction score
10
Morning All,

I am investigating upgrading our connectivity infrastructure to Internet Solutions' MPLS VPN. We have three branches across the country with around 40 users.

IS have specified 1024k diginet from head office and DSL from the branches to their network. Breakout is 1024/512k (local/international) over Seacom cable. There is a single firewall for everyone since all branches access the Internet through the single breakout.

My concerns are:

1. This cost around R30k per month with uncapped ADSL at each branch working out at half that cost. Is it worth it?

2. ADSL at each branch effectively gives us 4x3 = 12mbps Internet bandwidth. This being replaced with 1024/512 shared for all branches. IS assure me the dedicated nature makes MPLS far superior and you cannot compare them directly.

There is a confusing number of options on connectivity these days and if I go with MPLS only to discover its not worth the investment I could be working for Walk and See More.

Any experience/ advice?

Thanks
Cheers

Richard
 
Hey Richard, I went through this exact same process for a client about 2 years ago. The question you have to ask yourself is how important are the branch connections. Because they will be running on DSL they are only best effort and there is no SLA for the actual lines. Another thing you should ask yourself is what traffic and which direction will be carried between branch and HQ. Remember ADSL is asynchronus meaning you may have 4mb down but data going to HQ will only be at 512k max. My client eventually went with Telkom 2mb breakout (2mb local, 1mb Int) and 512k diginet between the branches & HQ. Cost was around R32k because Telkom didn't charge for the physical line to sweeten the deal. IS could match the price but then Telkom would have charged another R25k for physical lines. And all lines are covered by a SLA.

Good luck man. It wasn't easy when I did it and I know it's not going to be easy for you. Convincing the bosses to spend the dough that is. :D
 
Hi Richard
I must admit I can't justify the extra price for a MPLS network and just one breakout will cause frustration (especially the size of the breakout).
Depends ofcourse how heavily the internet usage is over other internal branch-branch traffic.

My opinion
ADSL at branches with their own firewalls. Slightly more admin but good ol trusty linux/squid/clamav etc should just run and run and run...
If everything works then great but on top of that you could ad smaller MPLS diginet lines between branches for internal business traffic and it still won't cost you as much as only having MPLS network for everything.

:)
 
OpenvPN and ADSL

Hi

I have done this numerous times for large companies and the most cost effective wat will be through ADSL. You can setup openvpn running through ADSL. Im currently running a 47 branch VPN network over adsl we got rid of all the Telkom point to point connections as they were to expensive.

Openvpn is a mature VPN package and has come a long way, you dont have the connection problems asociated with previous IPsec solutions.

Just my 2c
 
MadMailMan said:
Cost was around R32k because Telkom didn't charge for the physical line to sweeten the deal. IS could match the price but then Telkom would have charged another R25k for physical lines. And all lines are covered by a SLA.
Click to expand...

I hadn't even though that Telkom could supply a service like this directly. My assumption was Telkom provides the lines and you need an ISP to provide the solution on top. The cost for the MPLS VPN and the breakout is R25k with an additional R7k for Telkom lines (1 x 1024 diginet and 2 x 4096 ADSL).

Perhaps I need to get hold of Telkom and see ehat they can do. Hurts to do more business with them though :(

Thanks for the advice.

Cheers
Richard
 
GoofySmurf said:
Hi

I have done this numerous times for large companies and the most cost effective wat will be through ADSL. You can setup openvpn running through ADSL. Im currently running a 47 branch VPN network over adsl we got rid of all the Telkom point to point connections as they were to expensive.

Openvpn is a mature VPN package and has come a long way, you dont have the connection problems asociated with previous IPsec solutions.

Just my 2c
Click to expand...

I had a look at that briefly. ADSL is certainly the cheaper option and adding a VPN on top is an option.

I your setup does each branch breakout to the Internet independently or is there a single breakout somewhere with the ADSL providing inter-branch links?

Thanks
Cheers

Richard
 
Vamichi said:
Hi Richard
I must admit I can't justify the extra price for a MPLS network and just one breakout will cause frustration (especially the size of the breakout).
Depends ofcourse how heavily the internet usage is over other internal branch-branch traffic.

My opinion
ADSL at branches with their own firewalls. Slightly more admin but good ol trusty linux/squid/clamav etc should just run and run and run...
If everything works then great but on top of that you could ad smaller MPLS diginet lines between branches for internal business traffic and it still won't cost you as much as only having MPLS network for everything.

:)
Click to expand...

What I want to get away from is support issues. With MPLS VPN I have a single firewall with a single breakout, fixed costs, and users accessing our apps on servers hosted at IS would be both fast and wouldn't use Internet bandwidth.

The cost is pretty steep though. A dilemma of note.

Cheers
Richard
 
MPLS is over rated for a mere 3 sites!! It's overkill. If you do prefer the stability of DigiNet, rather just get three DigiNet Lines to the Internet, with a IPSEC Tunnel connecting every site to each other. A bit more work in setting up, but it has a significant cost savings (45% to 60%).
 
savage said:
MPLS is over rated for a mere 3 sites!! It's overkill. If you do prefer the stability of DigiNet, rather just get three DigiNet Lines to the Internet, with a IPSEC Tunnel connecting every site to each other. A bit more work in setting up, but it has a significant cost savings (45% to 60%).
Click to expand...

OK, that does make sense.

Would you have a recommendation on a source of the Diginet lines to the Internet? I am looking for a service provider that can provide a solution without me having to set it up.

Thanks for the advice.
Cheers

Richard
 
3 x Access Services from IS (Seeing that you are working with them already)
1 x Support Ticket after the lines are installed, instructing them to configure the IPSec Tunnels on the routers
 
savage said:
3 x Access Services from IS (Seeing that you are working with them already)
1 x Support Ticket after the lines are installed, instructing them to configure the IPSec Tunnels on the routers
Click to expand...

Thanks Chris. I'm going to talk to them about this today.

Cheers
Richard
 
Remember to get comparitive quotes as well. IS will NOT like loosing a MPLS deal for a setup like this, but IS preaches MPLS left right and center to any tom dick and harry that will listen. They will also tell you it will not work due to <take your random excuse> etc.

Do yourself a faviour, get quotes from SAIX / Telkom (10219) for the DigiNet Lines (Internet Access) as well as MTN NS. Those are pretty much all the 1st tier providers that can provide you with a good quality connection on a good national backbone.

Just don't sit there talking to IS and be spoon fed... ;)
 
Hi Richard

Each branch breaks out to the internet over the 4mb adsl that the VPN runs on. By doing some basic routing we push all vpn traffic through the VPN tunnel that is created by OPENVPN (It creates a tun interface with its own IP) and the rest goes out to the internet. We have some branches that only breaches out at the main branch for internet access over the VPN. Once again this is done by a simple routing change.

This is the basic setup.

1x ADSL 4mb
1x P3 or higher PC with 512mb ram and a 40GB hard drive will do - R800
Linux OS - Free
Squid (Proxy Server for Internet Access) - Free
Iptables (Firewall and Security) - Free
OpenVPN (VPN) - Free

All of the above can be managed quite easely from the console or a web interface like Webmin (Free web based Control Panel).
 
GoofySmurf said:
Hi Richard

Each branch breaks out to the internet over the 4mb adsl that the VPN runs on. By doing some basic routing we push all vpn traffic through the VPN tunnel that is created by OPENVPN (It creates a tun interface with its own IP) and the rest goes out to the internet. We have some branches that only breaches out at the main branch for internet access over the VPN. Once again this is done by a simple routing change.

This is the basic setup.

1x ADSL 4mb
1x P3 or higher PC with 512mb ram and a 40GB hard drive will do - R800
Linux OS - Free
Squid (Proxy Server for Internet Access) - Free
Iptables (Firewall and Security) - Free
OpenVPN (VPN) - Free

All of the above can be managed quite easely from the console or a web interface like Webmin (Free web based Control Panel).
Click to expand...

Thanks great info, thank you. I'll investigate this further.

Cheers
Richard
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X