l2tpv3 for l3vpn

HOME ABOUT CONTACT FAQ CALENDAR ADVERTISE SUPPORT THE SHOW FORUM IRC RSS

@PACKETPUSHERS

Using L2TPv3 for Layer 3 VPNs http://packetpushers.net/using-l2tpv3-for-layer-3-vpns/

1 of 3 03/17/2013 01:43 PM

TweetTweet

5

Using L2TPv3 for Layer 3 VPNs27 February 2012 by Jeff Loughridge 1 Comment

Deploying L3VPNs using MPLS is common in service provider and—more

recently—in enterprise environments. While not as widespread, using

L2TPv3 as the foundation for RFC2547bis-like VPNs is a viable alternative

that has its advantages. In this post, I’ll describe reasons for selecting L2TPv3

for L3VPN and highlight arguments against the protocol. I’ll refer to the

technology as MPLS/L2TPv3.

Here’s a quick technology refresher. In the context of L3VPNs, L2TPv3 tunneling is used

to build VPNs over a native IP network. Familiar MPLS/VPN concepts such as P|PE|CE

routers, VRFs, route targets, and route distinguishers carry over mostly intact. Rather

than using an outer label, the IP header in the L2TPv3-encapsulated packet directs

packets to the egress PE, where the session ID and cookie are used to de-multiplex

connections. The inner label encapsulates the customer IP packet the same way as in

traditional MPLS/VPN deployments.

MPLS/L2TPv3 is simple to configure and maintain. Since the core is native IP, label

distribution protocols aren’t needed. All MPLS configuration is performed on the PE

routers. PE to PE connectivity problems can be diagnosed with ping. If the ping fails,

your NOC will investigate an IP routing issue rather than examining label state in the

core.

The decoupling of the end-to-end LSP and L3VPN construction permits greater

flexibility. I can build an overlay L3VPN to any location that has vanilla IP connectivity.

In selecting service providers for my global locations, I am not tied to SPs that offer

Carrier-Serving-Carrier (CsC) or Inter-AS Option 3. Give me an IP pipe, and I can create

PE devices anywhere without resorting to questionably scalable GRE overlays.

Let’s look at two applications. Mobile network operators are moving toward IP/Ethernet

for cell site to aggregation point connectivity (known as backhaul in the industry).

Carrier Ethernet—though popular—is a poor match for offering commodity Internet

access to mobile subscribers (for more on this, see my article in Cisco’s IP Journal). A

better approach is using a native IP backhaul network. Since operators often require

address separation, MPLS/L2TPv3 is a natural fit. Providers can roll their own L3VPN

without interaction with the backhaul providers.

The second application I’ll mention is cloud/data center. I’m not the first person who has

pointed out scalability problems with segmenting the network using VLANs. Layer

3-centric architectures have superior scaling properties and discourage wide-area live

migration and other practices that scare us network engineers. The MPLS/VPN

architecture allows for segmentation at Layer 3. Of course, this could be accomplished

with an MPLS core or native IP one with L2TPv3. I’d argue that engineers should

consider L2TPv3 for the ability to construct L3VPNs without end-to-end LSPs. Think

about the ease in which you could connect data centers and various cloud types over

public and private networks.

I was involved in the deployment of MPLS/L2TPv3 at a major Tier 1 ISP. In this position, I

probably heard most arguments against L2TPv3. Let’s examine several of these.

L2TPv3 creates a vendor lock-in situation - MPLS/L2TPv3 definitely limits

your router vendor options. Cisco implements MPLS/L2TPv3. I believe Huawei may

as well. I’m convinced Juniper would implement MPLS/L2TPv3 if your spending

warranted.

“I already implemented MPLS for other reasons.” – Using MPLS/L2TPv3

probably doesn’t make sense if you already have MPLS in the core and are satisfied

with limitations that accompany the need for the end-to-end LSP. You could always

use GRE for the one-offs for which an LSP can’t be established.

Search this website… Search

March 26 @ 1PM EST...click to register.

JOIN THE SUPPORTERS LIST

Help us get show sponsors by

subscribing. We won't sell your address.

We will send you updates once in a

while.

Email Address*

First Name

Last Name

* = required field

Subscribe

FORUM

Show 140 – Introduction OpenStack

and Quantum Projects


2 of 3 03/17/2013 01:43 PM

WHO IS GREG FERRO?

Greg Ferro is a Network

Engineer/Architect, mostly

focussed on Data Centre, Security

Infrastructure, and recently Virtualization.

He has over 20 years in IT, in wide range of

employers working as a freelance

consultant including Finance, Service

Providers and Online Companies. He is

CCIE#6920 and has a few ideas about the

world, but not enough to really count.

He is a host on the Packet Pushers Podcast,

blogger at EtherealMind.com and on Twitter

@etherealmind and Google Plus.

View My Blog Posts

WHO IS ETHAN BANKS?

Ethan Banks, CCIE #20655, is a

hands-on networking practitioner

who has designed, built and

maintained networks for higher education,

state government, financial institutions, and

technology corporations. Ethan is a host of

the Packet Pushers Podcast, which has seen

over one million unique downloads, and

today reaches a global audience of over ten

thousand listeners. Also a writer, Ethan

covers network engineering and the

networking industry for a variety of IT

publications. He is also the editor for the

independent community of bloggers at

PacketPushers.net. Follow @ecbanks.

View My Blog Posts

BLOG CATEGORIES

Book Review

Certification

Data Center

IPv6

Jobs

Load Balancing

Network Management

Routing

SDN (Software Defined Networking)

Security

Service Provider

Show News

Switching

Virtualization

Voice

WAN Optimization

Work Life

TOP 10 FOR 2 WEEKS

Cisco ASA Licensing Explained

Four Interview Questions I Have Asked

Network Engineering Candidates

Show 138 – HP’s Software-Defined

Networking (SDN) Strategy and Solution

How to Draw Clear L3 Logical Network

Diagrams

Tough Questions to Ask Network Vendors

When Evaluating Products

Vendor Certifications: A Career Jump

Starter

Extracting the Most Value From Network

Vendor Presentations

Cisco ASA 8.3+8.4 Hairpinning NAT

Configuration

Why Would a Vendor Care About Network

Field Day Events?

Why Is Cisco Bothering With “Open”

EIGRP?

RETURN TO TOP OF PAGE COPYRIGHT © THROPOS LTD ( A LIMITED COMPANY REGISTERED IN THE UK) 2008-2013 - CONTACT US FOR SPONSORSHIP AND

ADVERTISING.


3 of 3 03/17/2013 01:43 PM

l2tpv3 for l3vpn

Documents