173
Comparison with traditional VPN
Traditional VPNs based on Asynchronous Transfer Mode (ATM) or Frame Relay (FR) are quite popular.
They share the network infrastructure of carriers. However, they have some inherent disadvantages:
•
Dependence on dedicated media: To provide both ATM-based and FR-based VPN services,
carriers must establish two separate infrastructures across the whole service scope, one ATM
infrastructure and one FR infrastructure. Apparently, the cost is very high and the infrastructures are
not utilized efficiently.
•
Complicated deployment: To add a site to an existing VPN, you have to modify the configurations
of all edge nodes connected with the VPN site.
MPLS L2VPN is developed as a solution to address the above disadvantages.
Comparison with MPLS L3VPN
Compared with MPLS L3VPN, MPLS L2VPN has the following advantages:
•
High scalability: MPLS L2VPN establishes only Layer 2 connections. It does not involve the routing
information of users. This greatly reduces the load of the provider edge (PE) devices and even the
load of the whole service provider network, enabling carriers to support more VPNs and to service
more users.
•
Guaranteed reliability and private routing information security: As no routing information of users
is involved, MPLS L2VPN neither tries to obtain nor processes the routing information of users,
guaranteeing the security of the user VPN routing information.
•
Support for multiple network layer protocols, such as IP, IPX, and SNA.
Basic concepts
In MPLS L2VPN, the concepts and principles of CE, PE and P are the same as those in MPLS L3VPN:
•
Customer edge (CE) device: A CE resides on a customer network and has one or more interfaces
directly connected with service provider networks. It can be a router, a switch, or a host. It cannot
"sense" the existence of any VPN, neither does it need to support MPLS.
•
Provider edge (PE) device: A PE resides on a service provider network and connects one or more
CEs to the network. On an MPLS network, all VPN processing occurs on the PEs.
•
Provider (P) device: A P device is a backbone device on a service provider network. It is not directly
connected with any CE. It only needs to be equipped with basic MPLS forwarding capability.
MPLS L2VPN uses label stacks to implement the transparent transmission of user packets in the MPLS
network.
•
Outer label, also called tunnel label, is used to transfer packets from one PE to another.
•
Inner label, also called VC label, is used to identify different connections between VPNs.
•
Upon receiving packets, a PE determines to which CE the packets are to be forwarded according
to the VC labels.