Layer 2 and Layer 3 VPNs
Traditional Layer 2 VPNs
VPNs emerged as a significant service with the advent of Frame Relay in the early 1990s. Beyond offering customers simple connectivity, service providers have been able to create Frame Relay-based Layer 2 VPN services through the use of permanent virtual circuits (PVCs). In configuring PVCs, network operators establish the data link connection identifiers (DLCIs) associated with different access devices, creating a tunnel for customer traffic to follow a predetermined path. Frame Relay has proven attractive because it logically partitions traffic at Layer 2 and provides capabilities equivalent to leased lines - but at a much lower cost. With its ability to support a variety of protocols, such as IP, Novell Internetwork Packet Exchange (IPX), and IBM Systems Network Architecture (SNA), Frame Relay became popular for LAN-to-LAN connections and is widely used for intranet communications. More recently, service providers began offering ATM-based VPN services as a higher-speed alternative to Frame Relay. Today, many offer Layer 2-based VPNs using Frame Relay, ATM, or combinations of the two. Despite its benefits, Frame Relay doesn't lend itself to an open extranet model, so it isn't appropriate for supply chain or enterprise-to-partner communications. Likewise, it isn't a cost-effective solution for remote users. ISPs have taken advantage of L2TPv3 and its predecessor, L2F, to build VPNs that transparently aggregate their customers into their networks. These L2TP-based VPNs allowed service providers (ILECs and IXCs) to provide wholesale dial and DSL services to ISPs). ISPs, on the other hand, were able to offer global service without needing their own infrastructure.Layer 3 VPNs
In Layer 3 VPNs, the service provider furnishes a leased line connection between a customer and the nearest POP on the service provider's network. Currently, the most commonly deployed IP-based VPN technologies are IP Security (IPsec)- and MPLS Border Gateway Protocol (BGP)-based VPNs. These technologies can accommodate intranet, extranet, and Internet access applications, addressing an enterprise's need to interconnect geographically dispersed sites securely or privately. IP-based VPNs enable enterprises to take advantage of the flexibility and ubiquity of the Internet and service providers' IP-based backbones for secure any-site-to-any-site communication. They allow enterprises to use a common transport line for both Internet access and site-to-site communication more efficiently - a step toward simplifying wide-area communications. The main drawbacks of IP-based VPNs are that they support IP only and require a Layer 3 infrastructure. Customers with enterprise protocols, such as SNA, continue to look to Layer 2 VPNs to carry this type of traffic. Likewise, enterprises that wish to maintain control over their routing prefer Layer 2 VPNs.The Best of Both Worlds
The historical disconnect between legacy Layer 2 and IP-based Layer 3 VPN solutions has forced service providers to build, operate, and maintain separate infrastructures to accommodate various VPN access technologies. However, this costly proposition is no longer necessary As part of its new Unified VPN Suite, Cisco Systems now offers next-generation Layer 2 VPN services like Layer 2 Tunneling Protocol version 3 (L2TPv3) and Any Transport over MPLS (AToM) that enable service providers to offer Frame Relay, ATM, Ethernet, and leased line services over a common IP/MPLS core network. By unifying multiple network layers and providing an integrated set of software services and management tools over this infrastructure, the Suite enables service providers to reach a broader set of potential VPN customers and offer truly global VPNs. Jenny Carless is a freelance writer based in Santa Cruz, CA.Ray Irani, Technology Marketing Engineer with Cisco Systems can be reached at rirani@cisco.com
