Layer 3 Services

Common Layer 3 MPLS VPN services include the following:

• Layer 3 MPLS VPN

• Traffic engineering and differentiated services for QoS deployments

• Internet access

• Extranet service constructs

• Remote access

• Value-added services such as IP telephony, web services, and so on, which are discussed further in this chapter

A VPN is a set of sites that are allowed to communicate with each other over a shared infrastructure. Examples of VPNs are IPSec VPNs, Layer 3 MPLS VPNs, and Layer 2 VPNS. IPSec VPNs are difficult to categorize as either Layer 2 or Layer 3. Specifically, packets are forwarded using Layer 3 information but the service delivered to the customer is a mesh of "connections" just like a Layer 2 service. IPSec VPNs are perceived by customers as very secure and as less reliant on the service provider for actual implementation. IPSec VPNs are a carry-over experience from the remote access VPN where a typical application is hub and spoke via the tunnel/circuit mesh mechanism over which you manage a mesh of routing adjacencies.

At the Layer 3 MPLS VPN, a provider exchanges routing information with customer edge routers and the service delivered is a (virtual) private IP cloud per customer. This service can provide any-to-any connectivity without a full mesh of circuits and routing adjacencies, thus resulting in improved scalability for richly connected VPNs. Layer 3 MPLS VPNs have been deployed by service providers since 1999. Enterprise customer benefits include any-to-any connectivity as opposed to an expensive full-meshed Layer 2 overlay deployment and data/voice/video intranet applications for so called triple-play services.

Additionally, service and organizational segregation, ease of provisioning, quality of service and traffic engineering as value-added attributes are available via Layer 3 constructs. This results in a potential total cost of ownership reduction (TCO) for the enterprise customer and an extension of benefits to the service provider, such as the following: Capex/Opex efficiencies obtained by using a single IP/MPLS network for basic IP services, managed BGP-VPN services, Layer 2 transport services, voice services, and a broad portfolio of value-added services.

The business models are further discussed in Chapter 14, which presents a case study. Layer 3 MPLS VPNs are applicable for an enterprise customer who wants to subscribe to a managed Layer 3 service offering and are not in competition to IPSec VPN services because both can be offered as a service package to customers. For enterprise customers deploying MPLS technology, reasons for not subscribing to a managed Layer 3 service can include the following:

• Data segregation is the main goal for the enterprise organization.

• An enterprise can possess sensitive data and security concerns that dictate implementation by the enterprise customer.

• The business motivation might be to be an internal service provider to company subsidiaries and other enterprises.

• Large multinational firms with global WANs want to simplify and provide intelligent services.

• Easier modular integration for acquisitions is possible.

• Managing overlapping addresses is a potential issue due to mergers and acquisitions.

• Some customers simply do not trust service providers to manage their networks. Some customers might invest in skills or staff to deploy WAN services (for instance, technology companies).

• Some customers might want to direct access to routers to expedite the configuration change process and thereby avoid going through a service provider.

In summary, enterprise customer benefits for not subscribing to a managed service offering include fulfilling the enterprise customer's desire to retain control of Layer 3 policies (routing, Qos, and security) and to manage its own customer provider edge. However, a service provider can provide simple transport service for such customers and further deliver these services on a common, already deployed IP/MPLS infrastructure. Although Layer 2 services permit customers to retain Layer 3 visibility and control of the routers, the control can result in complexity in terms of resource management (such as operating expenditure and capital expenditure). This is because managed Layer 3 MPLS VPN services offer full outsourcing benefits (reallocation of critical staff from WAN management and troubleshooting).

However, Layer 2 VPN services are complementary to Layer 3 MPLS VPN services.