Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Understanding the Virtual Private LAN Service


The virtual private LAN service (VPLS) is an Ethernet-based point-to-multipoint Layer 2 virtual private network (VPN) that enables you to connect geographically dispersed Ethernet local area network (LAN) sites to each other across an MPLS backbone. For customers who implement VPLS, all sites appear to be in the same Ethernet LAN even though traffic travels across service provider networks.

VPLS, in its implementation and configuration, has much in common with a Layer 2 VPN. In VPLS, a packet originating within a service provider customer’s network is sent first to a customer edge (CE) device (for example, a router or Ethernet switch). It is then sent to a provider edge (PE) router within the service provider network. The packet traverses the service provider network over an MPLS label-switched path (LSP). It arrives at the egress PE router, which then forwards the traffic to the CE device at the destination customer site. The difference is that, for VPLS, packets can traverse the service provider networks in point-to-multipoint fashion, meaning that a packet originating from a CE device can be broadcast to all the PE routers participating in a VPLS routing instance. In contrast, a Layer 2 VPN forwards packets in point-to-point fashion. The paths carrying VPLS traffic between each PE router participating in a routing instance are called pseudowires.

The pseudowires are signaled using either BGP or LDP, based on the VPLS implementation. There are two standardized VPLS implementations supported by the IETF: RFC 4761, Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling, and RFC 4762, Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling.

RFC 4761-based implementations use BGP for auto discovery and signaling, whereas RFC 4762-based implementations use LDP for signaling (auto discovery is not supported in this model).

VPLS multihoming enables you to connect a customer site to multiple PE routers to provide redundant connectivity while preventing the formation of Layer 2 loops in the service provider network. A VPLS site that is multihomed to two or more PE routers provides redundant connectivity in the event of a PE router-to-CE device link failure or the failure of a PE router.

When multihoming a VPLS site (potentially in different autonomous systems [ASs]), the PE routers connected to the same site can either be configured with the same VPLS edge (VE) device identifier or with different VE device identifiers. If you are using different VE device identifiers, you must run the Spanning Tree Protocol (STP) on the CE device, and possibly on the PE routers, to construct a loop-free VPLS topology.

If the PE routers are connected to the same site and assigned the same VE device identifier, a loop-free topology is constructed using a routing mechanism such as BGP path selection. When a BGP speaker receives two equivalent network layer reachability information (NLRI) advertisements, it applies standard path selection criteria, such as local preference and AS path length, to determine which NLRI to choose, and selects only one.

Because a PE router picks one of the received NLRI advertisements with a particular VE device identifier, it establishes the pseudowire only to the PE router from which the winning advertisement originated. This prevents the creation of multiple paths between sites and formation of Layer 2 loops in the network. If the selected PE router fails, all PE routers in the network automatically switch to the backup PE router and establish pseudowires through the backup PE router.

Two VPLS NLRIs are considered equivalent from a path selection perspective if the following are the same:

  • Route distinguisher

  • VE device identifier

  • VE block offset

If two PE routers are assigned the same VE device identifier in a given VPLS, they must also advertise the same VE block size for a given VE offset. The PE routers can be configured with the same route distinguisher or with distinct route distinguishers.

We recommend that you configure distinct route distinguishers for each multihomed router. Configuring distinct route distinguishers provides faster convergence when the connection to a primary router goes down. Configuring distinct route distinguishers also requires the other PE routers to maintain additional state information.