VPN versus VPLS

Bonjour,

Do you make a difference between a network VPN and a VPLS?

It would seem that a VPLS is a multipoint-to-multipoint connection in a transport network, unlike to a network VPN that would be point-to-point. Do you agree that difference, and are there others?

In which standard VLPS is really defined?

Best regards, Michelot

Reply to
Michelot
Loading thread data ...

Bonsoir Michelot,

Thanks for giving me the opportunity of writing questions. After writing, I continue searching some elements to reply and... I found this by chance.

A definition is in draft-ietf-l2vpn-vpls-bgp-08 (that expires in December 2006)

"Virtual Private LAN (Local Area Network) Service (VPLS), also known as Transparent LAN Service, and Virtual Private Switched Network service, is a useful Service Provider offering. The service offers a Layer 2 Virtual Private Network (VPN); however, in the case of VPLS, the customers in the VPN are connected by a multipoint Ethernet LAN, in contrast to the usual Layer 2 VPNs, which are point-to-point in nature".

Best regards, Michelot

Reply to
Michelot

Most definitely. There is no uniformly agreed upon definition of "network VPN" - but as we implement it:

- VPN normally means a Layer 3 VPN, implemented using MPLS (RFC 2547). It can be hub and spoke, full mesh or several other variants - but for instance the "full mesh" really comes for free.

- VPLS means a Layer 2 multipoint (full mesh) network. This used to be implemented with classical Ethernet switches, and the multipoint/full mesh came more or less for free. However, if you have a network large enough that simply connecting Ethernet switches is impractical, you need VPLS (which comes in two incompatible variants) - and multipoint/ full mesh no longer comes for free.

No, the difference is usually L2 versus L3.

Steinar Haug, Nethelp consulting, snipped-for-privacy@nethelp.no

Reply to
Steinar Haug

Bonsoir Steiner,

The expression "network based VPN" is defined in Y.1311 ITU-T Recommendation :

"The term "network based" is used to distinguish the network provider solutions described in this Recommendation [Y.1311] from VPN solutions which are implemented solely through the use of customer equipment based solutions. Whenever the term "VPN" is used in this Recommendation it shall be taken to mean a "network-based VPN".

SSL VPN is layer 4, HTTP VPN is application layer, ATM VPN is layer 2...

and it's real VPN, with tunnelling.

OK, we are talking in network povider as it is said in Y.1311.

I don't understand, could you please precise this.

Now, I rather would say Ethernet multipoint versus :

(1) non Ethernet multipoint (as L2 multipoint MPLS, or multipoint ATM through AAL5 frames) or (2) Ethernet point-to-point.

There is an interresting paper from Juniper on that, but sorry it's in French. You can read a few words :

formatting link
Best regards, Michelot

Reply to
Michelot

That's fine - but remember that not everybody thinks ITU-T Y.1311 has any special significance. Personally I think that this definition makes sense.

These are both normally implemented with customer equipment.

Yup - but ATM is on its way out and isn't particularly relevant here.

That's what I'm talking about also.

Some providers try to create large L2 networks by connection Etnernet switches. At some point they usually find that this doesn't scale well enough, which is where other technologies (e.g. VPLS) come to the rescue.

What is "L2 multipoint MPLS"?

I stand by my claim that the difference between VPLS and "network VPN" is usually L2 versus L3.

Steinar Haug, Nethelp consulting, snipped-for-privacy@nethelp.no

Reply to
Steinar Haug

Look at RFC4026 for VPN terminology. VPLS is being standardized by the IETF L2VPN Working Group.

formatting link
Anoop

Reply to
anoop

Bonjour Steinar,

Sure? ATM is the favourite protocol in access with UMTS architecture, ADSL, SDSL, VDSL. And, obviously this protocol continue running in the MAN networks, after the access.

You can add another element: is it a service in a unique network, or is it possible to spread the service by crossing other providers, apart from the technologies used by these providers.

Multipoint-to-multipoint with a pure Ethernet switching needs VLAN id technology, and it's difficult to cross other border provider networks, keeping the quality originally contracted. So it can be used for one network area.

The MPLS switching can be multipoint or point-to-point. And, when Ethernet client is encapsulated over MPLS over Ethernet provider or GFP, it's typically L2 MPLS.

Best regards, Michelot

Reply to
Michelot

I'm basically reporting what I'm seeing in the industry (and yes, I work in this industry myself). Yes, I'm quite sure that ATM is on its way out. It still lives on the last mile to the customer (and will hold out there for a while longer). Transport from the DSLAM to the backbone has been converted to Ethernet long ago. Haven't heard anybody mention ATM in connection with MANs for a long time...

Steinar Haug, Nethelp consulting, snipped-for-privacy@nethelp.no

Reply to
Steinar Haug

Bonsoir Steinar,

It's not the case here, generally the ATM termination is at the BAS, and not the DSLAM when the RFC 2684 bridged is used in the local loop.

AFAIK, we have a provider that uses RFC 2684 routed and Ethernet interfaces at the DSLAM, without connection to a BAS.

Best regards, Michelot

Reply to
Michelot

Bonsoir Anoop,

Thanks, very interresting, I note this. The figure 1 clarifies the L2 and L3 provider VPNs.

Best regards, Michelot

Reply to
Michelot

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.