VPN versus VPLS
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||||||||||||||||||||||||||
|
Posted by Michelot on July 24, 2006, 4:23 pm
Please log in for more thread options Bonjour, Do you make a difference between a network VPN and a VPLS? It would seem that a VPLS is a multipoint-to-multipoint connection in a transport network, unlike to a network VPN that would be point-to-point. Do you agree that difference, and are there others? In which standard VLPS is really defined? Best regards, Michelot | |||||||||||||||||||||||||||||||||||||
|
Posted by Michelot on July 24, 2006, 5:13 pm
Please log in for more thread options Bonsoir Michelot, Thanks for giving me the opportunity of writing questions. After writing, I continue searching some elements to reply and... I found this by chance. A definition is in draft-ietf-l2vpn-vpls-bgp-08 (that expires in December 2006) "Virtual Private LAN (Local Area Network) Service (VPLS), also known as Transparent LAN Service, and Virtual Private Switched Network service, is a useful Service Provider offering. The service offers a Layer 2 Virtual Private Network (VPN); however, in the case of VPLS, the customers in the VPN are connected by a multipoint Ethernet LAN, in contrast to the usual Layer 2 VPNs, which are point-to-point in nature". Best regards, Michelot | |||||||||||||||||||||||||||||||||||||
|
Posted by Steinar Haug on July 25, 2006, 3:10 pm
Please log in for more thread options
> Do you make a difference between a network VPN and a VPLS?
Most definitely. There is no uniformly agreed upon definition of "network VPN" - but as we implement it: - VPN normally means a Layer 3 VPN, implemented using MPLS (RFC 2547). It can be hub and spoke, full mesh or several other variants - but for instance the "full mesh" really comes for free. - VPLS means a Layer 2 multipoint (full mesh) network. This used to be implemented with classical Ethernet switches, and the multipoint/full mesh came more or less for free. However, if you have a network large enough that simply connecting Ethernet switches is impractical, you need VPLS (which comes in two incompatible variants) - and multipoint/ full mesh no longer comes for free. > It would seem that a VPLS is a multipoint-to-multipoint connection in a
> transport network, unlike to a network VPN that would be > point-to-point. Do you agree that difference, and are there others? No, the difference is usually L2 versus L3. Steinar Haug, Nethelp consulting, sthaug@nethelp.no | |||||||||||||||||||||||||||||||||||||
|
Posted by Michelot on July 25, 2006, 4:40 pm
Please log in for more thread options
Bonsoir Steiner, > Most definitely. There is no uniformly agreed upon definition of "network
> VPN" - but as we implement it: The expression "network based VPN" is defined in Y.1311 ITU-T Recommendation : "The term "network based" is used to distinguish the network provider solutions described in this Recommendation [Y.1311] from VPN solutions which are implemented solely through the use of customer equipment based solutions. Whenever the term "VPN" is used in this Recommendation it shall be taken to mean a "network-based VPN". > - VPN normally means a Layer 3 VPN, implemented using MPLS (RFC 2547).
> It can be hub and spoke, full mesh or several other variants - but for > instance the "full mesh" really comes for free. SSL VPN is layer 4, HTTP VPN is application layer, ATM VPN is layer 2... and it's real VPN, with tunnelling. > - VPLS means a Layer 2 multipoint (full mesh) network. This used to be
> implemented with classical Ethernet switches, and the multipoint/full > mesh came more or less for free. OK, we are talking in network povider as it is said in Y.1311. > However, if you have a network large
> enough that simply connecting Ethernet switches is impractical, you > need VPLS (which comes in two incompatible variants) - and multipoint/ > full mesh no longer comes for free. I don't understand, could you please precise this. > > It would seem that a VPLS is a multipoint-to-multipoint connection in a
> > transport network, unlike to a network VPN that would be > > point-to-point. Do you agree that difference, and are there others? >
> No, the difference is usually L2 versus L3. Now, I rather would say Ethernet multipoint versus : (1) non Ethernet multipoint (as L2 multipoint MPLS, or multipoint ATM through AAL5 frames) or (2) Ethernet point-to-point. There is an interresting paper from Juniper on that, but sorry it's in French. You can read a few words : http://2003.jres.org/actes/paper.134.pdf Best regards, Michelot | |||||||||||||||||||||||||||||||||||||
|
Posted by Steinar Haug on July 26, 2006, 8:09 am
Please log in for more thread options
> > Most definitely. There is no uniformly agreed upon definition of "network
> > VPN" - but as we implement it: >
> The expression "network based VPN" is defined in Y.1311 ITU-T > Recommendation : > > "The term "network based" is used to distinguish the network provider > solutions described in this Recommendation [Y.1311] from VPN solutions > which are implemented solely through the use of customer equipment > based solutions. Whenever the term "VPN" is used in this Recommendation > it shall be taken to mean a "network-based VPN". That's fine - but remember that not everybody thinks ITU-T Y.1311 has any special significance. Personally I think that this definition makes sense. > > - VPN normally means a Layer 3 VPN, implemented using MPLS (RFC 2547).
> > It can be hub and spoke, full mesh or several other variants - but for > > instance the "full mesh" really comes for free. >
> SSL VPN is layer 4, > HTTP VPN is application layer, These are both normally implemented with customer equipment. > ATM VPN is layer 2...
Yup - but ATM is on its way out and isn't particularly relevant here. > and it's real VPN, with tunnelling.
> > > - VPLS means a Layer 2 multipoint (full mesh) network. This used to be
> > implemented with classical Ethernet switches, and the multipoint/full > > mesh came more or less for free. >
> OK, we are talking in network povider as it is said in Y.1311. That's what I'm talking about also. > > However, if you have a network large
> > enough that simply connecting Ethernet switches is impractical, you > > need VPLS (which comes in two incompatible variants) - and multipoint/ > > full mesh no longer comes for free. >
> I don't understand, could you please precise this. Some providers try to create large L2 networks by connection Etnernet switches. At some point they usually find that this doesn't scale well enough, which is where other technologies (e.g. VPLS) come to the rescue. > > > It would seem that a VPLS is a multipoint-to-multipoint connection in a
> > > transport network, unlike to a network VPN that would be > > > point-to-point. Do you agree that difference, and are there others? > >
> > No, the difference is usually L2 versus L3. >
> Now, I rather would say Ethernet multipoint versus : > > (1) non Ethernet multipoint (as L2 multipoint MPLS, or multipoint ATM > through AAL5 frames) or > (2) Ethernet point-to-point. What is "L2 multipoint MPLS"? I stand by my claim that the difference between VPLS and "network VPN" is usually L2 versus L3. Steinar Haug, Nethelp consulting, sthaug@nethelp.no | |||||||||||||||||||||||||||||||||||||
| Similar Threads | Posted |
| VPN versus VPLS | July 24, 2006, 4:23 pm |
| Juniper versus Cisco | February 5, 2005, 9:31 pm |
| Wireless Versus Ethernet | July 18, 2006, 5:55 pm |
| Ethernet Switch -- Managed versus Unmanaged | January 25, 2007, 3:33 pm |
| Ethernet Switch -- Managed versus Unmanaged | January 28, 2007, 1:43 pm |