Any Good Reason to Use Frame Relay vs VPN??

[MySongRanHills]

Finishing up my CCNA studies and I'm wondering in what situation(s) FR would be more advantageous to use then a site to site VPN link? As far as my novice understanding can tell FR is more expensive and less flexible, but I'm trusting that Cisco isn't wasting my time having me learn it. However I can't see why I would ever want to go that route?

 

[Valnar]

Frame-relay is older and most companies do not install it anymore, but it is still viable. MPLS is pretty much the new standard in private WAN networks.

Frame-relay came about as an alternative to dedicated private circuits (like a point-to-point T1, full 1.54Mb, no sharing) which is the most expensive "style" of circuit. Same with DS3, etc.

After that you have frame-relay which can do point-to-multipoint, so if you needed 3 sites (for instance) with 512K each, you could have a single 1.54Mb T1 at the head-end with three DLCI's to each spoke. It was still hub a spoke per se, but you didn't need to pay for three T1's at that datacenter. Some rudimentary QoS or traffic shaping is available on frame-relay, and somewhat on MPLS too depending on the carrier.

VPN of course is a whole 'nuther animal. No QoS except whatever traffic shaping you can do between two sites, but you can't hold the carriers to any real SLA since your path may traverse many different ISP's. I'll assume you know how VPN works (whether IPSEC, SSL, etc).

The real question you should be asking is why someone would want to use frame-relay over MPLS. The big difference is frame-relay is a layer-2 technology while MPLS is layer-3. Therefore you can run non-IP protocols over frame-relay, or for that matter your own routing protocol (like EIGRP) without worrying about what your private carrier mandates. Although that being said, L2 MPLS is becoming more common these days and that is the best of all worlds.

 

[MySongRanHills]

Frame-relay is older and most companies do not install it anymore, but it is still viable. MPLS is pretty much the new standard in private WAN networks.

Frame-relay came about as an alternative to dedicated private circuits (like a point-to-point T1, full 1.54Mb, no sharing) which is the most expensive "style" of circuit. Same with DS3, etc.

After that you have frame-relay which can do point-to-multipoint, so if you needed 3 sites (for instance) with 512K each, you could have a single 1.54Mb T1 at the head-end with three DLCI's to each spoke. It was still hub a spoke per se, but you didn't need to pay for three T1's at that datacenter. Some rudimentary QoS or traffic shaping is available on frame-relay, and somewhat on MPLS too depending on the carrier.

VPN of course is a whole 'nuther animal. No QoS except whatever traffic shaping you can do between two sites, but you can't hold the carriers to any real SLA since your path may traverse many different ISP's. I'll assume you know how VPN works (whether IPSEC, SSL, etc).

The real question you should be asking is why someone would want to use frame-relay over MPLS. The big difference is frame-relay is a layer-2 technology while MPLS is layer-3. Therefore you can run non-IP protocols over frame-relay, or for that matter your own routing protocol (like EIGRP) without worrying about what your private carrier mandates. Although that being said, L2 MPLS is becoming more common these days and that is the best of all worlds.

THanks for the info! I understand MPLS/FR/VPN and the differences between them, but can't figure out why I'd want to use even the newer MPLS over site to site VPN. MPLS is far more flexible than normal FR, but still an added expense vs using VPN over the internet.

You did make one very good point I had not considered. With FR/MPLS/Metro Eth , etc you get a SLA and guaranteed speeds. If you have fast connections at both sites is it really enough of problem in the real world that people are paying more to get the SLA and guaranteed speeds on their WAN links? If a large company is paying for a fiber internet connection doesn't it come with it's own SLA?

 

[Valnar]

Let's say your Datacenter ISP is AT&T, and one of your remote sites is on Time-Warner. AT&T can give you an SLA on their connection, but can't control some numbnut on the Internet doing a DoS attack from Time-Warner, or to Time-Warner, or to AT&T, or Verizon, or whatever. If that is a chance you can take, or you don't run any VoIP over a WAN, then go for VPN. But you also have to take your industry into consideration

Even if you don't work for bank yourself, would you want a bank using Internet VPN's between all their locations? Umm, no.

Even if you don't run a call center, would you want to call into Verizon Wireless support and hear jittery voice because the WAN guy at VzW thought it would save money to run their VOIP network over VPN's? Umm, no.

Even if you don't manage the transcontinental network of air traffic controllers, would you want them relying on Mom&Pop Internet VPN's to sub-par countries assisting planes in emergencies? Umm, no.

So if your connectivity isn't mission critical or time critical, then VPN is fine. I've used it many times, and do so today in some of our locations.

 

[Valnar]

Also, MPLS is full-mesh by default, but with site-to-site VPN's the complexity can grow logarithmically if you require the same full mesh capability between ALL sites...unless you can live with hub-&-spoke to the DC and spokes rarely need to talk directly. Cisco's DMVPN fixes this, and while it is f*cking totally awesome, it is propriety to Cisco routers.

 

[MySongRanHills]

Let's say your Datacenter ISP is AT&T, and one of your remote sites is on Time-Warner. AT&T can give you an SLA on their connection, but can't control some numbnut on the Internet doing a DoS attack from Time-Warner, or to Time-Warner, or to AT&T, or Verizon, or whatever. If that is a chance you can take, or you don't run any VoIP over a WAN, then go for VPN. But you also have to take your industry into consideration

Even if you don't work for bank yourself, would you want a bank using Internet VPN's between all their locations? Umm, no.

Even if you don't run a call center, would you want to call into Verizon Wireless support and hear jittery voice because the WAN guy at VzW thought it would save money to run their VOIP network over VPN's? Umm, no.

Even if you don't manage the transcontinental network of air traffic controllers, would you want them relying on Mom&Pop Internet VPN's to sub-par countries assisting planes in emergencies? Umm, no.

So if your connectivity isn't mission critical or time critical, then VPN is fine. I've used it many times, and do so today in some of our locations.

Thanks so much, everything makes sense now . I can definitely see why you wouldn't want to use VPN in most of those situations. What about VOIP though? Does a VPN introduce extra latency that wouldn't be present otherwise? Or is just that you have no control of QoS once packets hit the internet?

 

[ri0]

Jesus! Lots of good info here!

 

[Valnar]

Thanks so much, everything makes sense now . I can definitely see why you wouldn't want to use VPN in most of those situations. What about VOIP though? Does a VPN introduce extra latency that wouldn't be present otherwise? Or is just that you have no control of QoS once packets hit the internet?

On a perfect day with the sun shining and everybody outside enjoying nature and not on the Internet, yes, a VoIP connection over the Internet or through a VPN can be just as good as a private network. I've done it before, Most of us do it all the time with Skype and FaceTime, for instance. But we've also had days where it just sucked. Businesses can't afford that.

Assuming good hardware, a VPN doesn't introduce any extra latency end-to-end, but that doesn't mean a VPN between LA and NY will have the same latency as an MPLS connection between the two. The shortest distance over that VPN may not be a straight line, depending on ISP's. And yes, no QoS over the Internet, so marking the packets with special DSCP values (like ef) won't have any affect. Your voice call will have to compete with everyone else downloading porn or watching Netflix.

 

[Bobacus]

Like most have said, the biggest advantage to any MPLS service is the SLA provided with it.

While frame relay networks are on the way out the door right now, the frame relay encapsulation still has a useful purpose. Look up Multi-Vrf CE, Cisco has some great documentation on it. With Multi-Vrf CE, a provider is able to run multiple services down a T1 line.

The best use case for this technology is a site that only requires a single T1 worth of bandwidth, but wants to have multiple MPLS services delivered to it, such as a trusted and a guest MPLS L3VPN. With frame relay, the provider is able to cut the T1 up into DLCI's, and deliver each service as needed.

So while frame relay switching is almost dead and out the door (I know of a major provider in the US who says they plan to shut down their frame relay switch in at least one market this year), the encapsulation still has some life left in it.

 

[MySongRanHills]

Like most have said, the biggest advantage to any MPLS service is the SLA provided with it.

While frame relay networks are on the way out the door right now, the frame relay encapsulation still has a useful purpose. Look up Multi-Vrf CE, Cisco has some great documentation on it. With Multi-Vrf CE, a provider is able to run multiple services down a T1 line.

The best use case for this technology is a site that only requires a single T1 worth of bandwidth, but wants to have multiple MPLS services delivered to it, such as a trusted and a guest MPLS L3VPN. With frame relay, the provider is able to cut the T1 up into DLCI's, and deliver each service as needed.

So while frame relay switching is almost dead and out the door (I know of a major provider in the US who says they plan to shut down their frame relay switch in at least one market this year), the encapsulation still has some life left in it.

What the hell kind of service can run on a slice of 1.55mbps??? Isn't T1 itself almost useless now a day w/ so little speed?

 

[Valnar]

What the hell kind of service can run on a slice of 1.55mbps??? Isn't T1 itself almost useless now a day w/ so little speed?

Not everyone has a need to surf the Internet over that. EDI has low speed requirements, for instance. And in the case of true frame-relay, the network I was referring to was something I managed in the early 2000's, where 256K or 512K per site was more than enough. We ran frame-relay and separate voice channels over the same T1 and broke it out with a CSU.

 

[zerodamage]

Great information in this thread. I recommend people to bookmark it for future reference.

 

[stormy1]

What the hell kind of service can run on a slice of 1.55mbps??? Isn't T1 itself almost useless now a day w/ so little speed?

For internet usage yes, but its not uncommon to run voip over t1 and have cable or dsl for internet.
Phone companies here offers hosted voip/pbx over t1s to the central office that is pretty popular with even some large companies, medical groups and hospitals with hundreds of numbers and multiple locations.
The t1 is the most stable connection you can get over copper and running fiber is expensive.

 

[Valnar]

I used to manage a network with 10 frame-relay T1's at the datacenter (into a Cisco 7513) with about 50+ remote locations. Voice and data ran over each of the remote T1's with an external CSU to a Cisco router or Avaya switch.. All sites where anywhere from 128K to 768K SVC's depending on how many people were there, with 128K ISDN backup. We were getting close to the point of putting a DS3 at the datacenter to host them all, but decided to scrap FR and go to VPN instead. They were almost all Sonicwalls. That was short lived as VPN's and broadband weren't very stable in the mid 2000's, so we moved to this new fangled MPLS thing instead.

I don't remember exact prices, but these ratios are mostly correct. Of course, depends on vendor or location

Frame T1 - $2500
Internet T1 - $600
MPLS T1 - $800

So we ended up going back up in price a bit, but it was still a huge savings from those frame T1's. I don't remember what we did on the voice side though. Probably just put in a PRI if they were big enough, or copper POTS lines if they weren't.

At my new company we are a combo of MPLS or VPN, depending on branch size. Even the MPLS sites have VPN backup.

 

[Grentz]

MPLS with a VPN or DMVPN backup is a fairly common setup in mid-sized orgs these days.

The SLA and QoS control over MPLS is ideal in mission critical connections. Plus the mesh topology saves a lot of headaches with multiple sites.

 

[Bobacus]

What the hell kind of service can run on a slice of 1.55mbps??? Isn't T1 itself almost useless now a day w/ so little speed?

Haha, I know the feeling all too well, for most, a T1 isn't enough bandwidth w/ all the streaming services and cloud applications. Although there are many customers I help that a T1 will provide sufficient bandwidth, especially in areas where fiber builds are cost prohibitve. Believe it or not, I have a few that a 9.6kb/s line is sufficient for what they do. Although those are mostly just remote data collection sites.

 

[Daedalus0101101]

I'd like to chime in here. I'm the network admin for a company that has 28 locations plus headquarters. 3 years ago, every location had a single T1 PPP connection over an MPLS. I also had a location that was not business critical so they have a simple DSL with an IPSec tunnel. Fast forward to last October when we switched providers and did a major upgrade. Now all the branch locations are using Multilink Frame Relay over bonded T1s, or if it was available Fiber.. Each location also has a 4G cellular connection for a backup connection that is piped right back into our MPLS network. We did this for two reasons. 1, Frame relay is efficient at how it operates. 2, We are planning to move a service that is hosted at our corporate location out into our MPLS network and using Multi-VRF. Like Valnar said, some people don't need a full T1 for some services. The one I am talking about would at max send/receive 3.95KB across our entire company. So i can slice off 64K at each location and still have plenty of growth room at each location.

So why did we upgrade the bandwidth at each location? Its the age of fast internet and people were complaining of slow web speeds. We upgraded and the costs per location are closer to the price that Valnar quoted for Internet T1 rather than MPLS or Frame T1. If those prices are from the 2000 era, it shows just how the prices have dropped over the years.