A multi-layered approach to VPNs: layer 3 VPNs may be grabbing all the headlines but there's still a place for good old-fashioned ATM and frame relay - The Carrier/Corporate Relationship

Telecommunications International, Sept, 2002 by Leonard Berkoski

The hype surrounding Layer 3 VPNs has led to some confusion as to the role of Layer 2 VPN technologies and, in some quarters, has cast doubt on whether there is any need at all for legacy equipment. However, as long as there are customers who want ATM and frame relay connections--and, more importantly, who wish to maintain autonomy over their corporate networks--there will be a strong business case for Layer 2 VPNs. What's needed is an evolutionary approach, where Layer 2 and Layer 3 VPN services--supporting both legacy and new pure IP-based networking services--can both be delivered over a common backbone.

IP routing technology is increasingly being deployed in the core network as a way to minimise investment in 'legacy' ATM, frame relay, and SDH equipment, and to reduce costs by minimising the number of technology layers deployed in the network. In the longer term, it's possible that only the IP and optical switching layers will remain, and the SONET/SDH and ATM layers will disappear.

However, market preferences and technological limitations in the 'first mile' (or 'last mile', depending on your viewpoint) mean that, for the foreseeable future, legacy ATM and frame relay services will still be provisioned. Therefore, operators and service providers need technologies that enable the deployment of these legacy services over a multi-service packet infrastructure. The big challenge is to provide an IP-based solution that enables the necessary migration while maintaining the carrier-class quality of service expected of the care network.

In recent years, IP virtual private network (IP VPN) services have grown in importance, but these are oriented toward IP-only traffic. Given that legacy frame relay and ATM services often carry non-IP traffic--IPX, Appletalk, or even AAL2 encoded voice--an evolution of VPN technology, known as Layer 2 VPN (L2VPN), is rapidly becoming a priority requirement for service provider edge routers.

Layer 2 VPNs offer a way to migrate towards an IP core, while minimising the near-term effects on established customers. Standardisation work for Layer 2 VPNs has only just begun, yet equipment vendors are coming under some pressure to provide working solutions, and same have already begun offering the functionality in their products, even though requirements and standards may change during the development cycle. It is difficult to determine at this stage which of the implementations will become the standard.

[Note: The terms 'Layer 2 VPN' and 'L2VPN' are used generically to denote the work being done within the Internet Engineering Task Force Provider-Provisioned VPN (IETF PPVPN) and Pseudo Wire Emulation Edge to Edge (PWE3) Working Groups to standardise the transport of Layer 2 frames over IP networks.]

The rise of IP VPNs

VPNs have long been the preferred solution for enterprises to link geographically dispersed sites into a corporate network. VPNs use a shared public network infrastructure, which is typically owned by an operator or service provider. The 'original' VPN services were implemented using frame relay or ATM networks, which allowed virtual leased line services to connect multiple customer sites.

IP VPNs extend the traditional VPN concept into the IP world, using the public internet to provision VPN services. Early examples of IP VPNs were based on customer premises equipment (CPE), where enterprise routers or dedicated VPN equipment were used to implement tunnel-based VPNs across standard internet connections. This approach offered extremely secure VPN implementations, but also involved high equipment and operating costs since all provisioning had to be done locally.

In response, a new breed of VPN was developed: the network-based IP VPN. Here, the 'intelligence' of the VPN moved from the CPE to the network itself and so reduced the need to install and manage complex on-site equipment. The equipment is owned and administered by the service provider at the edge of its network.

Network-based IP VPNs are also referred to as provider-provisioned VPNs (PPVPNs)--a term coined by the IETF working group that is developing open standards for VPNs.

IP VPNs offer all the benefits of IP, including 'any-to-any' connectivity and ease of access at a lower cost than the alternatives. The flexible nature of IP makes it ideal for supporting the increasing range of convergent applications designed for delivery over broadband networks.

In addition to major cost savings compared with CPE-based solutions, the benefits of network-based IP VPNs include easy scalability, support for an increasingly diverse range of IP-based services and efficient prioritisation of traffic through new QoS techniques. These enable support not only for data applications and intranet access, but also for real-time video, videoconferencing and ultimately, voice over IP. IP VPNs also provide the foundation to integrate fixed and mobile VPN communications into one, seamless framework, thereby supporting remote workers more effectively.

What role does MPLS play?