.
Virtual Private LAN Service

Virtual private LAN service (VPLS) is a way to provide Ethernet based multipoint to multipoint communication over IP/MPLS networks. It allows geographically dispersed sites to share an Ethernet broadcast domain by connecting sites through pseudo-wires. VPLS is a virtual private network (VPN) technology. In contrast to L2TPv3, which allows only point-to-point layer 2 tunnels, VPLS allows any-to-any (multipoint) connectivity.

In a VPLS, the local area network (LAN) at each site is extended to the edge of the provider network. The provider network then emulates a switch or bridge to connect all customer LANs to create a single bridged LAN.  Virtual Private Networks (VPNs) have evolved considerably.  Today VPLS-based VPNs enable your service provider to offer customers the operational cost benefits of Ethernet with the predictable Quality-of-Service characteristics of MPLS.

 

 

Like MPLS based IP-VPNs VPLS is a multipoint service.  But, unlike IP-VPNs it can transport non-IP traffic. VPLS is a layer-2 multipoint VPN that allows multiple sites to be connected in a single bridged domain over a provider managed IP-MPLS network. 

All customer sites on a VPLS instance appear to be on the same Local Area Network.  This is regardless of their physical location.  VPLS uses a Ethernet service interface with the customer.  This simplifies the LAN/WAN boundary and allows flexible and rapid provisioning.

 

There are three main components to a VPLS network.  These are the Customer Edge (CE), the Provider Edge (PE) and the core MPLS network.  The CE device is a router or a switch located at the customer premises.  The PE device is where all the intelligence of the VPLS network resides.  This is where the VPLS originates and terminates.  The PE also has all the necessary tunnels set up to connect to the other PEs of your VPLS network.

 

The IP/MPLS core network interconnects the PEs.  It does not participate in the VPNS functionality.  Traffic is switched based on the MPLS labels.  The basis of a multipoint VPN service like VPLS is the full mesh of the MPLS tunnels that are set up between all the PEs participating in the VPN service.  For every VPLS instance the full mesh of inner tunnels called pseudo wires (PW) is created between all PEs that participate in the VPLS instance.

 

VPLS has significant advantages for customers. VPLS is also simpler and more cost effective to operate than a traditional service. Customers benefit because they can connect all of their sites to an Ethernet VPN that provides a secure, high speed and homogenous network. Moreover, VPLS provides a logical next step in the continuing evolution of Ethernet from a 10 Mbps shared LAN protocol to a multi-Gbps global service.

1. Customers control their own routing.

2. VPLS is inherently more secure because they don't advertise routes to carrier

3. If the client is already running a dynamic routing protocol such as EIGRP or OSPF, the migration is much easier than going to a layer 3 solution like MPLS.

4. Easier migration from point to point or frame relay network

Because VPLS emulates a LAN, full mesh connectivity is required. There are two methods for full mesh establishment for VPLS: using Border Gateway Protocol (BGP) and using Label Distribution Protocol (LDP). The "control plane" is the means by which provider edge (PE) routers communicate for auto-discovery and signaling. Auto-discovery refers to the process of finding other PE routers participating in the same VPN or VPLS. Signaling is the process of establishing pseudo-wires (PW). The PWs constitute the "data plane", whereby PEs send customer VPN/VPLS traffic to other PEs.

With LDP, each PE router must be configured to participate in a given VPLS, and, in addition, be given the addresses of other PEs participating in the same VPLS. A full mesh of LDP sessions is then established between these PEs. LDP is then used to create an equivalent mesh of PWs between those PEs.

An advantage to using PWs as the underlying technology for the data plane is that in case of failure, traffic will automatically be routed along available backup paths in the service provider's network. Failover will be much faster than could be achieved with e.g. Spanning Tree Protocol (STP). VPLS is thus a more reliable solution for linking together Ethernet networks in different locations than simply connecting a WAN link to Ethernet switches in both locations.

Because the WAN is now a large flat interconnected LAN loop avoidance must be arranged. PEs participating in a VPLS-based VPN must appear as an Ethernet bridge to connected customer edge (CE) devices. Received Ethernet frames must be treated in such a way as to ensure CEs can be simple Ethernet devices.

When a PE receives a frame from a CE, it inspects the frame and learns the CE's MAC address, storing it locally along with LSP routing information. It then checks the frame's destination MAC address. If it is a broadcast frame, or the MAC address is not known to the PE, it floods the frame to all PEs in the mesh.

 In regular Ethernet deployments, Spanning Tree Protocol is used for this. In VPLS, loop avoidance is arranged by the following rule: A PE never forwards a frame received from a PE, to another PE.

Security is a major requirement in today’s I.T. infrastructure.  VPLS takes network connectivity one step further and pushes authentication out to the Provider Edges (PE) device using a well known authentication mechanism called RADIUS.

This method requires ALL PEs to be configured with one or more RADIUS servers to use. When the first CE router in a particular VPLS VPN connects to the PE, it uses the CE's identification to request authentication from the RADIUS server. This identification may be provided by the CE, or may be configured into the PE for that particular CE. In addition to a username and password, the identification string also contains a VPN name, and an optional provider name.

The RADIUS server keeps track of all PEs that requested authentication for a particular VPN, and returns a list of them to the PE requesting authentication. The PE then establishes LDP sessions to every PE in the list.

If you would like more information on VPLS or multi-site bandwidth services go to our contact page, call us at 877.411.HSIA or why not just start the process now by going to broadbandcrossing.com, select multi-site network services from the drop down list and enter your information for a quick turnaround in availability and pricing.  The service is free! You have nothing to lose.



Copyright 2010 broadbandcrossing.com All rights reserved.