Companies are looking to VPLS network providers for some specific layer 2 capability.
At Network Union, we are conducting regular onsite VPLS (Virtual Private LAN Service) WAN procurement workshops providing more insight into the world of Enterprise network provider selection than ever before.
Although VPLS cannot really be considered a new global technology, there remains a fair amount of confusion surrounding why Enterprise businesses are selecting layer 2 Ethernet WAN technology.
On the flip side, the national and global Enterprise IT teams which understand VPLS technology and have a specific need, are looking for robust workflows to help with the selection of Ethernet MPLS and VPLS providers. Our WAN procurement Mindmap will help with both scenarios.
Fig 1. A VPLS WAN deployment, full mesh of layer 2.
A VPLS WAN is an evolution of the MPLS (Multi Protocol Label Switching) protocol suite
At each workshop we attend, our WAN consultant leaves the organisation with a questionnaire which helps us to understand where the gaps are within the businesses IT telecoms procurement knowledge - managed services and wires only. The results show that more than half of the IT staff attending our workshops are not totally sure what drives the need of the capability offered by VPLS providers and their solutions. We don't see this as a bad thing.
We’ve arrived at a layer 2 Ethernet VPLS architecture workflow within our BT & Masergy Global Business Partnership which offers our WAN clients the ability to align their specific requirements with the Global and UK market place. Its hallmarks are understanding the key vectors, risks and opportunities together with some specific areas where VPLS solutions align well with todays Enterprise business needs. We would have never arrived at our current design and proposal workflow without analysing and constantly researching our experience across managed services and connectivity business needs whether the result is a hybrid of solutions including services such as point to point Ethernet, IPSec, MPLS or VPLS VPN.
A quick MPLS refresher
Essentially, MPLS is mainly used as a traffic engineering protocol to engineer data flow over a service provider core network. In short, MPLS networks are built on LSPs (Label Switched Paths) which enable the overall process of route lookup to become more efficient (think less delay) together with the ability to control traffic flow. In some instances, carriers may prefer to route certain types of traffic over routes which may not be viewed as optimal by a routing protocol such as OSPF (Open Shortest Path First).
IT Managers commonly refer to private based layer 3 networks as ‘MPLS’ – the technical, lesser known, product name is VPRn (Virtual Private Routed Network). The promise of a VPLS network revolves around Ethernet services where the goal is ubiquity across your network from LAN across to the WAN. VPLS providers and their capability delivers on the promise of a single layer 2 network.
Fig 2. Your site, the customer edge with the Provider Edge and core Provider aggregation device.
The solutions of national and global layer 2 VPLS providers vs their traditional layer 3 MPLS VPN
The majority of businesses are using cloud based services. They have been for several years even though the hype would make us believe the cloud has really only launched over the last five.
Ethernet extension allows us to connect hardware and services directly into a LAN environment. Imagine a cloud based data centre as the central resource for all of your network users. As part of the overall architecture, your organisation may wish to also create another geographically separated data centre for resilience or simply to build out further capability. The VPLS business case allows companies to connect a device within the new data centre into the same LAN as the existing facility. The LAN is able to effectively expand services regardless of the location and appear to users as simply another service.
Solutions and Technology - MPLS vs VPLS
In addition to the whole MPLS vs VPLS WAN solutions debate, there exists a number of other layer 2 services comparison questions which are brought up at our workshops. The top vs questions are outlined below:
- MPLS vs VPLS
- VPLS vs Metro Ethernet / VLL (Virtual Leased Line)
- VPLS vs VPN (typically IPSec based VPN’s)
There is a fair amount of confusion regarding MPLS vs VPLS. The first thing to clear up is that we are actually not talking about two separate networks. We are in fact talking about VPRn and (Virtual Private Routed Network) and VPLS (Virtual Private LAN Service). These two technology acronyms are actually both based on MPLS (Multi Protocol Label Switching).
Whether you choose one service over the other or even a combination of both, largely depends on your business. This, perhaps, sounds obvious but when entering into discussions with service providers, you’ll soon be in a world of features and benefits where real business diagnostics takes a back seat. As I mentioned earlier, there are also other technology services to consider and many companies are now opting for a hybrid approach where metro ethernet, IPSec and VLL’s are able to serve locations based upon specific requirements.
VPLS Technology Fundamentals
VPLS offers clients any to any (mesh network) connectivity between office sites. The any to any connectivity is built using EVC’s (Ethernet Virtual Circuits or Channels) where by layer 2 connectivity is provisioned between each office site across the providers core network. Think of VPLS as an extension to MPLS as the EVC’s are built across core MPLS networks. In this sense, the easiest way to think about MPLS vs VPLS is straight forward – layer 2 and layer 3. The reason some organisations prefer layer 2 networks is because it’s easy to extend their LAN into the cloud or other sites. Think about connecting a device to your LAN and how simple entering these devices into the network has become. With a VPLS solution, you’re able to achieve the same simplicity but across a geographical area. In addition, adding more storage or virtual devices becomes easy for the same reason – the devices may exist on the same LAN regardless of location. Server clusters become available across multiple geographical areas providing the best possible WAN uptime architecture and design. Of course, we are making this sound very simple. The reality is that you must still perform due diligence and ensure you have sufficient bandwidth and the correct latency and jitter perimeters. When thinking about requirements, consider also whether you wish to manage your own network and the type of applications to transport. MPLS networks are more restrictive since the provider is dictating their own rules with regards to the layer 3 transport (routing etc). Layer 2 VPLS solutions are therefore an ideal choice if you wish to self manage.
VLL - Psuedowire
A VLL psuedowire (Virtual Leased Line) is a sub product of VPLS. They’re also known as p2p VPN circuits (Point to Point or Point to Multipoint). If you consider the traditional point to point (p2p VPN) as a dedicated fibre circuit, VLL’s again make use of MPLS core networks. Within the MPLS core network, a layer 2 virtual circuit is provisioned which forms a per customer simulated dedicated leased line. VLL’s are also provisioned as multiple point to multipoint variants providing more flexibility for hub and spoke type of topologies. Note that you may hear the term pseudowire circuits when providers discuss VLL’s. If you compare a VLL vs dedicated fibre, you’ll note that the latency is higher on a VLL because the traffic traverses a core MPLS network. The perceived VLL security is not as high when compared to dedicated fibre.
Fig 3. Pseudowire.
VLL’s are of course part of a private shared infrastructure. In the most part, VLL’s are typically fine from a security privacy perspective. But, if you’re a bank, government or financial institution, you will almost certainly want to go for dedicated fibre.
VPLS vs VPN using IPSec
This is a fairly common questions, MPLS or VPLS vs IPSec ISP connectivity. IPSec is associated with securing public Internet connections which operate at layer 3 of the OSI model. VPLS vs VPN using IPSec security is not really a comparable product other than ‘both’ services ship packets / traffic from one location to another. For reasons outlined within this article, layer 2 VPLS offers a communications capability over and above layer 3 routed networks.
IPSec VPN’s are mostly used for areas where you provider cannot provide connectivity or for requirements such as remote users. IPSec solutions for site to site communications are typically not selected by medium or large Enterprise business because of their complexity and also the fact traffic is routed over a public IP backbone. However, IPSec security (or SSL) still has it’s place where the requirements define a need.
Fig 4. A VPLS vs IPSec VPN.
A hybrid WAN architecture
The typical WAN is a combination of multiple products and capability. The Enterprise must meet the needs of global datacentres, remote users, extranet partners, offices and so forth. In this sense, the end proposal is rarely a single product or technology. Some locations will be better suited to layer 3 managed services, others will be better suited to LAN extension technology. How you connect your sites should be well aligned to your specific requirements.
VPLS QoS (Quality of Service)
As with layer 3 MPLS VPN, VPLS includes full support for QoS. The specific quantity of QoS setting varies per provider but generally ranges between 3 and 6 as a rule.
Expedited Forwarding - EF
EF QoS is where delay sensitive data applications such as voice and perhaps video reside. Any bandwidth must be set correctly as traffic above the designated value are dropped. This is clearly important for Voice traffic since the conversation would be poor if the EF setting were to be deployed incorrectly.
Assured Forwarding - AF
Where mission critical VPN applications reside such as Citrix. Bandwidth is not so critical in terms of a correct setting since VPN data packets over and above the set traffic threshold are simply remarked as basic.
Best Effort Be
All other default traffic is sent for Best Effort data treatment. Application traffic such as Email and Internet would be a good example here.
VPLS Resiliency and Redundancy
From the perspective of a service provider, VPLS redundancy is available with the usual layer3 MPLS VPN product capability. In short, providers such as BT offer a product which avoids any single point of failure, subject to survey. This means dual circuits will emerge from dual building access points, through to diverse local loop and Exchange sites with routing to diverse PE Provider Edge nodes.
We specialise in the capability of BT national and global VPLS Services and have extensive knowledge of their capability from an architecture and pricing perspective. If your organisation is looking to progress a BT VPLS proposal, please let us know and we’ll get started fast.
As with layer 3 MPLS VPN, VPLS providers will normally offer a based level of cloud based access. The capability is largely dependent on the VPLS cloud based access - ie. what back to back connectivity the VPLS provider has in place - a good example is Microsoft Azzure. Over and above standard offerings, interconnects often exist within datacentre hosting facilities allowing organisations to procure specific cloud offerings.
Switching at layer 2 has always been a little less complex that routing at layer 3, at least in my opinion. Networks at layer 2 avoid the complexity of routing and are therefore much more simplistic. More than simplicity, there are specific use cases of operating a LAN at layer 2. VPLS allows business to create a full mesh of layer 2 connectivity. Operating at layer 2 is ideal for self managed services and building our hosting facilities with resources for your users.
Data privacy - IPSec Internet Security across Virtual Private Networks
Article on Managed Services
BT VPLS - IP Connect - BT’s Global platform
Communications - Long form article on MPLS Network Procurement