This morning, a call came from an IT consultant that has a client with eight locations in the USA. His client needs MPLS for their wide area network, but their budget was such that he was concerned if they could afford it. He asked “Can I have Internet access and the MPLS VPN network on the same loop?” The answer is a resounding yes.
How are both services be delivered? The carrier MPLS cloud has Internet connectivity delivered with labels to direct connectivity to the customer MPLS network via what is effectively a private virtual circuit. So the Internet traffic is isolated from your MPLS VPN traffic. C0S rules are configured to determine what kind of traffic gets priority, just like CoS would be set up for any MPLS network. In other words, if there is no VPN traffic, then the internet has the full port speed and any mix between. You set the rules.
For companies without high bandwidth requirements, this approach to networking can save the cost of a local loop, and then some. Typically you could add Internet access to a T1 MPLS circuit for just $200 or so. But our experience is that the remote offices eventually outgrow this approach and then they provision a separate T1 or more for Internet access, since they need more bandwidth. But for some companies, this is a perfect solution for them. Contact us if you would like to learn more about this.
Another benefit of the shared Internet and VPN on the same circuit is the ability to use carrier based firewalling. Remote offices can all get their Internet access without the administrative overhead of managing all the remote firewalls.