layer 2 VPN

Types of Layer 2 VPN There are three main types of layer 2 VPN.  Each provides a different type of service to the customer.  This chapter describes the main types of layer 2 VPN and goes on to describe some of the solutions for implementing these types of VPN together with details of their current state of industry acceptance and deployment. 5.1.1 VPWS Overview The first type of layer 2 VPN we will look at provides point-to-point connectivity between customer sites.  This type of VPN is known as a Virtual Private Wire Service (VPWS) and the service provider network can be thought of as emulating a set of wires between the customer sites.   This is particularly useful in the case where a customer is currently using a set of ATM or Frame Relay connections between the different customer sites, as existing links between the customer and provider can be used.  The customer can keep the same layer 2 connections to the service provider, but instead of data being carried natively over an ATM or Frame Relay service, the traffic is encapsulated and routed over the provider's IP backbone   This clearly minimizes the migration cost to the customer.  It also means that this option is particularly appropriate to migrating specific existing networks – such as those based on a hub-and-spoke architecture which requires a number of branch offices to have connectivity to a single main office or data-center. The following diagram shows the point-to-point layer 2 connections between the customer sites, illustrating a section of each connection being emulated by the provider network. IP backboneCustomerSiteCustomerSiteCustomerSiteLayer 2Access CircuitsLayer 2 connections emulated bythe service provider's IP networkCopyright © 2003-2004 Data Connection Limited.  All Rights Reserved. Page 13 http://www.dataconnection.com5.1.2 VPLS Overview Another type of layer 2 VPN is a Virtual Private LAN Service (VPLS).  In this type of VPN, the Ethernet LAN at each customer site is extended as far as the edge of the provider network.  The provider network then emulates the function of a LAN switch or bridge to connect all of the customer LANs to create a single bridged (Ethernet) LAN.   One of the main differences between a VPWS and the VPLS described above is that the VPWS only provides a point-to-point service, whereas the VPLS provides a point-tomultipoint service.  This also means that the requirements on the CE devices are quite different.  In a VPWS, layer 2 switching must be carried out by the CE routers, which have to choose which Virtual Wire to use to send data to another customer site.  In comparison, the CE routers in a VPLS simply send all traffic destined for other sites to the PE router. SP network acts as a virtual LAN bridgeSP networkCustomerSiteCustomerSiteCustomerSite5.1.3 IPLS Overview In many networks, only IP traffic needs to be exchanged between customer sites, and the customer edge device is an IP router, instead of a layer 2 switch.  If this is the case, then it is possible to use a third type of layer 2 VPN – an IPLS (which stands for IP-only LAN-like Service, IP over LAN Service or IP LAN Service, depending on which Internet draft you read.).  As this type of VPN only forwards IP traffic, it is easy to confuse an IPLS with a layer 3 VPN – however, as traffic is forwarded based on the layer 2 header information, the IPLS still falls into the layer 2 VPN category. 5.2 VPWS Solutions In this section, we consider four VPWS solutions.  Each gives the customer a VPWS that looks like a traditional layer 2 VPN made up by connecting the customer sites using ATM or Frame Relay leased lines.  In each case, this is done by emulating a set of pointto-point wires between the CE routers.  The main differences between the solutions lie in the amount of configuration required by the service provider, and the types of tunnels used through the provider network.

Romanc�<@cr�ran lang=EN-US>  Capital Cost (to the VPN user).  The VPN user may require a solution that does not involve a costly replacement of their existing hardware.  Therefore, any VPN solution offered by a service provider must not require expensive extra function to be added to the customer edge devices.  Ideally, the solution will be fully interworkable with the VPN user's existing switches and routers. •  Manageability.  The VPN user will want a solution that is simple to manage and which minimizes the migration costs. The configuration of the VPN solution should not be so complex that the network management personnel require extensive training.  Neither should the solution require a significant overhaul of the VPN user's existing network architecture.  Equally, the ongoing day-to-day management should not be too onerous – for example, it should be easy to add new sites to the VPN.