Thursday, December 30, 2010

How Do You Differentiate Between LAYER2 VPN And LAYER3 VPN?

On a high level .... L2VPN is only switching without any routing capability, so end customers still need to have a router facing the WAN SP, and manage their routing table. while L3VPN (MPLS vrf) allows the customer to outsource his routing responsibility to the SP, where he only needs a switch as the CE.

It only depends on the application of service/customer; there are customers who prefer to manage their routing functionality especially SPs (in a wholesale model), on the other hand L3 VPNs are mostly demanded by Banks, and SME corporates.

Specifically .... the L2 VPN would only be configured of VPLS IDs, VLAN IDs, VSI, and pseudo wire tunnels for switching, without configuring any L3 routing protocols or IP addresses for traffic routing within the MPLS network.

L3VPN, is a MPLS vrf (MBGP) cloud that is configured on the PE routers where the VLANs (L2) are binded to; so ideally, from the customer CE all the way to the PE router (through the Aggregator switch) is a VLAN that is binded to the L3 vrf with a /30 IP subnet. this is more scalable for many branches customers, or hub and spoke topology.

VPLS and IPLS are types of L2 Switching ....

VPLS .... Virtual Private LAN Service is basically adding two MPLS labels onto the customer Ethernet frames based on destination MAC address/port/VLAN information at the ingress node facing the customer CE.

The tunnel label is inserted at the top of the stack, which is then used by the MPLS network to reach the egress node. The VC label is introduced at the bottom of the stack is used by the egress node to deliver the frame to the destination network. The interconnected systems (usually LAN switches and the PE devices) must function as MAC learning bridges.

IPLS .... IP-only LAN-like Service is very rarely deployed, which is another L2 MPLS VPN, IPLS is a type of VPLS that is restricted to IP traffic only. the interconnected systems are not LAN switches, but rather are IP hosts or routers, so some simplifications are possible.

In IPLS, as in VPLS, LAN interfaces are run in promiscuous mode, and frames are forwarded based on their MAC destination addresses, but maintaing the MAC forwarding tables is done via signaling, rather than via MAC address learning procedures. In addition IPLS does not require flooding of ARP frames, and unknown unicast frames are never flooded as its the case in VPLS. Also, encapsulation is more efficient in IPLS because the MAC header is stripped while transported through the MPLS network.

For free assistance designing the right VPN-MPLS archetecture for your application requirements go to ...... MPLS Solution

Labels: , , , , , ,


Post a Comment

Links to this post:

Create a Link

<< Home