Layer 2 Vpn Architectures [Electronic resources] نسخه متنی

Understanding Traditional VPNs

This section offers examples of traditional, older forms of VPNs (as opposed to the newer, enhanced Layer 2 VPNs that are the topic of this book)specifically Layer 3 VPNs and legacy Layer 2 VPNs.

Legacy Layer 2 VPNs

Originally, VPNs were built using leased lines to provide connectivity between various customer locations. A customer bought the leased line as a service from the provider. The leased line was installed between the customer's sites that required interconnectivity. The line was dedicated to that customer, and others did not share it.

Since its introduction in the 1990s, Frame Relay has dominated the field of early VPN technologies. Frame Relay has enabled service providers to offer the same basic connectivity to their customers as with the leased lines, except instead of provisioning a dedicated line for each customer, they have been able to use a shared line and allocate a virtual circuit for each customer to keep each customer's traffic separate. The virtual circuits are referred to as permanent virtual circuits (PVC). By configuring PVCs, the data-link connection identifiers (DLCI) associated with various devices are established. This builds a tunnel for customer traffic to follow a dedicated path through the service provider's shared network.

A service provider merely supplies the Layer 2 connectivity and is not involved in the Layer 3 aspects of the customer's traffic (hence the name, Layer 2 VPNs). The advantage of Layer 2 VPNs is the independence that customers have in terms of controlling their Layer 3 network design for routing, addressing, and so on.

Frame Relay's independence from all Layer 3 protocols has made it a popular choice for LAN-to-LAN connections and intranet communications. Service providers also offer ATM-based VPNs as a higher-speed alternative to Frame Relay. Currently, most service providers offer Layer 2 VPNs using Frame Relay, ATM, or combinations of the two.

Layer 3 VPNs

Currently, the most widely used Layer 3-based VPN technologies are IP Security (IPsec) and MPLS Border Gateway Protocol (BGP) VPNs. These technologies can service intranet, extranet, and Internet access applications for securely interconnecting customer's remote sites.

In Layer 3 VPNs, the service provider offers a leased line or PVC connection between a customer and the nearest point of presence (POP) on the service provider's network.

Figure 1-1 shows an example of a basic MPLS VPN model.

In an MPLS VPN, the customer edge (CE) router peers up with the PE router at Layer 3 instead of the other CE routers (as is the case with enhanced Layer 2 VPNs), providing the PE router with routing and forwarding information for the private network. The PE router then collects one private routing table for each customer and stores the tables along with the public Internet routing information.

In Figure 1-2, not all of the customer's private networks are passed on to the global routing table.

Through Layer 3 VPNs, customers rely on Internet service provider (ISP) IP/MPLS-based backbones for private and secure any-site-to-any-site communication.

Challenges of Traditional VPNs

Layer 3 VPNs also have several limitations. For instance, IP is the only protocol that is supported over the MPLS Layer 3 VPN network. The customer gives up control of its routing to the service provider, which might not be desirable for both parties. Also, over-utilization of the PE routers is possible. To become truly scalable, the MPLS VPN implementation requires a wide deployment of high-end, more powerful and, thus, more expensive routers.

As mentioned, legacy Layer 2 connection services provide the point-to-point connectivity upon which private networks are built. To support a customer's Layer 3 traffic, a separate Layer 3 network has to be built. This results in service providers having to maintain separate networks for Layer 2 and Layer 3 traffic, which is difficult and costly.

Another challenge that traditional Layer 2 service providers face is that if they have to expand their networks, the highest speeds they can go to with ATM in the core is OC48. They cannot grow to higher speeds or make use of more cost-effective technologies, such as Ethernet. Therefore, service providers have been searching for ways to maximize the efficiency and cost of their infrastructures and simplify management.

These goals can be achieved in an environment in which multiple Layer 2 services can be transported across a common IP/MPLS backbone. Newly developed IP-based services allow customers to minimize their network expenses while improving their productivity and competitiveness. For service providers, these new developments mean an opportunity to offer savings to their customers, which, in turn, can prompt an increase in customer base and service revenue.

The following types of service providers would benefit from such a solution:

Carriers that currently offer only circuit-based Layer 2 infrastructures and would like to expand Layer 3 infrastructure to sell more services

Service providers that currently offer only Layer 3 infrastructure and would like to cost effectively expand their offering of Layer 2 services

Service providers that currently offer circuit-based Layer 2 and IP-based Layer 3 services throughout separate infrastructures and would like to join the two to increase profitability