Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Understanding VPWS

Virtual private wire service (VPWS) Layer 2 VPNs employ Layer 2 services over MPLS to build a topology of point-to-point connections that connect end customer sites in a VPN. These Layer 2 VPNs provide an alternative to private networks that have been provisioned by means of dedicated leased lines or by means of Layer 2 virtual circuits that employ ATM or Frame Relay. The service provisioned with these Layer 2 VPNs is known as VPWS. You configure a VPWS instance on each associated edge device for each VPWS Layer 2 VPN.

Traditional VPNs over Layer 2 circuits require the provisioning and maintenance of separate networks for IP and for VPN services. In contrast, VPWS enables the sharing of a provider’s core network infrastructure between IP and Layer 2 VPN services, reducing the cost of providing those services.

Junos OS supports two types of VPWS Layer 2 VPNs:

  • Kompella Layer 2 VPNs, which use BGP for autodiscovery and signaling.

  • FEC 129 BGP autodiscovery for VPWS, which uses BGP for autodiscovery and LDP as the signaling protocol.

FEC 129 BGP autodiscovery for VPWS requires the l2vpn-id, source-attachment-identifier, and target-attachment-identifier statements. Kompella Layer 2 VPNs require the site-identifier and remote-site-id statements.


VPWS creates pseudowires that emulate Layer 2 circuits. A virtual private LAN service (VPLS) network is similar to VPWS, but provides point-to-multipoint traffic forwarding in contrast to the VPWS Layer 2 VPN’s point-to-point traffic forwarding. If you need point-to-multipoint service instead of point-to-point service, consider using VPLS instead of VPWS.

A VPWS Layer 2 VPN can have either a full-mesh or a hub-and-spoke topology. The tunneling mechanism in the core network typically is MPLS. However, VPWS can also use other tunneling protocols, such as GRE. VPWS is similar to Martini Layer 2 services over MPLS, and employs a similar encapsulation scheme for forwarding traffic.

Figure 1 illustrates an example of a simple VPWS Layer 2 VPN topology.

Figure 1: VPWS Sample TopologyVPWS Sample Topology

In this example, the service provider offers VPWS services to Customer A and Customer B. Customer A wants to create a full mesh of point-to-point links between Westford and Bengaluru. Customer B needs only a single point-to-point link between Westford and Sunnyvale. The service provider uses BGP and MPLS signaling in the core, and creates a set of unidirectional pseudowires at each provider edge (PE) device to separately cross-connect each customer’s Layer 2 circuits.

In order to provision this service, the provider configures two VPWS Layer 2 VPNs, Layer 2 VPN A and Layer 2 VPN B. The circuit cross-connect (CCC) encapsulation type (ethernet-ccc or vlan-ccc) is configured for each VPWS Layer 2 VPN. All interfaces in a given VPWS Layer 2 VPN must be configured with the VPWS Layer 2 VPN’s encapsulation type.

Local and remote site information for the interfaces identifies the cross-connect. Local cross-connects are supported when the interfaces that are connected belong to two different sites configured in the same VPWS instance and on the same PE device.

BGP advertises reachability for the VPNs. The BGP configuration is similar to that used for other VPN services, such as Layer 3 VPNs and VPLS. MPLS is configured to set up base LSPs to the remote PE devices similarly to the other VPN services.

Junos OS provides VPWS support the following configuration methods:

  • Pseudowires are manually configured using Forwarding Equivalence Class (FEC) 128.

  • Pseudowires are signaled by LDP using FEC 129. This arrangement reduces the configuration burden that is associated with statically configured Layer 2 circuits while still using LDP as the underlying signaling protocol.

Supported and Unsupported Features

Junos OS supports the following features with VPWS :

  • Intra-AS VPWS functionality using BGP for autodiscovery and FEC 129 LDP for pseudowire signaling.

  • Graceful Routing Engine switchover.

  • Operation, administration, and maintenance (OAM) mechanisms, including Bidirectional Forwarding Detection and MPLS ping.

  • FEC 128 LDP signaling with static configuration (in Junos OS this is configured within protocols l2circuit). With this option, there is no BGP autodiscovery.

Junos OS does not support the following VPWS functionality:

  • Multihoming of customer sites to multiple PE devices using the BGP site model of multihoming.

  • Terminating FEC 129 VPWS into a mesh group of an FEC 129 VPLS instance.

  • Intra-AS VPWS functionality using BGP for autodiscovery and FEC 128 LDP for pseudowire signaling.

  • FEC 129 VPWS without BGP autodiscovery.

  • Static configuration of VPWS with FEC 129 signaling.

  • Nonstop active routing.

  • Multi-segment pseudowires.

  • Interworking of FEC 128 and FEC 129 VPWS.

  • Statically configured Layer 2 circuit-style pseudowire redundancy.

  • Inter-AS deployments.