The characteristics of the access links between the LANs and WAN must also be well defined and managed to fit within the overall criteria budget from source to destination.
The predominant service for carrying VoIP traffic is the VPN. A VPN delivers multiple service classes and interoperates well with the customer’s own IP networks, at lower costs than a customer-managed network. A typical example of the four classes of service in an international VPN.
One of two complementary architectures is used for most VPNs, namely MPLS or IP security (IPsec). Although MPLS is not strictly essential to carry voice/video over a WAN, it is certainly preferable and is used on well over 50 large carrier networks. MPLS is an IETF standard that was derived from Cisco’s proprietary Tag Switching technique; it provides 15 priority classes (through a 4-bit header) for packets being transported over a network.
The use of MPLS enables time- and bandwidth-sensitive traffic to be carried on IP networks, and effectively eliminates IP “over” ATM. From the customer’s viewpoint, network design is greatly simplified, as there is no need to define virtual circuits between pairs of locations and there is no customer participation in routing design or changes. The carrier does the traffic engineering and guarantees the bandwidth and delay per class of service (i.e., for each voice or video application). The customer also has addressing freedom, as there may be identical local IP addresses within two or more networks on one VPN. The architecture of a multi site VPN, connected to the Internet for access by some occasional users.
The MPLS-equipped customer edge routers are not mandatory at small sites. The gateways are scaled for the number of users at a site (probably from 100 to 10,000) and contain the security features, such as shared secret keys or digital certificates, and firewall facilities.
The carrier’s managed network must have provider edge routers that are MPLS-equipped and core label switching routers. The managed VPN uses label distribution protocol (LDP) that delivers the connectionless network characteristics. The central VPN network manager console, with its directory services manager, is at the service provider’s site but may be duplicated at the customer’s main site to share some system administration functions.
IPsec is used to create VPNs over the public Internet and its only applicability to IP-Centrex would be, potentially, for communication with individual users in the home office situation. This use would be dependent on each Internet connection meeting the delay and jitter criteria of the service, while the use of IPsec would do nothing to improve the QoS obtained from the Internet.