Professional Documents
Culture Documents
http://packetpushers.net/using-l2tpv3-for-layer-3-vpns/
HOME
ABOUT
CONTACT
FAQ
CALENDAR
ADVERTISE
FORUM
IRC
RSS
@PACKETPUSHERS
1 of 3
03/17/2013 01:43 PM
http://packetpushers.net/using-l2tpv3-for-layer-3-vpns/
Search
Deploying L3VPNs using MPLS is common in service provider andmore recentlyin enterprise environments. While not as widespread, using L2TPv3 as the foundation for RFC2547bis-like VPNs is a viable alternative for L3VPN and highlight arguments against the protocol. Ill refer to the technology as MPLS/L2TPv3.
5
Tweet
that has its advantages. In this post, Ill describe reasons for selecting L2TPv3
Heres a quick technology refresher. In the context of L3VPNs, L2TPv3 tunneling is used to build VPNs over a native IP network. Familiar MPLS/VPN concepts such as P|PE|CE routers, VRFs, route targets, and route distinguishers carry over mostly intact. Rather than using an outer label, the IP header in the L2TPv3-encapsulated packet directs packets to the egress PE, where the session ID and cookie are used to de-multiplex connections. The inner label encapsulates the customer IP packet the same way as in traditional MPLS/VPN deployments. MPLS/L2TPv3 is simple to congure and maintain. Since the core is native IP, label distribution protocols arent needed. All MPLS conguration is performed on the PE routers. PE to PE connectivity problems can be diagnosed with ping. If the ping fails, your NOC will investigate an IP routing issue rather than examining label state in the core. The decoupling of the end-to-end LSP and L3VPN construction permits greater flexibility. I can build an overlay L3VPN to any location that has vanilla IP connectivity. In selecting service providers for my global locations, I am not tied to SPs that offer Carrier-Serving-Carrier (CsC) or Inter-AS Option 3. Give me an IP pipe, and I can create PE devices anywhere without resorting to questionably scalable GRE overlays. Lets look at two applications. Mobile network operators are moving toward IP/Ethernet for cell site to aggregation point connectivity (known as backhaul in the industry). Carrier Ethernetthough popularis a poor match for oering commodity Internet access to mobile subscribers (for more on this, see my article in Ciscos IP Journal). A better approach is using a native IP backhaul network. Since operators often require address separation, MPLS/L2TPv3 is a natural t. Providers can roll their own L3VPN without interaction with the backhaul providers. The second application Ill mention is cloud/data center. Im not the rst person who has pointed out scalability problems with segmenting the network using VLANs. Layer 3-centric architectures have superior scaling properties and discourage wide-area live migration and other practices that scare us network engineers. The MPLS/VPN architecture allows for segmentation at Layer 3. Of course, this could be accomplished with an MPLS core or native IP one with L2TPv3. Id argue that engineers should consider L2TPv3 for the ability to construct L3VPNs without end-to-end LSPs. Think about the ease in which you could connect data centers and various cloud types over public and private networks. I was involved in the deployment of MPLS/L2TPv3 at a major Tier 1 ISP. In this position, I probably heard most arguments against L2TPv3. Lets examine several of these. L2TPv3 creates a vendor lock-in situation - MPLS/L2TPv3 definitely limits your router vendor options. Cisco implements MPLS/L2TPv3. I believe Huawei may as well. Im convinced Juniper would implement MPLS/L2TPv3 if your spending warranted. I already implemented MPLS for other reasons. Using MPLS/L2TPv3 probably doesnt make sense if you already have MPLS in the core and are satised with limitations that accompany the need for the end-to-end LSP. You could always use GRE for the one-os for which an LSP cant be established. Last Name * = required field Subscribe March 26 @ 1PM EST...click to register.
FORUM
Show 140 Introduction OpenStack and Quantum Projects
2 of 3
03/17/2013 01:43 PM
http://packetpushers.net/using-l2tpv3-for-layer-3-vpns/
BLOG CATEGORIES
Book Review Certification Data Center IPv6 Jobs Load Balancing Network Management Routing SDN (Software Defined Networking) Security
COPYRIGHT THROPOS LTD ( A LIMITED COMPANY REGISTERED IN THE UK) 2008-2013 - CONTACT US FOR SPONSORSHIP AND
3 of 3
03/17/2013 01:43 PM