Access Technologies

Layer 2 technologies include private circuit constructs, Frame Relay/ATM, and emerging Ethernet. This section describes various Layer 2 services available to customers.

Private circuit mechanisms typically are delivered over SONET/Synchronous Digital Hierarchy (SDH) and have been popular for the past several years. The reliability inherent in SONET/SDH is because of the Automatic Protection Switching (APS) element, which provides recovery within 50 ms. The lack of bandwidth flexibility actually makes a private circuit service less interesting for customers today because customers must select between fixed bandwidth, such as T1 (1.5 Mbps) and T3 (45 Mbps) in North America and E1 (2 Mbps) and E3 (34 Mbps) in Europe and elsewhere. The bandwidth and price differences between T1 and T3 and E1 and E3 are so significant that customers tend to remain with their T1 and E1 links and seek ways to reduce usage on these links. More importantly, an equipment upgrade is required for both the service provider and the customer to increase from one rate to another.

Frame Relay

Frame Relay was designed as a telecommunications service for cost-efficient data transmission where traffic can be intermittent between an enterprise LAN and distributed between WAN locations. As a packet-switching protocol, historically, Frame Relay was developed as a result of WAN requirements for speed and, consequently, for LAN-to-LAN and LAN-to-WAN internetworking. Frame Relay inserts data in a variable-size unit called a frame, where the error-correction function (retransmission of data) is the responsibility of the endpoints. The service provider typically provides a PVC for most services and results in the customer's possessing a dedicated virtual connection without being charged for a full leased line. An enterprise can select a level of service quality by prioritizing some frames to primarily transport data over Frame Relay. Service providers offer CIR as an option to a customer that permits an allocated minimum capacity and allows for traffic bursts when required. Voice and video applications are adequately provisioned over Frame Relay networks. The hub-and-spoke configuration is a common topology used for Frame Relay deployments. Although full-mesh implementations are supported, they are rare. They can be costly due to the price of individual circuits. Furthermore, operational complexities associated with the maintenance of the N² connections in such a configuration also poses significant challenges, as stated earlier in this chapter. Typical applications of Frame Relay include LAN interconnections, client/server, e-mail, terminal-to-host, and host-to-host, such as file transfers between mainframe computers.

ATM

ATM defines cell switching with a packet adaptation layer, which permits high-speed transmission of data through the use of small, fixed-length packets (cells) rather than the frames used in Frame Relay. ATM was originally developed as a key component of broadband ISDN (B-ISDN) and is a derivative of Frame Relay. ATM was designed to integrate voice, data, and video services by transporting these multiple channels over the same physical connection. A customer can order a PVC with a specific ATM QoS characteristic, such as voice via CBR, transactional applications via variable bit rate (VBR), and noncritical applications via unspecified bit rate (UBR). The CoS elements of ATM provide QoS assurance for the various service types, such as voice and data. ATM benefits include dynamic bandwidth capability and CoS support for multimedia service classes. Typical business applications include videoconferencing, voice, real-time audio, and high-bandwidth data such as medical imagery. Frame Relay and ATM offer connection-oriented services, whereas the IP is connectionless.

Customers generally want the lowest-cost portfolio of WAN services that meets their quality objectives and connectivity requirements. Total cost of ownership factors include staff training, equipment, service charges, and service exit fees incurred when subscribing to an alternative service. For these customers, WAN connectivity costs are high due to the multiplicity of protocols implemented by the service providers. Because legacy services are expected to be matched by new service offerings, Ethernet interface for WAN connectivity is attractive for customers due to the potential cost savings that are attributed to the removal of the protocol, unlike Frame Relay, for example. Transparent Layer Service (TLS) originates from Metro Ethernet at the access. Multicast-aware VPN-based service is an example of an enhanced service offering needed to support IPTV, videoconferencing, and push applications such as stock market quotes. Internet access and secure firewall services broaden the service provider's portfolio for enhanced services, all of which can be deployed over IP/MPLS. Layer 2 MPLS services may lower TDM switching costs by emulating existing Frame Relay and ATM services. MPLS traffic engineering (TE) and fast reroute (FRR) can replace Synchronous Digital Hierarchy (SDH) for network resilience under failure scenarios. Layer 3 VPNs offer any-to-any connectivity, with support of data, voice, and video intranet applications via differentiated CoS mechanisms.

Two major factors in the selection of the CE-to-PE link access technology are cost and the density of the service provider MPLS core network. Many service providers supplement the MPLS core by using existing Frame Relay and ATM networks to provide transport from locations without a PE router, or to lower port costs by using existing ATM equipment to provide access ports.

Although ATM and Frame Relay are cost-effective to "backhaul" or "multiplex" traffic to a PE MPLS node, additional consideration is required in the network design using these access technologies.

Note

CE-to-PE link access is described in this section. Queuing for the link is discussed in Chapter 5.

Dedicated Circuit from CE to PE

This is the simplest form of access, but it requires the service provider MPLS network to have a high penetration of PE routers in locations where subscriber service is required. With a dedicated circuit between the CE and PE routers, high-level data link control (HDLC)/PPP encapsulation is used on the link, and all the normal queuing functions are required.

MLP may be used to combine multiple low-speed links for greater bandwidth when MLP is used with stream-oriented applications, such as VoIP.

If VoIP is deployed, the Link Fragmentation and Interleaving (LFI) capability of MLP should be used on low-speed links (< 768 kbps) to fragment large data packets and reduce latency and jitter for VoIP packets. If multiple low-speed links are combined with MLP, LFI and flow-based load balancing should be configured on all links. The LFI fragment size can be configured in milliseconds and should be configured to acceptable VoIP packet delay for a site.

LFI is not supported by HDLC or PPP, which is why MLP is required for slow-speed links that transport VoIP. Note further that if multiple slow-speed links are bundled and the VoIP is compressed by cRTP, we recommend using MCMP.

ATM PVC from CE to PE

Normally, this type of access is used in locations where the service provider has an ATM presence but not an MPLS PE node.

One of the characteristics of ATM is to break IP frames into 48-byte cell payloads and an additional 5 bytes that comprise ATM headers. A 64-byte packet requires two cells to transport, which is 106 bytes and, therefore, 1.6 times the original bandwidth. Cell padding can add wasteful overhead if the MLP LFI fragment sizes are not optimally selected.

The effect to the access design is when a dedicated circuit in the existing hub-and-spoke network is replaced with an ATM link to access the MPLS network. Thus, the bandwidth needs to be increased to achieve the equivalent performance.

The ATM link should be limited to a single PVC configured as VBR, and the CE router should be configured to shape the traffic to the sustainable cell rate (SCR) of the PVC.

Caution

Overprovisioning the SCR of the CE router results in cell loss and poor link performance and is not recommended.

If the ATM link is a low-speed link and VoIP is deployed, MLP LFI should be configured to fragment large data packets and reduce latency and jitter for VoIP packets. ATM (AAL5) cannot support interleaving (that is, when all cells arrive in order), whereas a method of fragmentation and interleaving is required on slow-speed (< 768 kbps) links to reduce serialization delays for VoIP. Therefore, MLPoATM can offer a solution, because MLP supports MLP LFI and can be deployed over another Layer 3 protocol, such as ATM and Frame Relay. An alternative solution is ATM PVC bundling, where voice and data are assigned dedicated PVCs. (Although the second alternative is technically suboptimal, it may be economically attractive.)

Although some service providers have developed designs using a PVC for access to the subscriber VPN and a separate PVC for access to an "Internet VPN," the approach recommended in this chapter is to use a single PVC on the CE-to-PE ATM link. This is especially important in designs with latency-sensitive applications, such as voice and video, and in hardware with a single output queue.

Frame Relay PVC from CE to PE

Some service providers use Frame Relay to supplement access to the MPLS core in a manner similar to ATM.

Although the overhead requirements imposed by Frame Relay are less than ATM, additional bandwidth may still be required (versus IP over a dedicated circuit). Frame Relay frames are variable-length (not fixed, as in ATM cells). An additional 6 or 7 bytes of Frame Relay headers are added to each IP packet for transmission across the link. The size of the IP packets varies, so the additional bandwidth required for Frame Relay headers also varies.

As with ATM, a single PVC is recommended with traffic shaped at the CE router to the CIR of the Frame Relay PVC.

Caution

Overprovisioning of the CIR in the CE router results in frame loss and poor link performance and is not recommended.

If the Frame Relay link is a low-speed link, and VoIP is deployed, we recommend using FRF.12. FRF.12 can fragment large data packets and reduce latency and jitter for VoIP packets. However, if the option exists to change the media type from Frame Relay, we recommend using MLP.

Metro Ethernet

Metro Ethernet can be described in several constructs, such as point-to-point or multipoint-to-multipoint.

Ethernet single point-to-point connectivity provides a single, port-based Ethernet connection between two physical data ports provided across an MPLS network that is the foundation for Virtual Private Wire Service (VPWS). The port may operate in a direct Ethernet Advanced Research Projects Agency (ARPA) encapsulation mode or in an 802.1Q encapsulation format, but all traffic entering that physical port is transported to a remote end without alteration. Generally, such a design is used with a Layer 3 customer network, where the typical WAN serial links are replaced with higher-speed point-to-point facilities. Alternatively, the customer network may comprise a Layer 2 domain where the customer wants to interconnect various LAN islands into a larger whole using the service provider's Layer 2 services. In either case, the Layer 2 VPN network is a transport for customer frames in a similar manner as a set of dedicated links.

Multiple Ethernet point-to-point connectivity builds on the previous scenario by allowing for subinterface (VLAN)-based point-to-point connections across the WAN cloud. VLANs defined on the physical port may be switched to different destination endpoints in this model. Typically, the customer network is a Layer 3 entity and the customer is seeking a service from the service provider analogous to a traditional Frame Relay or ATM offering.

Although efforts are under way in various vendor communities and standards bodies to provide multipoint mesh Layer 2 VPN connectivity, these mechanisms are not yet generally available. The previous two scenarios simply provide one or more point-to-point connections to allow for the desired degree of network meshing. In the future, this meshing (or bridging) will use the service provider network resources to provide true multipoint connectivity. That is, from the CE's perspective, a single connection into the service provider network will have the appearance of a LAN interconnect (or bridged interconnect) to some or all of the customer's other CE gear. This approach is frequently called TLS, which is the foundation for Virtual Private LAN Service (VPLS).

VPLS is a VPN technology that enables Ethernet multipoint services (EMSs) over a packet-switched network infrastructure. VPN users get an emulated LAN segment that offers a Layer 2 broadcast domain. The end user perceives the service as a virtual private Ethernet switch that forwards frames to their respective destinations within the VPN. Ethernet is the technology of choice for LANs because of its relative low cost and simplicity. Ethernet has also gained recent popularity as a MAN (or metro) technology.

A multipoint technology allows a user to reach multiple destinations through a single physical or logical connection. This requires the network to make a forwarding decision based on the packet's destination. Within the context of VPLS, this means that the network makes a forwarding decision based on the destination MAC address of the Ethernet frame. A multipoint service is attractive because fewer connections are required to achieve full connectivity between multiple points. An equivalent level of connectivity based on a point-to-point technology requires a much larger number of connections or the use of suboptimal packet forwarding. In its simplest form, a VPLS consists of several sites connected to PE devices implementing the emulated LAN service. These PE devices make the forwarding decisions between sites and encapsulate the Ethernet frames across a packet-switched network using a virtual circuit or pseudowire. A virtual switching instance (VSI) is used at each PE to implement the forwarding decisions of each VPLS. The PEs use a full mesh of Ethernet-emulated circuits (or pseudowires) to forward the Ethernet frames between PEs.

VPLS uses a Layer 2 architecture to offer multipoint Ethernet VPNs that connect multiple sites over a MAN or WAN. Other technologies also enable Ethernet across the WAN, including Ethernet over MPLS, Ethernet over Layer 2 Tunneling Protocol version 3 (L2TPv3), Ethernet over SONET/SDH, and Ethernet bridging over Any Transport over MPLS (AToM). Even though most VPLS sites are expected to connect via Ethernet, they may connect using other Layer 2 technologies (ATM, Frame Relay, or PPP, for example). Sites connecting with non-Ethernet links exchange packets with the PE using a bridged encapsulation. The configuration requirements on the CE device are similar to the requirements for Ethernet interworking in point-to-point Layer 2 services.

VPWS makes integrating existing Layer 2 and Layer 3 services possible on a point-to-point basis across a service provider's IP/MPLS network. Implementation examples include AToM and L2TPv3. Both AToM and L2TPv3 support the transport of Frame Relay, ATM, HDLC, and Ethernet traffic over an IP/MPLS core.

The key attribute with VPLS and VPWS is the concept of an Ethernet virtual circuit (EVC). VPLS and VPWS constructs may be summarized as port-based and VLAN-based. The port-based example is point-to-point for deployment of an Ethernet wire service (EWS), which is deployed with a private line replacement via a router or a bridge. A point-to-point Ethernet service may interconnect with ATM and Frame Relay. Another port-based example is multipoint-to-multipoint for an EMS, where each location acts as if it is connecting to a switch. Ethernet Relay Service (ERS) is an example of a VLAN-based construct where you could have multiple EVCs per port. This service may be used as a Frame Relay replacement, where an EVC is similar to a Frame Relay PVC in function. Ethernet Relay Multipoint Services (ERMS) is another example of a VLAN-based construct for multiple EVCs per port. Finally, at Layer 1, there is the concept of Ethernet private line, such as over SONET/SDH. Together, these service types comprise the Metro Ethernet architecture.