Getting down to business - Layer 2 VPNs for commercial services
The ability to design and deploy a Virtual LAN Service over a simple Layer 2 VPN (L2VPN), whether utilizing fiber or HFC plant, can give the MSO a competitive advantage over other service providers.
By looking at the network requirements for popular commercial services, examining the available technologies, and comparing them against the characteristics of L2VPNs, it can be determined when this technology choice is a good fit. Highlighted is the implementation of a Layer 2 VPN over a hybrid fiber/coax (HFC) network.
Popular commercial services
By examining and segmenting the services that an MSO plans to offer, successful enabling technology choices can be narrowed down.
Internet access. There is no doubt that there is a significant demand for Internet access, usually categorized as high-speed data (HSD), as it makes up approximately 24 percent of all commercial services sold today. Offerings range from best effort connectivity, to managed services including domain names, e-mail, security, storage, and Web site hosting.
The basic requirement for an MSO to offer Internet access is connectivity–the ability to physically attach to the customer, whether with coax or fiber. On top of simply offering bandwidth, the service provider can add bandwidth guarantees, Quality of Service (QoS), and security features.
Figure 1: OSI model.
It is important to note that telco service providers typically offer data services over traditional OC-3, DS-3, DS-1, DS-0, dial-up, digital subscriber line (DSL), and integrated services digital network (ISDN). Sometimes, in order for an MSO to compete against an existing service offering, the same signal format has to be maintained because of customer-owned equipment interfaces.
Local and long distance data connectivity. Local and long distance LAN/WAN services, representing about 46 percent of total commercial service revenue, provide connectivity between customer facilities.
The basic requirement for LAN/WAN services is the ability to connect to all of the required customer facilities, and provide the required bandwidth, QoS and security.
With voice services making up approximately 30 percent of total commercial service spending, and technology advances enabling new equipment and architecture solutions, voice is an attractive and growing segment of the MSO service offering. Services include local and long distance telephone service, voice-over-Internet Protocol (VoIP), Centrex telephone service, and Private Branch Exchange (PBX) connectivity. The recent market for the backhaul of cell provider traffic has illustrated the reach and usefulness of the MSO’s facilities.
Providing voice services requires the basic ability to connect the customer facility, but might additionally require more backoffice and operations infrastructure. The “low-hanging fruit” will be customers that can be connected across existing infrastructure, leveraging the existing expertise of the MSO, like VoIP.
Using the Open System Interconnection (OSI) model as a guide (see Figure 1), the operator has many options for deploying customer networks. In order to create a private network, a service provider can simply keep the customer’s network physically separate from any other network at Layer 1, by dedicating fiber, coax, or twisted pair solely to that customer.
More commonly, the operator deploys a VPN with some enabling technology at either Layer 2 or Layer 3.
Note: Although there is no standard definition of a VPN, it is generally accepted that a VPN requires traffic separation, and implies security and QoS. In addition, a VPN also implies some amount of guaranteed bandwidth, or guaranteed packet delivery. VPNs are often marketed along with a Service Level Agreement (SLA) that spells out the individual VPN parameters.
What is a Layer 2 Virtual Private Network (L2VPN)? From a service provider perspective, Layer 2 VPNs offer tremendous advantages. Providers can use this technology to help consolidate multiple Layer 2 and Layer 3 networks into a single unified network infrastructure.
For example, a provider can continue to offer Frame Relay or ATM services to its customers, even though the traffic might not be carried by Frame or ATM networks.
From the customer’s perspective, Layer 2 VPNs are essentially transparent, and allow the individual customer implementation of preferred IP addressing schemes, terminal-to-terminal security protocols, etc.
There are other popular protocols that can be utilized to create a VPN:
L2TPv3: The Layer 2 Tunneling Protocol (L2TP) provides a dynamic mechanism for tunneling Layer 2 (L2) “circuits” across a packet-oriented data network (e.g., over IP). L2TP is capable of tunneling a number of Layer 2 protocols including Frame Relay Ethernet and ISDN.
Layer 3 VPN: MPLS Layer 3 VPNs use a peer-to-peer VPN model that leverages BGP to distribute VPN-related information. This peer-to-peer model allows the customer to rely on the service provider for any Layer 3 requirements, resulting in cost savings and a reduction in operational complexity for the customer.
Service providers can then offer value-added services like QoS and traffic engineering, and enable network convergence across voice, video and data services. MPLS Layer 3 VPNs can be deployed with traffic engineering (MPLS TE) and Fast Re-route to offer SLAs. QoS-based offerings vary from two to five classes of services.
Why choose a Layer 2 VPN?
Layer 2 VPNs are generally considered simpler to set up and operate than L2TPv3 tunnels. Additionally, a Layer 2 VPN offers some advantages over a Layer 3 VPN, such as:
1) A Layer 2 VPN flexibly accommodates non-IP verticals, such as Appletalk or Windows NetBIOS Extended User Interface (NetBEUI);
2) At Layer 2, the overhead to create the VPN is simply a VLAN tag and VPNID, as opposed to IP encapsulation at Layer 3;
3) L2VPN supports IPsec in transport mode, which produces lower packet overhead
4) IP address management remains a customer responsibility when providing a Layer 2 VPN.
Continued decreases in fiber optic equipment pricing and construction costs make fiber-based commercial service offerings attractive. From simple, point-to-point media converters to Multi-lambda, 10 Gig Metro Ethernet networks, fiber can satisfy just about every commercial opportunity. There are multiple technologies which can enable L2VPNs over fiber–from physically separate Layer 1/2 networks over fiber or DWDM, to Metro Ethernet or IP networks running IPsec, SSL, MPLS, or L2TPv3.
- Fiber construction for a 6-to-8 count fiber cable costs less than a typical HFC extension ($1.63/foot compared to approximately $2.12/foot for aerial);
- Customer perception of a fiber-based solution is very good (secure, physically separate, etc.);
- It can leverage existing HSD operations and IP protocols for advanced features (QoS and SLA-based services);
- Virtually unlimited bandwidth when WDM is deployed;
- Leverages technologies developed for other industries (telco, enterprise, etc.)
- Fewer active devices mean higher reliability, and lower maintenance costs.
- The nearest fiber splice