Technology Introduction

MPLS MPLS L2VPN

MPLS L2VPN

MPLS L2VPN provides Layer 2 VPN services on the MPLS network. It allows carriers
to establish L2VPNs on different data link layer protocols, including ATM, FR, VLAN,
Ethernet and PPP. In addition, the MPLS network provides traditional IP, MPLS L3VPN,
Traffic Engineering (TE), and QoS services.
MPLS L2VPN transfers Layer 2 user data transparently on the MPLS network. For
users, the MPLS network is a Layer 2 switched network and can be used to establish
Layer 2 connections between nodes.
Consider ATM as an example. Each customer edge device (CE) can connect to the
MPLS network through an ATM virtual circuit (VC) to communicate with another CE.
This is similar to that on an ATM network.

CE 2
CE 1
VPN 1
VPN 1 VC
PE 2
VC

LSP
P

VC PE 1 PE 3

VC
VPN 2
CE 3 CE 4 VPN 2

Figure 1 Network diagram for MPLS L2VPN

Comparison with Traditional VPN

Traditional VPNs based on Asynchronous Transfer Mode (ATM) or Frame Relay (FR)
are quite popular. They share the network infrastructure of carriers. However, they have
some inherent disadvantages:
z Dependence on dedicated media: To provide both ATM-based and FR-based
VPN services, carriers must establish two separate infrastructures across the
whole service scope, one ATM infrastructure and one FR infrastructure.
Apparently, the cost is very high and the infrastructures are not utilized efficiently.
z Complicated deployment: To add a site to an existing VPN, you have to modify the
configurations of all edge nodes connected with the VPN site.
MPLS L2VPN is developed as a solution to address the above disadvantages.

1
Technology Introduction
MPLS MPLS L2VPN

Comparison with MPLS L3VPN

Compared with MPLS L3VPN, MPLS L2VPN has the following advantages:
z High scalability: MPLS L2VPN establishes only Layer 2 connections. It does not
involve the routing information of users. This greatly reduces the load of the PEs
and even the load of the whole service provider network, enabling carriers to
support more VPNs and to service more users.
z Guaranteed reliability and private routing information security: As no routing
information of users is involved, MPLS L2VPN neither tries to obtain nor
processes the routing information of users, guaranteeing the security of the user
VPN routing information.
z Support for multiple network layer protocols, such as IP, IPX, and SNA.

Basic Concepts of MPLS L2VPN

In MPLS L2VPN, the concepts and principles of CE, PE and P are the same as those in
MPLS L3VPN:
z Customer edge device (CE): A CE resides on a customer network and has one or
more interfaces directly connected with service provider networks. It can be a
router, a switch, or a host. It cannot "sense" the existence of any VPN, neither
does it need to support MPLS.
z Provider edge router (PE): A PE resides on a service provider network and
connects one or more CEs to the network. On an MPLS network, all VPN
processing occurs on the PEs.
z Provider (P) router: A P router is a backbone router on a service provider network.
It is not directly connected with any CE. It only needs to be equipped with basic
MPLS forwarding capability.
MPLS L2VPN uses label stacks to implement the transparent transmission of user
packets in the MPLS network.
z Outer label, also called tunnel label, is used to transfer packets from one PE to
another.
z Inner label, also called VC label, is used to identify different connections between
VPNs.
z Upon receiving packets, a PE determines to which CE the packets are to be
forwarded according to the VC labels.
Figure 2 illustrates how the label stack changes in the MPLS L2VPN forwarding
process.

2
Technology Introduction
MPLS MPLS L2VPN

T V L2PDU T` V L2PDU

PE 1 PE 2

L2PDU L2PDU

CE 1 CE 2

1) L2 PDU: Layer 2 protocol data unit

2) T represents tunnel label. V represents VC label. T’ represents swapped tunnel label.

Figure 2 MPLS L2VPN label stack processing

Implementation of MPLS L2VPN

Currently, there is no official standard for MPLS L2VPN. The Provider-Provisioned
Virtual Private Network (PPVPN) working group of the IETF has drafted several
framework protocols. Two of the most important ones are Martini draft and Kompella
draft:
z draft-martini-l2circuit-trans-mpls
z draft-kompella-ppvpn-l2vpn
The Martini draft defines a method for establishing PPP links to implement MPLS
L2VPN. It uses Label Distribution Protocol (LDP) as a signaling protocol to transfer VC
labels.
The Kompella draft defines a CE-to-CE mode for implementing MPLS L2VPN on the
MPLS network. It uses extended BGP as the signaling protocol to advertise Layer 2
reachability information and VC labels.
In addition, MPLS L2VPN can also be implemented by configuring VC labels statically.
Circuit Cross Connect (CCC) and Static Virtual Circuit (SVC) are two of the static
implementation methods.
The following sections describe the characteristics of these implementation methods
for MPLS L2VPN.

CCC MPLS L2VPN

Unlike common MPLS L2VPN, Circuit Cross Connect (CCC) employs just one level of
label to transfer user data. Therefore, it uses label switched paths (LSPs) exclusively.
That is, a CCC LSP can be used to transfer only the data of the CCC connection; it can
neither be used for other MPLS L2VPN connections, nor for MPLS L3VPN or common
IP packets.

3
Technology Introduction
MPLS MPLS L2VPN

The most significant advantage of this method is that no label signaling is required for
transferring Layer 2 VPN information. As long as MPLS forwarding is supported and
service provider networks are interconnected, this method works perfectly. In addition,
since LSPs are dedicated, this method supports QoS services.
There are two types of CCC connections:
z Local connection: A local connection is established between two local CEs that
are connected to the same PE. The PE functions like a Layer 2 switch and can
directly switch packets between the CEs without any static LSP.
z Remote connection: A remote connection is established between a local CE and a
remote CE, which are connected to different PEs. In this case, a static LSP is
required to transport packets from one PE to another.

Note:
You must configure for each remote CCC connection two LSPs, one for inbound and
the other for outbound, on the P device along the remote connection.

SVC MPLS L2VPN

Static Virtual Circuit (SVC) also implements MPLS L2VPN by static configuration. It
transfers L2VPN information without using any signaling protocol.
The SVC method resembles the Martini method closely and is in fact a static
implementation of the Martini method. The difference is that it does not use LDP to
transfer Layer 2 VC and link information. You only need to configure VC label
information.

Note:
The labels for CCC and SVC range from 16 to 1023, which are reserved for static LSPs.

Martini MPLS L2VPN

The key of the Martini method is to set up VCs between CEs.

Martini MPLS L2VPN employs VC type and VC ID to identify a VC. The VC type
indicates the encapsulation type of the VC, which can be ATM, VLAN, or PPP. The VC
ID uniquely identifies the VC among the VCs of the same VC type on a PE.
The PEs connecting the two CEs of a VC exchange VC labels through LDP, and bind
their respective CE by the VC ID.

4
Technology Introduction
MPLS MPLS L2VPN

Once LDP establishes an LSP between the two PEs and the label exchange and the
binding to CE are finished, a VC is set up and ready to transfer Layer 2 data.
To allow the exchange of VC labels between PEs, the Martini method extended LDP by
adding the forwarding equivalence class (FEC) type of VC FEC. Moreover, as the two
PEs exchanging VC labels may not be connected directly, a remote LDP session must
be set up to transfer the VC FEC and VC labels.
With Martini MPLS L2VPN, only PEs need to maintain a small amount of VC labels and
LSP mappings and no P device contains Layer 2 VPN information. Therefore, it has
high scalability. In addition, to add a new VC, you only need to configure a one-way VC
for each of the PEs. Your configuration will not affect the operation of the network.
The Martini method applies to scenarios with sparse Layer 2 connections, such as a
scenario with a star topology.

Kompella MPLS L2VPN

Kompella MPLS L2VPN is different from Martini MPLS L2VPN in that it does not
operate on the connections between CEs directly. It organizes different VPNs in the
whole service provider network and encodes each CE in a VPN. For a connection to be
established between two CEs, you only need to perform these tasks on the PEs:
z Configuring CE IDs of the local and remote CEs respectively
z Specifying the circuit ID that the local CE assigns to the connection, such as the
VPI/VCI with ATM.
Kompella MPLS L2VPN uses extended BGP as the signaling protocol to distribute VC
labels. Its label block mode allows it to assign labels to multiple connections at a time.
With Kompella MPLS L2VPN, you can specify a local CE range to indicate how many
CEs can be connected with a CE. Then, the system assigns a label block of a size
equal to the CE range for the CE. In this way, you can reserve some labels for the VPN
for future use. This wastes some label resources in a short term, but can reduce the
VPN deployment and configuration workload in the case of expansion.
Imagine that an enterprise VPN contains 10 CEs and the number may increase to 20 in
future service expansion. In this case, you can set the CE range of each CE to 20. Thus,
when you need to add a CE to the VPN later, you only need to modify the configurations
of the PE to which the new CE is connected. No change is required for the other PEs.
This makes VPN expansion extremely simple.
Similar to MPLS L3VPN, Kompella MPLS L2VPN also uses VPN targets to identify
VPNs. This brings excellent VPN networking flexibility.
In addition, Kompella supports local connections and inter-provider VPN solutions.