Layer 2 Vpn Architectures [Electronic resources] نسخه متنی

Figure 1-3. Layer 2-Based VPN Services

Chapter 2, "Pseudowire Emulation Framework and Standards"), other revenue-generating services are easy to add. Service providers can sell more bandwidth and better performance to their existing Layer 2 customers.

By utilizing enhanced Layer 2 VPNs, service providers can do the following:

Lower the cost of providing legacy Layer 2 services through new generation IP/MPLS cores.

Expand their present Layer 2 networks without having to further invest in their legacy networks.

Reduce service provider's capital expenditures (capex) and operational expenses (opex) associated with offering numerous services to a customer through service consolidation across a shared infrastructure. Implement transparent LAN and IP/MPLS functionality for IP/MPLS VPN services by providing a simple tunneling mechanism.

Preserve current investment while building Layer 2 VPN support.

Transport Layer 2 and Layer 3 protocols.

In addition, new Layer 2 VPNs enable service providers to broaden the geographic scope of their established Layer 2 service to places where their Layer 2 infrastructures are not currently present. By using the IP/MPLS core, traditional Layer 2 services can extend as far as the core.

Enhanced Layer 2 VPNs offer service providers several major cost reductions on their existing infrastructure, which leads to higher profitability. First, by consolidating networks, service providers reduce operational costs by migrating to a single infrastructure, rather than supporting and investing in multiple infrastructures. Second, enhanced Layer 2 VPNs eliminate the need to provision multiple infrastructures (such as Layer 2 and Layer 3) across the core, reducing expensive configuration and maintenance costs.

Service providers can also continue to make money from their existing investments. Existing investments represent expenses not only in equipment, but also in configuration (such as creating circuits, security, and service levels). Although new Layer 2 VPNs offer high return on investment (ROI) when you are buying a routing platform because they integrate with the existing infrastructure, they also help maximize the ROI on the existing infrastructure by working with it, rather than replacing it. By aggregating traffic from ATM, Frame Relay, or Ethernet edge platforms, equipment and configuration investments continue to generate revenue, rather than create more cost or end their return.

On the customer side, enhanced Layer 2 VPNs offer the following advantages:

Simple to configure

Provide connectivity of non-IP protocols, both routable and bridged

With enhanced Layer 2 VPNs, customers can independently maintain their routing and security policies. Deployed edge platforms connecting to customer networks continue to create the circuits and interface with customer networks, whereas the Layer 2 VPN-enabled IP/MPLS routing platform essentially creates an intelligent "pipe" to move the traffic through the core, emulating the customer circuit. A VPN that is based on Layer 2 eliminates the need for end users to exchange routing information with service providers, thus reducing the network management, complexity, and associated costs. Additional investment in equipment is unnecessary because the existing customer hardware is sufficient.

Some of the features of enhanced Layer 2 VPNs are as follows:

The configuration is simplified because only two endpoints must be configured and the rest is signaled across the core, unlike with traditional Layer 2 networks in which you must provision hop by hop.

The transition from a traditional Layer 2 VPN from the customer's point of view is uncomplicated.

The customer is responsible for its own routing. All the provider needs to show is that CE-to-CE connection is single hop.

Because the service provider does not take part in the routing process, the customer's routing privacy is preserved from the provider.

Layer 2 VPN does not require storing a routing table for each site on the service provider's end.

A misbehaving CE can, at worst, flap its interface, as opposed to an MPLS VPN, whereby an interface flapping can affect performance of the provider's edge router because of BGP peering.

Several enhanced Layer 2 VPN techniques have been developed. One such technique, defined in an IETF draft, is known as Any Transport over MPLS (AToM), which has been designed to allow an MPLS-enabled network to transport Layer 2 frames. Another emerging technology within the IETF is the Layer 2 Tunneling Protocol Version 3 (L2TPv3).

Both AToM and L2TPv3 have the common objective of transmitting packet-switched traffic (Frame Relay, ATM, and Ethernet) across a packet-switched network (PSN). What separates the two is the fact that AToM transports Layer 2 traffic over an MPLS-enabled network, whereas L2TPv3 transports it over a native IP network core. Both L2TPv3 and AToM are offered as part of the new Cisco Unified VPN Suite.

Figure 1-4 shows a sample enhanced Layer 2 VPN topology. The Layer 2 VPN tunnels provide the transport to make routers 3 and 4 appear to be directly connected to Packet over SONET (POS) interfaces (interfaces 1 and 4).

Supported Layer 2 encapsulations include 802.1Q VLAN, Cisco High-Level Data Link Control (HDLC), Ethernet, Frame Relay, POS, ATM, and PPP.

The first phase of Layer 2 VPN development in Cisco IOS Software supports like-to-like connectivity. This requires that the same transport type be at each end of the network. In the second phase, Layer 2 VPNs were enhanced to provide interworking functions that can connect disparate transport types at each end, such as Frame Relay at one end connecting to Ethernet VLAN at the other.

Note

Subsequent chapters refer to "enhanced Layer 2 VPNs" as "Layer 2 VPNs" for simplicity.