Problem solve Get help with specific problems with your technologies, process and projects.


A short overview of Layer 2 VPNs and some of their draft standards.

The previous tech tip provided an overview of how to build partial and full mesh VPN topologies with Layer 3 MPLS VPNs. This tip will focus on an introduction to Layer 2 MPLS VPNs and the various Layer 2 VPN draft standards that are utilized in the industry.

Layer 2 MPLS VPNs are identical to private network VPNs in that the customer attaches his customer premise router to the MPLS cloud via traditional layer 2 circuits and builds a layer 3 routing topology over the provisioned circuits. The management of the routing is handled by the customer in the same fashion as they would with a traditional private VPN. In a Layer 2 VPN solution there is no exchange of routing information between the provider PE and the customer CE.

This is beneficial for organizations that need legacy protocol support or those that feel they can efficiently and cost effectively manage their own routing environment. They are in effect purchasing bandwidth, not the additional services offered by a layer 3 MPLS VPN.

Customers will still have the PVC mesh, provisioning and routing issues as before and there may be limitations on what interfaces a carrier will support. Carriers that are evaluating Layer 2 VPNs are challenged by the interconnectivity issues associated with Layer 2 VPNs. Support for any to any connectivity over L2 MPLS backbones is not widely deployed by any of the major carrier's. In most instances the CE routers require common access types. (Such as frame to frame or ATM to ATM). Ultimately Layer 2 MPLS VPNs will allow customers to attach any layer 2 access circuit to the MPLS cloud allowing for diverse and cost effective interface options.

There are multiple Layer 2 VPN service models that are being analyzed in the industry and are under consideration by various workgroups within the IETF. The two workgroups are the Provider-Provisioned Virtual Private Network Working Group (PPVPN WG), and the Psuedo Wire Emulation Edge-to-Edge Working Group (PWE3).

The PWE3 group is working on a draft named the "Martini" draft named after Luca Martini and the PPVPN group is working on the "Kompella" draft named after Kireeti Kompella.

Both Kompella and Martini have provisions in their drafts for provider provisioned L2 VPNs called virtual private wire service (VPWS), VPWSs are for point to point connectivity. The difference in the two is the provisioning of the VPNs. Kompella utilizes the BGP attribute route target, but Martini utilizes the virtual circuit ID tags on the virtual channels associated with the CE routers. In addition to the point to point architectures there are point to multipoint architectures called Virtual Private LAN Services (VPLS) or transparent LANs.

It has yet to be determined what the actual standards will look like, but Cisco and Juniper both support the point to point VPWS based on the Martini draft.

Layer 2 VPNs are seeing some headway in the carriers' deployments of MPLS technology. Verizon offers a transparent LAN service that allows customers to build Ethernet VPNs. This represents a very low cost solution with a well known technology. We will continue to discuss Layer 2 VPNs but not as much as Layer 3 VPNs. If and when carriers start deploying Layer 2 VPN services, I will discuss them more frequently.

Robbie Harrell (CCIE#3873) is the National Practice Lead for Advanced Infrastructure Solutions for SBC Communications. He has over 10 years of experience providing strategic, business, and technical consulting services to clients. Robbie resides in Atlanta, and is a graduate of Clemson University. His background includes positions as a Principal Architect at International Network Services, Lucent, Frontway and Callisma.

This was last published in June 2004

Dig Deeper on WAN optimization and performance