MPLS Compared with Frame Relay and Internet VPN

Frame Relay vs. VPN

VPN vs. SPN on non-Frame Relay system
Relies on the underlying assumption by carriers that not all customers will be using the full bandwidth of their circuits at the same time. Experts Exchange Solution brought to you by Your issues matter to us. I meant to say 3des with rotating keys is the most secure connection you can use legally for an internet tunnel. Check out Savvis for one such provider. Covered by US Patent.


This technology is so robust, that an VoIP call over one internet circuit will not fail if that circuit goes down; provided that you have two or more other internet circuits connected. While there is a hardware investment, this approach will reduce your monthly recurring costs since you can use regular internet connections, provided that you have at least two at each site.

We would be happy to explain how this works if you contact us. Relies on the global internet, which has absolutely no quality of service guarantees. Packet Loss and Latency statistics deteriorate with distance, with greater variability of performance as distance increases. When network is congested, latency and packet loss rise. Hardware VPNs are commonly configured as a hub and spoke network. While some limited prioritization can be accomplished with hardware devices, tags are usually removed, limiting effectiveness.

This number is has almost come to zero, as customers have adopted newer and more cost effective MPLS networks. Frame Relay, until recently, was a networking technology that was the primary service for Wide Area Networks.

Relies on the underlying assumption by carriers that not all customers will be using the full bandwidth of their circuits at the same time. Frame Relay uses an over subscription model. For example if you purchase a Kbps CIR from a carrier, all traffic up to that point will be guaranteed to be delivered.

I know this causes a problem for the SPN solution, however the VPN solution is not as secure, and requires more bandwith. So, again, what would you all reccomend Solutions Learn More Through Courses. Experts Exchange Solution brought to you by Enjoy your complimentary solution view.

Get every solution instantly with Premium. Start your 7-day free trial. I wear a lot of hats Why do you think VPN solutions are not as secure. The big security issue with IPsec is the quality of the authentication scheme.

I suggest using a two-factor system such as SecurID or X. Can you be more specific about your definition of "SPN"? It is basically the poor man's frame relay I was trying to determine what might be the best way, for us It has been my experience that they are virtually one and the same, the only difference being the level of security from basically none all the way to 3DES IPSEC--all VPN's--and can be much more secure than frame-relay.

Frame Relay has lots of interesting attacks against it including social engineering of the Telco, attack on the Telco's control computers, and direct attack of the cloud network at the Frame level.

And no, these are not theoretical attacks. They've all been done successfully. If I remember my last Telco presentation session, the SPN stuff you're talking about is where the Telco runs "private"DSL to people's houses and hooks that into your Frame network on the back end.

This is sometimes the case with Frame, but very seldom the case with SPN because of the multiple vendors that are usually involved even if they're multiple personalities of the same company. If you are using Terminal Services, there is a very simple option to secure connectivity. Internet connections at your remote offices would allow users to access applications at the main site via Citrix, with the connection including login completely encrypted.

The other advantage of using Metaframe is that the data never leaves your main network, only the screen shots, keyboard entry, and mouse clicks. Finally, supporting remote users over Metaframe with features like shadowing is much easier than supporting applications remotely. This is all rather inexpensive too. Simple to configure, just some basic routes to the remote subnets required. You install it in 20 mins and forget about it..

We've switched almost every single client to netscreen's. I don't know that I'd go so far as to say that the Netscreen 5 is the "most secure" solution, but it's certainly pretty solid and reasonably priced.

I meant to say 3des with rotating keys is the most secure connection you can use legally for an internet tunnel. Rijndael promisses more usable key bits than 3des and much higher speeds, but it's not widely supported yet though I think the RFC's are now official standards. Also there's the HMAC issue SHA-1 is now considered stronger than MD5.