Layer2VPNs Using MPLS

22nd Mar 2017

By Sujay G.

Layer2 and Layer3 VPNs which use packet transport IP/MPLS, are very cost effective and can emulate traditional leased line and bit oriented timed circuit services.

Layer2 VPN is distinct in preserving the layer2 PDU intact and delivering it across from point A to point B across a shared medium. Layer3 VPNs achieve the same task, however, it isolates the user traffic at multiple Layer3 sub-domains. This approach gives challenges of scale on the PE router which is facing the customer. As now the router has to handle multiple Layer3 routing tables, segregated by VRFs and Layer3 routing policies to allow none of the services to interfere with each other. The key advantage is reducing the maintenance and operational cost of a wide area Layer3 network to the local office.

Below is a sample scale number of Layer2 VPN versus Layer3 VPN from OcNOS supported Dell-S4048-ON switch running Broadcom Trident2. It is clearly evident that Layer2 VPN technology allows more scale from the router/switch, thus reducing the cost per unit service, when compared to Layer3 VPN. This also implies small form factor routers can be used for L2VPNs more effectively, thereby further reducing the capital expense per unit service.

IP Infusion Layer2VPNs Using MPLS - Part1


In this topic we shall focus on Layer2 VPNs only being used for connecting 2 site in a point-to-point network. Although it can be used for interconnecting multiple point to multiple point nodes, it will not be discussed here.

Depending upon the needs L2VPN can interconnect only 2 end points; in which case it is called Psuedowire Ethernet emulation service (PWE3), E-LINE or VPWS connectivity. When it interconnects multiple points to each other it is termed as VPLS, E-LAN service.

Layer2 VPNs owing to its simplicity, able to scale and lay out transparent services to the customer is more in use than its Layer3 peer. In the modern day maximum use cases of Layer2 VPNs are seen in the following areas:

1) WAN Interconnect for enterprises:

Here the L2VPN is used as an alternate to expensive captive WAN infrastructure. As it is Layer2 in nature, the customer is not bothered for IP maintenance and routing, virtualized systems can get transferred easily across WAN and talk to remote applications across the WAN.

A L2VPN interconnect also is looked upon as a raw pipe connectivity. This can be used to interconnect a Layer2, 2.5, 3 technology of one’s choice. A common usage therefore is by enterprises which run MPLS over a L2VPN circuit, which in turn may be built internally again using MPLS. As often is the case with large enterprises which use MPLS to interconnect their offices and data centers.

Today, as more and more workload is being shifted to cloud scale infrastructures, cloud networking has to grow beyond a single location; both to accommodate the larger demand and also for disaster recovery reasons. As it grows beyond a single location, the need for interconnecting these centers requires a networking across a WAN link. L2VPN over IP/MPLS comes out as a technology with all the feature sets required for the purpose. Having a flat layer2 connectivity across the WAN link, implies either the Layer2 domain virtual applications can then now migrate across the WAN link. Equally the cloud operator can segment the Layer2 networks, by having multiple Layer3 sub-domains; and do all this transparently over a DCI.

2) Mobile backhaul and Access aggregation:

This case is fundamentally same as the previous one, that of L2VPN replacing a traditional leased line use case. Mobile telephony systems have cell towers and zonal equipment’s which connect back to the aggregated systems which do further call processing services. They are connected using leased lines with traditional circuit services. Moving out from traditional circuit services to IP based services like L2VPN helps them cut costs, essentially because now they can backhaul multiple services over the same IP service.

Another interesting use case is that of Metro aggregation. Typically an internet service provider lays cables and connectivity right from the local office to the customer equipment. And then from every local office aggregate all the traffic to another local office one level above in the hierarchy eventually terminating to a CMTS or BRAS where the services are controlled and provided. Multiple levels of aggregation involves a cost & operational expense of the physical cables. Here at certain levels there is a possibility to aggregate multiple services over a single physical cable, L2VPN serves as the right technology to achieve it. The MEF forum has listed a set of criteria and service levels which should be complied when using L2VPN for Metro aggregation.

Layer2 VPN is also used a Layer2 circuit means by large Internet exchange providers. It helps them provide scaled services at the same time, leave the BGP policies for route exchange outside their domain to the end peering points.