Advantages and Disadvantages of MPLS Layer 3 VPNs

Table of contents:

As previously mentioned, MPLS Layer 3 VPNs have a number of significant advantages for service providers and enterprises alike. These advantages include the following:

  • MPLS Layer 3 VPNs offer an extremely scalable VPN architecture that can scale to thousands of customer sites and VPNs.
  • MPLS Layer 3 VPNs can be offered as a managed service by a service provider to enterprise customers, or implemented by enterprises themselves to provide clear partition between business units or services.
  • MPLS Layer 3 VPNs allow an enterprise to simplify their WAN routing. Customer Edge (CE) routers need only peer with one or more Provider Edge (PE) routers (as well as Customer [C] routers) rather than with all the other CE routers in the VPN.
  • MPLS Layer 3 VPNs allow any-to-any connectivity for enterprise customer sites, and can be configured to support quality of service (QoS) for real-time and business applications.
  • MPLS traffic engineering (an associated technology) allows service providers to optimally utilize network bandwidth, and support tight service-level agreements (SLA) with fast failover (fast reroute) and guaranteed bandwidth.

Disadvantages of MPLS Layer 3 VPNs include the following:

  • MPLS Layer 3 VPNs natively support IP traffic transport only. If customers want to support other protocols such as IPX, Generic Routing Encapsulation (GRE) tunnels must be configured between CE routers.
  • Some service providers do not support native IP multicast traffic transport between sites in MPLS Layer 3 VPNs (native support for IP multicast can be implemented using Multicast VPNs [MVPN, covered in Chapter 5, "Advanced MPLS Layer 3 VPN Deployment Considerations"]). If a service provider does not offer native IP multicast transport, multicast traffic must be tunneled between customer sites by configuring GRE tunnels between CE routers.
  • In an MPLS Layer 3 VPN, the customer does not have complete control of their WAN IP routing. CE routers at the customer VPN sites do not establish direct routing adjacencies, but must instead peer with PE routers.
  • MPLS Layer 3 VPNs are trusted VPNs, and although they offer similar traffic segregation and security to that offered by Frame Relay and ATM, they do not natively (by default) offer the strong authentication and encryption of secure VPNs such as IPsec. If encryption and authentication are required, however, it is possible to protect VPN traffic in transit between PE routers using either IPsec (see Internet Draft draft-ietf-l3vpn-ipsec-2547) or end-to-end between CE devices.

Now that you understand the main advantages and disadvantages of MPLS Layer 3 VPNs, it is time to move on to a discussion of their operation.

MPLS Layer 3 VPNs Overview

Part I: Understanding VPN Technology

What Is a Virtual Private Network?

Part II: Site-to-Site VPNs

Designing and Deploying L2TPv3-Based Layer 2 VPNs

Designing and Implementing AToM-Based Layer 2 VPNs

Designing MPLS Layer 3 Site-to-Site VPNs

Advanced MPLS Layer 3 VPN Deployment Considerations

Deploying Site-to-Site IPsec VPNs

Scaling and Optimizing IPsec VPNs

Part III: Remote Access VPNs

Designing and Implementing L2TPv2 and L2TPv3 Remote Access VPNs

Designing and Deploying IPsec Remote Access and Teleworker VPNs

Designing and Building SSL Remote Access VPNs (WebVPN)

Part IV: Appendixes

Designing and Building SSL Remote Access VPNs (WebVPN)

Appendix B. Answers to Review Questions

Comparing, Designing, and Deploying VPHs
Comparing, Designing, and Deploying VPNs
ISBN: 1587051796
EAN: 2147483647
Year: 2007
Pages: 124
Authors: Mark Lewis © 2008-2020.
If you may any questions please contact us: