Introducing Enhanced Layer 2 VPNsA solution has been developed to address the desire to consolidate the Layer 2 and IP/MPLS-based Layer 3 VPNs. New, enhanced Layer 2 VPNs allow offering a traditional Layer 2 service, such as Frame Relay, by employing an IP/MPLS network infrastructure. This might decrease the cost of providing a comparable service using a dedicated Layer 2 network. In contrast with Layer 3 VPNs, Layer 2 VPNs are capable of carrying multiprotocol (IP and non-IP alike) transport across a common infrastructure. Another drawback of Layer 3 VPNsthe need for edge routers to support routing tables of every connected VPNis eliminated with enhanced Layer 2 VPNs because customer routing tables are not stored on the provider's network. Instead, they are transparently switched site-to-site to the customer's own infrastructure, which reduces complexity.Even though a Layer 2 service over IP/MPLS might cost the same as a dedicated ATM/Frame Relay-based Layer 2 network, the ability to offer new value-add services is one of the most compelling reasons to move to a packet-based network.Figure 1-3 illustrates a sample topology with Layer 2 VPN service. Instead of building a separate, private IP network and running traffic across it, enhanced Layer 2 VPNs take existing Layer 2 traffic and send it through point-to-point tunnels on the IP/MPLS network backbone. Figure 1-3. Layer 2-Based VPN ServicesChapter 2, "Pseudowire Emulation Framework and Standards"), other revenue-generating services are easy to add. Service providers can sell more bandwidth and better performance to their existing Layer 2 customers. By utilizing enhanced Layer 2 VPNs, service providers can do the following:Lower the cost of providing legacy Layer 2 services through new generation IP/MPLS cores.Expand their present Layer 2 networks without having to further invest in their legacy networks.Reduce service provider's capital expenditures (capex) and operational expenses (opex) associated with offering numerous services to a customer through service consolidation across a shared infrastructure. Implement transparent LAN and IP/MPLS functionality for IP/MPLS VPN services by providing a simple tunneling mechanism.Preserve current investment while building Layer 2 VPN support.Transport Layer 2 and Layer 3 protocols. In addition, new Layer 2 VPNs enable service providers to broaden the geographic scope of their established Layer 2 service to places where their Layer 2 infrastructures are not currently present. By using the IP/MPLS core, traditional Layer 2 services can extend as far as the core.Enhanced Layer 2 VPNs offer service providers several major cost reductions on their existing infrastructure, which leads to higher profitability. First, by consolidating networks, service providers reduce operational costs by migrating to a single infrastructure, rather than supporting and investing in multiple infrastructures. Second, enhanced Layer 2 VPNs eliminate the need to provision multiple infrastructures (such as Layer 2 and Layer 3) across the core, reducing expensive configuration and maintenance costs.Service providers can also continue to make money from their existing investments. Existing investments represent expenses not only in equipment, but also in configuration (such as creating circuits, security, and service levels). Although new Layer 2 VPNs offer high return on investment (ROI) when you are buying a routing platform because they integrate with the existing infrastructure, they also help maximize the ROI on the existing infrastructure by working with it, rather than replacing it. By aggregating traffic from ATM, Frame Relay, or Ethernet edge platforms, equipment and configuration investments continue to generate revenue, rather than create more cost or end their return.On the customer side, enhanced Layer 2 VPNs offer the following advantages:Simple to configureProvide connectivity of non-IP protocols, both routable and bridged With enhanced Layer 2 VPNs, customers can independently maintain their routing and security policies. Deployed edge platforms connecting to customer networks continue to create the circuits and interface with customer networks, whereas the Layer 2 VPN-enabled IP/MPLS routing platform essentially creates an intelligent "pipe" to move the traffic through the core, emulating the customer circuit. A VPN that is based on Layer 2 eliminates the need for end users to exchange routing information with service providers, thus reducing the network management, complexity, and associated costs. Additional investment in equipment is unnecessary because the existing customer hardware is sufficient.Some of the features of enhanced Layer 2 VPNs are as follows:The configuration is simplified because only two endpoints must be configured and the rest is signaled across the core, unlike with traditional Layer 2 networks in which you must provision hop by hop.The transition from a traditional Layer 2 VPN from the customer's point of view is uncomplicated.The customer is responsible for its own routing. All the provider needs to show is that CE-to-CE connection is single hop.Because the service provider does not take part in the routing process, the customer's routing privacy is preserved from the provider.Layer 2 VPN does not require storing a routing table for each site on the service provider's end.A misbehaving CE can, at worst, flap its interface, as opposed to an MPLS VPN, whereby an interface flapping can affect performance of the provider's edge router because of BGP peering. Several enhanced Layer 2 VPN techniques have been developed. One such technique, defined in an IETF draft, is known as Any Transport over MPLS (AToM), which has been designed to allow an MPLS-enabled network to transport Layer 2 frames. Another emerging technology within the IETF is the Layer 2 Tunneling Protocol Version 3 (L2TPv3).Both AToM and L2TPv3 have the common objective of transmitting packet-switched traffic (Frame Relay, ATM, and Ethernet) across a packet-switched network (PSN). What separates the two is the fact that AToM transports Layer 2 traffic over an MPLS-enabled network, whereas L2TPv3 transports it over a native IP network core. Both L2TPv3 and AToM are offered as part of the new Cisco Unified VPN Suite.Figure 1-4 shows a sample enhanced Layer 2 VPN topology. The Layer 2 VPN tunnels provide the transport to make routers 3 and 4 appear to be directly connected to Packet over SONET (POS) interfaces (interfaces 1 and 4). Figure 1-4. Enhanced Layer 2 VPN Example[View full size image] ![]() |