L2VPN Overview
L2VPNs employ layer 2 services over MPLS to build a topology of point-to-point connections that connect end customer sites in a VPN. L2VPNs provide an alternative to private networks that have been provisioned by means of dedicated leased lines or by means of layer 2 virtual circuits that employ ATM or Frame Relay. The service provisioned with L2VPNs is also known as Virtual Private Wire Service (VPWS). You configure an L2VPN instance on each associated edge router for each L2VPN.
Traditional VPNs over layer 2 circuits require the provisioning and maintenance of separate networks for IP and for VPN services. In contrast, L2VPNs enable the sharing of a provider's core network infrastructure between IP and L2VPN services, reducing the cost of providing those services.
L2VPNs also use BGP as the signaling protocol, and consequently have a simpler design and require less provisioning overhead than traditional VPNs over layer 2 circuits. BGP signaling also enables autodiscovery of L2VPN peers. L2VPNs are similar to BGP/MPLS VPNs and VPLS in many respects, because all three types of services employ BGP for signaling.
An L2VPN provides the same services as layer 2 over MPLS except for CE-side load-balancing. The main differences between the L2VPNs and L2 over MPLS services are signaling, autodiscovery, and configuration.
L2VPNs can have either a full-mesh or a hub-and-spoke topology. The tunneling mechanism in the core network typically is MPLS. However, L2VPNs can also use other tunneling protocols, such as GRE. L2VPNs are similar to Martini layer 2 services over MPLS, and employ a similar encapsulation scheme for forwarding traffic.
Figure 123 illustrates an example of a simple L2VPN topology.
In this example, the service provider offers L2VPN services to Customer A and Customer B. Customer A wants to create a full mesh of point-to-point links between sites 1 and 2. Customer B needs only a single point-to-point link between site 3 and site 4. The service provider uses BGP and MPLS signaling in the core, and creates a set of unidirectional pseudowires at each provider edge (PE) router to separately cross-connect each customer's layer 2 circuits.
In order to provision this service, the provider configures two L2VPNs, L2VPN A and L2VPN B. An encapsulation type is configured for each VPN. All interfaces in a given L2VPN must be configured with the VPN's encapsulation type. The layer 2 interfaces that connect the PE router and CE device pairs are configured to be members of the corresponding L2VPN, L2VPN A or L2VPN B.
Local and remote site information for the interfaces identifies the cross-connect. Local cross-connects are supported when the interfaces that are connected belong to two different sites configured in the same L2VPN instance and on the same PE router.
BGP advertises reachability for the VPNs. The BGP configuration is similar to that used for other VPN services, such as layer 3 VPNs and VPLS. MPLS is configured to set up base LSPs to the remote PE routers similarly to the other VPN services.