Legacy Layer 2 VPNsMany types of legacy Layer 2 VPNs exist. The most commonly seen legacy Layer 2 VPNs are based on the following technologies:Frame RelayATMData-link switching (DLSw)Virtual private dial-up network (VPDN) Frame Relay and ATMInitially, Layer 2 VPNs were built using leased lines. Frame Relay and ATM are the cost-effective alternatives to the expensive and dedicated leased line service. Service providers can offer these lower cost services to their customers because the Frame Relay and ATM network infrastructure can be shared among many customers while maintaining a comparable level of functionality and guarantee as the leased line service. Frame Relay and ATM also provide link separations among different customers like the leased line service.One of the most appealing features that Frame Relay and ATM support is bandwidth oversubscription, which the leased line service normally does not provide. Frame Relay and ATM customers typically purchase a committed information rate (CIR) that allows traffic burst to access the service provider network. The CIR is the guaranteed minimal bandwidth when the network is congested. With the bandwidth oversubscription feature, Frame Relay and ATM customers can use more bandwidth than the CIR during traffic bursts as long as the network has available capacity. Frame Relay and ATM also provide circuit multiplexing capability that carries multiple logic or virtual circuits over a single physical link, and the virtual circuits can be used to connect to different remote sites.Frame Relay and ATM have been the most popular and expansive form of legacy Layer 2 VPN deployment. They are a huge revenue-generating source for service providers. However, Frame Relay and ATM networks are still relatively expensive to build and operate. Service providers often have to maintain separate and parallel networks for Layer 2 and Layer 3 traffic. Figure 3-1 illustrates such parallel networks that offer Layer 2 and Layer 3 services. Figure 3-1. Parallel Network Infrastructures[View full size image]  Figure 3-2. Frame Relay or ATM-Based Layer 2 VPN[View full size image]  Data Link SwitchingDLSw provides a method to transport legacy and nonroutable protocolssuch as Systems Network Architecture (SNA), Network Basic Input/Output System (NetBIOS), and NetBIOS Extended User Interface (NetBEUI)over IP. It has better functionality and scalability than Remote Source Route Bridging (RSRB), but it has limited protocol support. Virtual Private Dial-Up NetworkMany aspects of pseudowire emulation resemble those of VPDN. In this sense, you can think of VPDN as the predecessor of the modern Layer 2 VPN architectures.VPDNs are commonly used in wholesale remote-access environments. Without VPDNs, enterprises have to purchase and manage dial-up lines and network access servers for their employees to access internal enterprise resources remotely. The operating and upgrading cost can be prohibitively expensive for small and medium-sized companies. For large companies, VPDNs require a substantial expense when deploying dedicated remote access networks in a widespread geographic environment.VPDNs enable enterprises to outsource their remote access infrastructures and operations to wholesale service providers. The service providers offer remote access facilities to enterprise remote users from the nearest point of presence (PoP) and backhaul the remote access connections to the enterprise home gateways. The enterprises only need to manage a small number of home gateways for all their remote users. Ultimately, VPDNs lower the overall network operating cost for the enterprises.For service providers, VPDNs are a new source of revenue serving multiple business and individual customers with the same remote access network infrastructure. When the total number of users increases, service providers can add or upgrade their remote access network capacity in a more economic fashion because all users benefits from it. Figure 3-3 depicts a VPDN network topology. Figure 3-3. Virtual Private Dial-Up Network[View full size image]  These protocols tunnel PPP packets between network access servers and home gateways, and PPP is the only Layer 2 protocol they transport. However, because PPP can encapsulate multiple network protocols, such as IP, Internetwork Packet Exchange (IPX), and AppleTalk, many applications find VPDN sufficiently useful.NoteL2TPv2 is described in the IETF standard RFC 2661. It is a consensual product of the L2TP Extension working group and is derived from the proprietary tunneling protocols PPTP and L2F from Microsoft and Cisco, respectively.The following is a brief description of how VPDN protocols operate:A remote user or a remote end station initiates a PPP connection to the service provider using either an analog telephone line or an ISDN line.The network access server receives the connection request from the remote user.(Optional) The network access server authenticates the remote user using the specified authentication method, such as Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), or interactive terminal session.After the remote user is authenticated, an authorization process determines whether the user should be locally terminated or tunneled to a home gateway.If the remote user needs to be tunneled to a remote home gateway, one of the VPDN protocols establishes a tunnel between the network access server and the home gateway, and an optional authentication step can validate the identification of the tunnel endpoints.The user PPP connection is encapsulated into a VPDN session from the network access server to the home gateway.The home gateway authenticates the remote user carried in the VPDN session. Upon successful authentication, the home gateway terminates the PPP connection and grants predefined network access privileges to the remote user.Now PPP frames can pass between the remote user and the home gateway.For detailed configuration tasks and examples of the legacy Layer 2 VPNs, refer to Cisco.com. Table 3-1 lists some characteristics of the legacy Layer 2 VPNs.
|
لطفا منتظر باشید ...
