Site icon Tech Biz Vibe

Summary of MPLS L2VPN Technology that Network Engineers Must Understand in High-salary Interview

Traditional VPN (Virtual Private Network) based on ATM or Frame Relay (FR) is widely used. They can share the network structure of operators among different VPN. The disadvantages of this VPN are:

Relying on dedicated media (such as ATM or FR): To provide ATM-based VPN services, operators must establish ATM networks covering all service areas. In order to provide FR based VPN services, it is also necessary to establish a FR network covering all service areas, resulting in waste in network construction.

Complex deployment: especially when adding a new site to an existing VPN, you need to modify the configuration of all edge nodes accessing the VPN site at the same time. Because of the above shortcomings, new VPN alternatives have emerged, MPLS L2VPN is one of them.

MPLS L2VPN provides Layer 2 VPN services based on MPLS (Multi-protocol Label Switching) networks, enabling operators to provide Layer 2 VPN based on different data link layers on a unified MPLS network, including ATM, FR, VLAN, Ethernet, PPP, etc.

To put it simply, MPLS L2VPN is to transparently transmit user layer 2 data on the MPLS network. From the user’s perspective, MPLS network is a two-layer switching network, which can establish two-layer connections between different nodes.

MPLS L2VPN can be divided into:

1. The CCC uses a layer of labels to transmit user data. The CCC’s use of LSP is exclusive. The CCC’s LSP is only used to transmit the data of this CCC connection. It cannot be used for other MPLS L2VPN connections, nor can it be used for MPLS L3VPN or to carry ordinary IP messages. It can support remote connection and local connection. When connecting remotely, you need to configure static LSP on the P router.

2. SVC is a static MPLS L2VPN. It does not use signaling protocols in L2VPN information transmission. SVC is very similar to Martini’s MPLS L2VPN, except that it does not use LDP to transmit Layer 2 VC and link information. VC label information is manually configured.

3. In Martini mode, VC-TYPE and VC ID are used to mark a VC (the VC logo on two PEs should be the same, and the same TYPE should have the same ID). VC-TYPE represents the type of VC encapsulation. The VC ID of all VCs in the same VC-TYPE must be unique in the entire PE. LDP is used to exchange VC labels. Since PEs may not be directly connected, LDP must use remote peer to establish a session and use this session to transfer VC labels. The specific configuration requires configuring the peer PE LDP remote peer, and configuring the peer address and VC ID of L2VC under the interface connecting CE. The difference between MARTINI and SVC is that you only need to set a VC ID, and LDP will automatically assign you a label. The specific label used in SVC mode also needs to be manually set.

4. The Kompella mode is different from Martini mode. The MPLS L2VPN of Kompella mode does not directly operate the connection between CE and CE, but divides different VPNs in the entire operator network, and numbers the CE inside the VPN. To establish a connection between two CEs, you only need to set the CE IDs of the local CE and the remote CE on the PE, and specify the Circuit IDs that the local CE assigns to the connection (for example, VPI/VCI of ATM). Use BGP extension as signaling protocol to distribute VC labels. BGP connection, L2VPN BGP connection, RD and RT configuration using MPLS L2VPN similar to L3VPN, CE ID configuration, port and type of connection are required for specific configuration.

Compared with MPLS L3VPN, MPLS L2VPN has the following advantages:

Strong scalability: MPLS L2VPN only establishes a two-layer connection relationship and does not introduce and manage user routing information. This greatly reduces the burden of PE (Provider Edge Device) and even the entire SP (Service Provider) network, enabling service providers to support more VPNs and access more users.

The reliability and security of private network routing are guaranteed: MPLS L2VPN cannot obtain and process user routing because it does not introduce user routing information, which ensures the security of user VPN routing.

It supports multiple network layer protocols, including IP, IPX, SNA, etc.


Exit mobile version