l2tpv3 for l3vpn
TRANSCRIPT
HOME ABOUT CONTACT FAQ CALENDAR ADVERTISE SUPPORT THE SHOW FORUM IRC RSS
@PACKETPUSHERS
Using L2TPv3 for Layer 3 VPNs http://packetpushers.net/using-l2tpv3-for-layer-3-vpns/
1 of 3 03/17/2013 01:43 PM
TweetTweet
5
Using L2TPv3 for Layer 3 VPNs27 February 2012 by Jeff Loughridge 1 Comment
Deploying L3VPNs using MPLS is common in service provider and—more
recently—in enterprise environments. While not as widespread, using
L2TPv3 as the foundation for RFC2547bis-like VPNs is a viable alternative
that has its advantages. In this post, I’ll describe reasons for selecting L2TPv3
for L3VPN and highlight arguments against the protocol. I’ll refer to the
technology as MPLS/L2TPv3.
Here’s a quick technology refresher. In the context of L3VPNs, L2TPv3 tunneling is used
to build VPNs over a native IP network. Familiar MPLS/VPN concepts such as P|PE|CE
routers, VRFs, route targets, and route distinguishers carry over mostly intact. Rather
than using an outer label, the IP header in the L2TPv3-encapsulated packet directs
packets to the egress PE, where the session ID and cookie are used to de-multiplex
connections. The inner label encapsulates the customer IP packet the same way as in
traditional MPLS/VPN deployments.
MPLS/L2TPv3 is simple to configure and maintain. Since the core is native IP, label
distribution protocols aren’t needed. All MPLS configuration is performed on the PE
routers. PE to PE connectivity problems can be diagnosed with ping. If the ping fails,
your NOC will investigate an IP routing issue rather than examining label state in the
core.
The decoupling of the end-to-end LSP and L3VPN construction permits greater
flexibility. I can build an overlay L3VPN to any location that has vanilla IP connectivity.
In selecting service providers for my global locations, I am not tied to SPs that offer
Carrier-Serving-Carrier (CsC) or Inter-AS Option 3. Give me an IP pipe, and I can create
PE devices anywhere without resorting to questionably scalable GRE overlays.
Let’s look at two applications. Mobile network operators are moving toward IP/Ethernet
for cell site to aggregation point connectivity (known as backhaul in the industry).
Carrier Ethernet—though popular—is a poor match for offering commodity Internet
access to mobile subscribers (for more on this, see my article in Cisco’s IP Journal). A
better approach is using a native IP backhaul network. Since operators often require
address separation, MPLS/L2TPv3 is a natural fit. Providers can roll their own L3VPN
without interaction with the backhaul providers.
The second application I’ll mention is cloud/data center. I’m not the first person who has
pointed out scalability problems with segmenting the network using VLANs. Layer
3-centric architectures have superior scaling properties and discourage wide-area live
migration and other practices that scare us network engineers. The MPLS/VPN
architecture allows for segmentation at Layer 3. Of course, this could be accomplished
with an MPLS core or native IP one with L2TPv3. I’d argue that engineers should
consider L2TPv3 for the ability to construct L3VPNs without end-to-end LSPs. Think
about the ease in which you could connect data centers and various cloud types over
public and private networks.
I was involved in the deployment of MPLS/L2TPv3 at a major Tier 1 ISP. In this position, I
probably heard most arguments against L2TPv3. Let’s examine several of these.
L2TPv3 creates a vendor lock-in situation - MPLS/L2TPv3 definitely limits
your router vendor options. Cisco implements MPLS/L2TPv3. I believe Huawei may
as well. I’m convinced Juniper would implement MPLS/L2TPv3 if your spending
warranted.
“I already implemented MPLS for other reasons.” – Using MPLS/L2TPv3
probably doesn’t make sense if you already have MPLS in the core and are satisfied
with limitations that accompany the need for the end-to-end LSP. You could always
use GRE for the one-offs for which an LSP can’t be established.
Search this website… Search
March 26 @ 1PM EST...click to register.
JOIN THE SUPPORTERS LIST
Help us get show sponsors by
subscribing. We won't sell your address.
We will send you updates once in a
while.
Email Address*
First Name
Last Name
* = required field
Subscribe
FORUM
Show 140 – Introduction OpenStack
and Quantum Projects
Using L2TPv3 for Layer 3 VPNs http://packetpushers.net/using-l2tpv3-for-layer-3-vpns/
2 of 3 03/17/2013 01:43 PM
WHO IS GREG FERRO?
Greg Ferro is a Network
Engineer/Architect, mostly
focussed on Data Centre, Security
Infrastructure, and recently Virtualization.
He has over 20 years in IT, in wide range of
employers working as a freelance
consultant including Finance, Service
Providers and Online Companies. He is
CCIE#6920 and has a few ideas about the
world, but not enough to really count.
He is a host on the Packet Pushers Podcast,
blogger at EtherealMind.com and on Twitter
@etherealmind and Google Plus.
View My Blog Posts
WHO IS ETHAN BANKS?
Ethan Banks, CCIE #20655, is a
hands-on networking practitioner
who has designed, built and
maintained networks for higher education,
state government, financial institutions, and
technology corporations. Ethan is a host of
the Packet Pushers Podcast, which has seen
over one million unique downloads, and
today reaches a global audience of over ten
thousand listeners. Also a writer, Ethan
covers network engineering and the
networking industry for a variety of IT
publications. He is also the editor for the
independent community of bloggers at
PacketPushers.net. Follow @ecbanks.
View My Blog Posts
BLOG CATEGORIES
Book Review
Certification
Data Center
IPv6
Jobs
Load Balancing
Network Management
Routing
SDN (Software Defined Networking)
Security
Service Provider
Show News
Switching
Virtualization
Voice
WAN Optimization
Work Life
TOP 10 FOR 2 WEEKS
Cisco ASA Licensing Explained
Four Interview Questions I Have Asked
Network Engineering Candidates
Show 138 – HP’s Software-Defined
Networking (SDN) Strategy and Solution
How to Draw Clear L3 Logical Network
Diagrams
Tough Questions to Ask Network Vendors
When Evaluating Products
Vendor Certifications: A Career Jump
Starter
Extracting the Most Value From Network
Vendor Presentations
Cisco ASA 8.3+8.4 Hairpinning NAT
Configuration
Why Would a Vendor Care About Network
Field Day Events?
Why Is Cisco Bothering With “Open”
EIGRP?
RETURN TO TOP OF PAGE COPYRIGHT © THROPOS LTD ( A LIMITED COMPANY REGISTERED IN THE UK) 2008-2013 - CONTACT US FOR SPONSORSHIP AND
ADVERTISING.
Using L2TPv3 for Layer 3 VPNs http://packetpushers.net/using-l2tpv3-for-layer-3-vpns/
3 of 3 03/17/2013 01:43 PM