Customer interest in carrier Ethernet services is growing. With its simplicity, established knowledge base among engineers, and low cost per megabit, Ethernet WAN services are the next logical step for WAN access. Carriers are rushing to upgrade their networks to provide Ethernet access globally.
My network uses a lot of WAN Ethernet. All of our sites in the US use it for access to the L3VPN MPLS cloud from our service provider. This has proven to be a great technology for us. However, in our case, WAN Ethernet is just the access circuit to the MPLS cloud. We peer eBGP over these WAN Ethernet circuits to the provider's PER. I have discussed my affection for BGP previously and how it's allowed us to scale our network and utilize enhanced routing features.
But many of the carriers are positioning WAN Ethernet not as an access option to their L3VPN MPLS clouds, but as a VPLS solution. VPLS provides Layer-2 connectivity between customer sites, not Layer-3 access. While the connectivity is still any-to-any (multipoint) as L3VPN MPLS is, it is one layer lower in the OSI model. Many carriers are providing VPLS via their existing MPLS backbone. But, I also had an interesting discussion with a carrier recently that is considering an all Ethernet backbone for their future generation network. This would be Ethernet supporting Ethernet without a L3VPN MPLS option.
In a VPLS service, customers don't peer routing protocols with the carrier, but directly between their own routers over the Layer-2 multi-access VPLS network. This is just like any Ethernet LAN you have today. While it may be over thousands of miles, as far as the routers are concerned, it's just a LAN. This makes BGP a much more difficult routing protocol to use since it relies on static neighbors generally in a point-to-point environment. Furthermore, since there is no routing protocol peering to external organizations (in MPLS' case a service provider) customers can continue to run an IGP - most likely OSPF or EIGRP. OSPF and EIGRP form neighbors automatically and are suited for multi-access LANs.
But this introduces an interesting routing protocol scalability problem. In reading books and best practice guides, I've learned to keep the number of OSPF or EIGRP neighbors on a single LAN segment to 20 or less (preferably toward less). But how do you do this in a VPLS environment when you have hundreds of remote field sites (like banks and restaurants do)? All of those sites cannot be on the same Layer-2 domain since the routing protocols could not handle all the neighbors. Yes, you could segment the network into islands of 10-20 sites, but then you lose the any-to-any capabilities that VPLS provides. Traffic must route through hub sites that have the bandwidth size to handle not only traffic destined to the hub, but also site-to-site traffic. Plus, how do you configure OSPF areas or EIGRP summarization correctly in this case? The last thing you want is to configure your routing protocol to turn VPLS into a frame-relay style network with all traffic routing through a hub site.
VPLS looks like a great technology for a small number of sites, but I'm concerned about how routing protocols would scale to handle it. To make VPLS a viable revenue service, carriers must be able to sell it to large enterprises as a viable option to L3VPN MPLS. However, customers are getting very used to the routing control and capabilities L3VPNs and MPLS provide. I just have a feeling they won't realize how much they like these features until they're gone.
I'm interested to see how this will work out and thoughts and solution you may have.
Advertisement: |
Michael Morris is a communications engineering manager at a $3-billion high-tech company. His background is in enterprise WANs working with telcos and developing large-scale routing designs. He has worked on networks at government and corporate organizations, including networks at two Fortune 10 companies. In his current role, he leads a team of 10 engineers responsible for large-scale IT networking projects and architectural standards for data networks, storage area networks, IP telephony, contact centers, and security. Michael is CCIE #11733 and recently became one of the first three Cisco Certified Design Experts (CCDE) ever (#20080002). He has 11 years experience in networking and communications, including four years as a paratrooper in the U.S. Army. He has a bachelor's degree in MIS from the University at Buffalo and is working on his MBA from NC State University. In 2008, he was awarded the Network Professional Association (NPA) Professional Excellence and Innovation Award for his work on network architecture, templates and enterprise MPLS design.
The Leader in Network Knowledge
VPLS Advantages/Disadvantages
Michael,
Our VPLS domain includes 17 locations and we run EIGRP over it. I agree that this would not scale well over 30 sites or so. EIGRP and native multicast support were the drivers for our selection of VPLS. Only one of my company's L3 MPLS WAN providers supports multicast. While we could have adapted our multicast environment to support a non-multicast enabled area, we found it easier to go with VPLS and run multicast over it natively.
One caveat to VPLS+multicast is relative site bandwidth. Some of our locations are connected at DS-3 speed, while others are as slow as a single T1. With PIM SM enabled, multicast traffic is delivered to all sites whether there is a multicast listener or not. In our case, this traffic shows up on the access interface, but not the bridging interface. We found it necessary to disable PIM on the VPLS interfaces of slow locations and build a one-hop GRE tunnel with PIM SM enabled to work around this issue.
From the customer perspective, I see VPLS as a targeted solution for a small set of locations with similar access bandwidth. I don't see it as a good solution for a restaurant or bank branch environment, unless it was overlaid with DMVPN or another tunneling technology.
Jeremy
VPLS + bank branches
Hi,
I'm in the midsts of putting together an RFP for a bank, and was seriously considering requesting an VPLS network from the Telco such that the IT staff of the branch could control VLAN trunking across the infrastructure, not to mention routing.
We have no plans to implement Multicasting. Is VPLS still a bad idea? Why so? And yes our branches would have varying degrees of bandwidths (from 1 Mbit to 10 Mbits, and Data Centres at 100Mbit to 300Mbits).
Thanks in advance,
Adeptus
RE: VPLS + bank branches
Hi Adeptus,
The intent of my blog was to discuss a issue I've been thinking about - hence the title "Wondering". I don't want to discount VPLS because it may fit your needs. I wanted to bring up an issue I see with it. It is a very enticing service - Ethernet, large BW, etc. It's just needs a good network design up front because it introduces new issues.
I would ask carriers in your RFP for their recommendations on how to implement routing protocols with their VPLS service. The quality of their response to your question could be a decision point for the RFP.
Mike
Wondering About VPLS and Routing Protocols
Your thoughts with regard to VPLS are very good indeed. I came upon your article because we are planning a migration to VPLS from point to point T1's. We will have one VPLS vendor and use VPN as our backup WAN connectivity. Below I've listed some of the considerations with regard to this transition and would appreciate any input you might have.
1. VPN backup will be GRE tunnels through PTP VPN with routing protocol to dynamically update tables.
2. We're going to use OSPF as our internal routing protocol.
Considerations
- Area 0 will be used on WAN interfaces as all inter-area traffic will need to pass through
- Area 0 will also need to be configured for GRE interfaces as they will also act as WAN interfaces.
- All remote sites will have individual area
- DR/BDR will be primary site WAN router / DR site WAN router
- Metrics will need to be reviewed to ensure VPLS is primary path and VPN secondary path
- Internet/default gateway will need to be made available to all sites as alternative to local access.