Understanding MPLS L2VPNs
MPLS L2 VPNs (Layer Two Virtual Private Networks) have some unique characteristics and are driving the use of MPLS, or Multi-Protocol Label Switching. This MPLS L2 VPN tutorial explains the basics of the network layers and the key differences of MPLS L2 VPNs.
Understanding Network Layers
Within networks, the layers are based on the ISO OSI standard model. According to that model, the network layers are:
Layer One – the physical medium over which the network operates. A private line is a Layer 1 service, as it physically connects network end points.
Layer Two – the data link layer. This layer contains is the protocol layer that enables the transfer of data between network elements. Ethernet is one such data link protocol.
Layer Two maintains privacy and security, but introduces some sharing of resources/bandwidth, according to Eric Bozich, vice president of product and marketing for CenturyLink’s wholesale division. Service providers such as CenturyLink can provide “Ethernet private lines” where no bandwidth is shared, but also offer options for shared network resources – which are secure in that there is no exposure to Layer 3 protocols, but can become congested because bandwidth is not solely dedicated to one customer. VPNs can be provided in Layer 2 or in Layer 3.
Layer Three – the network layer. It handles traffic such as IP or Internet Protocol. Layer 3 VPNs may or may not have an MPLS core. Layer 3 VPNs are typically run over the public Internet, which makes them quick and cheap to deploy but includes higher security risks and higher risk of latency and congestion issues.
MPLS sits between layers two and three and retains some characteristics of each layer. It is known as a Layer 2.5 technology.
“It adds some flexibility to the layer 1 and 2 transport options that are available. It’s very efficient and it’s very scalable,” said Bozich.
- OSI model layers. Image from the Federal Communications Commission.
MPLS L2 VPNs: Driving Deployments
“Layer 2 VPNs have been a huge driver for MPLS deployments,” according to Joe Whitehouse, director of marketing for the network technologies division at MetroSwitch, a major MPLS provider to OEMs.
With MPLS, one of the most attractive features is the ability to manage and control QoS (quality of service), according to Eric Bozich of CenturyLink. Customers subscribe to a certain amount of bandwidth, and “then they get the ability to say, if there is congestion on this network link, what type of traffic gets through or held up in a que for delivery later, to maintain traffic flows,” said Bozich.
“The level of sharing has gone up, but they will retain privacy when you get to the public Internet,” he added.
Within an MPLS L2 VPN, the provider network only provides transport services between the customer edge (CE) nodes, according to Juniper Networks. Routing and peering takes place between the CE devices, leaving the provider network ignorant of internal organization of the customer’s network (overlay network). In a Layer 3 VPN, in contrast, the CEs peer and exchange routing information with the attached provider edge (PE) devices, and the network presents route distribution and transport services (peer network).
“If the customer’s goal is to use the provider network only for data transport, a Layer 2 model is better suited since the IP addressing and CE maintenance remains the customer’s responsibility. This is more common for large enterprises,” according to a 2010 Juniper Networks white paper on VPNs. “The Layer 3 model is appropriate if there is a requirement for the network operator to configure and maintain IP addressing for the customer, which is more typical when the customer is a medium-sized business.”