The latest products from Quarry Technologies are designed to allow CLECs and ISPs to provide voice and security services over IP networks with the QoS of ATM or Frame Relay.

by Alex Goldman ISP-Planet Associate Editor [December 18, 2003]

Bellevue, Wash.-based StraitShot Communications is a new business, both literally and figuratively. The company was founded in April of 2003 and is in negotiations with several companies but has no major customer announcements yet.

The company is in the midst of building out its network services platform through the integration of multiple carriers including New Edge Networks and Allegiance Telecom. New Edge Networks provides T-1 and DSL lines in tier 2, 3, and 4 markets. Allegiance Telecom provides DS-1 lines in major metro markets.

It is striking that in a telecom downturn, when many companies seem unable to judge innovative business plans, smaller companies like Allegiance and New Edge appear to still have the talent and vision to make bets on new companies while larger companies are far more cautious.

StraitShot builds infrastructure in select data centers where it can deploy smart equipment to deliver private networking and enhanced services. Those services, such as the latest in security and VoIP, are changing the ISP and CLEC business (in the case of VoIP, pending intervention by regulators to maintain the status quo). StraitShot uses novel intelligent switching equipment from Ciena for dense integration and layer 2 services.

iQ4000 routers from Burlington, Mass.-based Quarry Technologies help to enable what StraitShot calls, "a new private networking model." The company has started by deploying the equipment and the services it enables in six major fiber hubs around the country.

Cam Cullen, director of product management for Quarry Technologies, says the security service routers are powerful. "Each system can support over 1,000 virtualized interfaces and keep the accounting and firewall policies separate for each."

The company designed its own provisioning system, iQ SMS. "Equipment vendors tend to build the hardware platform first. We recognized early on that if you want to offer a firewall to each of 1,000 different customers, you cannot expect a third party device to do this," explains Cullen.

"The provisioning system is not just element management," he continues. "It does more than receive traps and turn off ports. It is a true service creation and management system. It allows each end user to provision their own firewall without seeing other customers and without effecting other customers."

The system is very granular. "StraitShot, for example, may have a customer at car company A. The general manager can see and configure the policies for all of the company, but the site manager may only be able to see the policies for one site."

iQ SMS rests on a secure foundation and includes an Oracle database. This means that if there are problems, the hardware can be replaced. "If an iQ4000 were somehow to go to lunch," says Cullen, after being pressed to consider the possibility, "you can configure the new device through the management station. If you're replacing a board within the chassis, you don't have to reconfigure anything. It's all automatic."

The iQ4000 and its iQ SMS software enable much more than firewalls, however. The device enables IP VPNs and even VoIP, which is sensitive to quality of service issues. In the StraitShot deployment, the Quarry devices will, when connected to each other, be able to, for example, prioritize voice traffic across the nation.

"One of the things we've done," says Cullen, "is that right out of the box, we've allowed StraitShot to compete with the big boys."

The big boys are running MPLS VPNs over legacy Frame Relay and ATM networks. "Although these network-based VPNs are reliable, they are not cheap," says Marc Coluccio, StraitShot vice president of technology and the company's network architect. "We're using the Quarry box to provide our enhanced IP services. StraitShot offers an alternative to standard VPN and private networking solutions, providing a non-Internet based service with the reliability of Frame Relay and ATM, but at a cost that is dramatically lower."

The architecture involves many network elements. "We're aggregating carriers, national and regional," explains Coluccio. "We bring carriers together at peering points and do our own cross connects. We're in the domestic market now and plan on moving into Europe soon."

In practice, this means a customer can contract from StraitShot and receive private service over several carriers. Coluccio says, "If we have a three location customer, we would pre-qualify them based on the three phone numbers, but there could be multiple carriers available at each location. The carrier would drop a circuit back to our nearest aggregation POP. We mesh the POPs together with private lines and provide IP enhanced services through the Quarry iQ4000."

Coluccio says the reliability of the iQ4000 enables several unusual services. "The most important app that we are enabling today is VoIP. We're the only network service provider to offer guaranteed latency and throughput at a cost that companies can finally afford. Frame Relay and ATM can offer it, but they are often priced too high, especially for small and medium sized companies. The iQ4000 keeps QoS bits (DiffServ) intact to ensure that voice packet priority is maintained. We do it all at a price more comparable to standard Internet connections than point-to-point circuits, which are usually twice the cost."

"VoIP is all about SIP," says Coluccio. He adds that the company is in negotiations with a partner for SIP to POTS connectivity that he cannot, at the moment disclose. ISPs interested in providing a service like this should note that they will need to be able to buy and sell minutes and calculate call termination fees or have a partner who can do so for them.

He provides a specific price goal in competing with the monopolies. "Qwest is offering unlimited usage for a flat rate of about $53 per line. We would like to undercut them by 30 percent."

He adds that the networking service is so reliable that StraitShot can offer video conferencing, while many others cannot.

Companies using ERP, PoS, CRM, and other distributed software applications should also be valuable vertical markets for StraitShot. The retail market is one good example. StraitShot sees large, profitable, dispersed businesses that could realize substantial savings by moving to the StraitShot private networking solution and also implementing VoIP, abandoning legacy networks.

"We will be going after the interoffice market and utilizing softswitch PBXs to enable VoIP at each site. The customer would only require affordable IP phones on their premises."

With all the bells and whistles of the advanced services, the iQ4000's virtualized firewall functionality is part of StraitShot's pitch to businesses of all sizes. It's about more than just the cost savings of VoIP. A cheaper and better firewall fits right in with the business plans of many companies.

"Security services are an important initiative in many prudent companies," notes Coluccio. "The most prominent area right now is the known entry point, the firewall. Although StraitShot, with the iQ4000, eliminates the need to buy a CPE firewall, a centrally managed firewall and VPN have advantages beyond cost. A CPE-based firewall might lack important security functions like stateful packet inspection, and might not be as easy to update as a centrally managed one. In addition, services like IDS and centrally managed VPN termination can also be layered into our offering, which provide additional cost and management advantages"

Adds Cullen, "customers no longer use dialup. When you're on the road, broadband is always available, and you want a secure VPN."

Concludes Coluccio, "another concern is that when (not if) you get hit by an attack, such as a DoS attack, it normally would hit the small pipe at the customer's end which would, at best, be only T-1 line and might be a DSL line. Instead, with the StraitShot service, it hits at our POP where our cross connect is running at 1 Gbps or 10 Gbps and is connected to multiple backbones."

Cullen says that as U.S. networks deploy higher bandwidth rates, customers are beginning to demand security devices that are now more common in the faster networks of Japan and South Korea.

One of Quarry's earliest customers was DACOM. At last count, in December of 2002, DACOM was a tier 2 provider with 159,357 dialup customers, 79,642 DSL customers, and 74,689 cable broadband customers. In a network like DACOM's, where many connections are extremely fast, a low-bandwidth, highly-infectious worm can spread quickly and bring down the entire network. "Nine months ago, we saw a big uptick in the demand for security products in Asia," notes Cullen. Now that demand is coming to the U.S.

Max Smetannikov, contributor to this website and network infrastructure analyst for The 451 Group, says ISPs should look at the Quarry device as a high-end product enabling a full suite of services. He says, "Quarry's products are applicable to pretty much any carrier model that includes services like VPNs or that requires tunnels for services that have QoS characteristics like VoIP. Quarry's push in the U.S. centers around positioning the product as a security services platform as opposed to plain old routers sold by Juniper and Cisco. ISPs should consider Quarry in the same context as they consider multi-service edge switches like CoSine."

Pricing and availability
The Quarry Technologies iQ4000 chassis costs $70,000, the iQ SMS provisioning system costs $20,000, and a fully loaded system could run between $150,000 and $250,000. The product is available now.

—End