Chapter 4. Layer 2 VPNs


Layer 2 virtual private network (VPN) is perhaps the most overused term in the networking industry when it comes to MPLS networks. It has a different meaning for everyone. However, this term has been around since the days of both Frame Relay networks and Asynchronous Transfer Mode (ATM), which are commonly deployed L2 technologies.

Perhaps a simplistic way to describe Layer 2 VPNs is like this: They are a group of sites connected together at Layer 2 by point-to-point ATM VCs, Frame Relay data link connection identifiers (DLCI), or Point-to-Point Protocol (PPP) sessions. The most important concept is that IP routing is done at the edge of the Layer 2 network. As mentioned earlier, the service that is delivered to the end customer is a Layer 2 service; hence, the core network or the service provider network is not responsible for Layer 3 routing.

Each Layer 2 connection is an independent interface for routing. Routing must be configured at the end device to communicate across the Layer 2 circuits. Because these point-to-point circuits are provisioned, managed, and billed as one group, they are referred to as a Layer 2 VPN. For example, an enterprise might be buying Frame Relay circuits or ATM circuits from a provider and building its own enterprise IP wide area network (WAN) but connecting various sites with these L2 circuits. The service provider (SP) has no knowledge of IP connectivity and is delivering pure L2 circuits. The enterprise is responsible for all the IP connectivity that is using these circuits. In some cases, the enterprise might choose to implement Ethernet bridging across the wide area using these Layer 2 circuits, as shown in Figure 4-1.

Figure 4-1. Three Layer 2 VPNs


Figure 4-1 shows three Layer 2 VPNs (Red, Blue, and Purple) for various customers. All sites within each VPN are connected to each other via Layer 2 circuits using either Frame Relay or ATM. The total number of Layer 2 circuits needed to connect n sites in a Layer 2 VPN is n(n-1). Each site within the VPN has direct connectivity with other sites, and the service provider cloud is transparent to the VPN. Using Layer 2 circuits, full-mesh or hub-and-spoke VPNs can be built. In Figure 4-1, Red and Purple VPNs are full-mesh, whereas the Blue VPN is hub-and-spoke.

The delivery mechanism of a Layer 2 VPN is either via a dedicated physical connection with a data link, such as PPP or via a virtual connection, such as an ATM VC or a Frame Relay DLCI.




MPLS and Next-Generation Networks(c) Foundations for NGN and Enterprise Virtualization
MPLS and Next-Generation Networks: Foundations for NGN and Enterprise Virtualization
ISBN: 1587201208
EAN: 2147483647
Year: 2006
Pages: 162

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net