Công nghệ chuyển mạch mpls layer 2 là gì ? định nghĩa và giải thích ý nghĩa

On EX8200 and EX4500 switches, you can use MPLS-basedLayer 2 and Layer 3 virtual private networks (VPNs) or MPLS Layer2 circuits, allowing you to securely connect geographically diversesites across an MPLS network. MPLS services can be used to connectvarious sites to a backbone network and to ensure better performancefor low-latency applications such as voice over IP (VoIP) and otherbusiness-critical functions.

Bạn đang xem: Công nghệ chuyển mạch mpls layer 2 là gì ? định nghĩa và giải thích ý nghĩa

Bạn đang xem: Mpls layer 2 là gì

A VPN uses a public telecommunications infrastructure, suchas the Internet, to provide remote offices or individual users withsecure access to their organization’s network. VPNs are designedto provide the same level of performance and security as privatelyowned or leased networks but without the attendant costs.

This topic describes:

MPLS-Based Layer 2 VPNs

In an MPLS-based Layer 2 VPN, traffic is forwarded by the customer’scustomer edge (CE) switch (or router) to the service provider’sprovider edge (PE) switch in a Layer 2 format. It is carried by MPLSover the service provider’s network and then converted backto Layer 2 format at the receiving site.

On a Layer 2 VPN, routing occurs on the customer’s switches,typically on the CE switch. The CE switch connected to a service provideron a Layer 2 VPN must select the appropriate circuit on which to sendtraffic. The PE switch receiving the traffic sends it across the serviceprovider’s network to the PE switch connected to the receivingsite. The PE switches do not store or process the customer’sroutes; the switches must be configured to send data to the appropriatetunnel.

For a Layer 2 VPN, customers must configure their own switchesto carry all Layer 3 traffic. The service provider must detect onlyhow much traffic the Layer 2 VPN will need to carry. The service provider’sswitches carry traffic between the customer’s sites using Layer2 VPN interfaces. The VPN topology is determined by policies configuredon the PE switches.

Customers must know only which VPN interfaces connect to whichof their own sites. Figure1 illustratesa full-mesh Layer 2 VPN in which each site has a VPN interface linkedto each of the other customer sites. In a full-mesh topology betweenall three sites, each site requires two logical interfaces (one foreach of the other CE routers or switches), although only one physicallink is needed to connect each PE switch to each CE router or switch.

Figure 1: Layer 2 VPN Connecting CE Switches
*

Layer 2 Circuits

A Layer 2 circuit is a point-to-point Layer 2 connection thatuses MPLS or another tunneling technology on the service provider’snetwork. A Layer 2 circuit is similar to a circuit cross-connect (CCC),except that multiple Layer 2 circuits can be transported over a singlelabel-switched path (LSP) tunnel between two provider edge (PE) switches.In contrast, each CCC requires a dedicated LSP.

The Junos OS implementation of Layer 2 circuits supports onlythe remote form of a Layer 2 circuit; that is, a connection from alocal customer edge (CE) switch to a remote CE switch.

Packets are sent to the remote CE switch by means of an egressvirtual private network (VPN) label advertised by the remote PE switch.The VPN label transits over either an RSVP or an LDP LSP (or othertype) tunnel to the remote PE switch connected to the remote CE switch.LDP is the signaling protocol used for advertising VPN labels.

Return traffic sent from the remote CE switch to the local CEswitch uses an ingress VPN label advertised by the local PE switch.

MPLS-Based Layer 3 VPNs

In a Layer3VPN, the routing occurs on the service provider’s routers. Therefore,Layer3 VPNs require more configuration on the part of the serviceprovider, because the service provider’s PE routers must storeand process the customer’s routes.

In the JunosOS, Layer3 VPNs are based on RFC 4364, BGP/MPLSIP Virtual Private Networks. This RFC defines a mechanismby which service providers can use their IP backbones to provide Layer3VPN services to their customers. The sites that make up a Layer3VPN are connected over a provider’s existing public Internetbackbone.

Xem thêm: Học Phí Trường Cao Đẳng Viễn Đông Mới Nhất, Học Phí Cao Đẳng Viễn Đông Mới Nhất

Customer networks,because they are private, can use either public addresses or privateaddresses, as defined in RFC1918, AddressAllocation for Private Internets. When customer networksthat use private addresses connect to the public Internet infrastructure,the private addresses might overlap with the private addresses usedby other network users. BGP/MPLS VPNs solve this problem by prefixinga VPN identifier to each address from a particular VPN site, therebycreating an address that is unique both within the VPN and withinthe public Internet.

In addition, each VPN has itsown VPN-specific routing table that contains the routing informationfor that VPN only. Two different VPNs can use overlapping addresses.Each route within a VPN is assigned an MPLS label (for example, MPLS-ARCH,MPLS-BGP, or MPLS-ENCAPS). When BGP distributes a VPN route, it alsodistributes an MPLS label for that route. Before a customer data packettravels across the service provider’s backbone, it is encapsulatedalong with the MPLS label that corresponds to the route within thecustomer’s VPN that is the best match based on the packet’sdestination address. This MPLS packet is further encapsulated withanother MPLS label or with an IP, so that it gets tunneled acrossthe backbone to the egress provider edge (PE) switch. Thus, the backbonecore switches do not need to know the VPN routes.

Comparing an MPLS-Based Layer 2 VPN and an MPLS-Based Layer 3 VPN

The differences between Layer 2 VPNsand Laer 3 VPNS are summarized in Table1

Table 1: Comparing an MPLS-Based Layer 2 VPN and an MPLS-Based Layer3 VPN

Layer 2 VPNLayer 3 VPN

Customer sites appear to be on the same LAN even if geographicallydispersed.

Service provider’s technical expertise ensures efficientsite-to-site routing.

Service providers can provide additional value-added servicesthrough network convergence that encompasses voice, video, and data.

The service provider does not require information about thecustomer’s network topology, policies, routing information,etc.

The customer has complete control over policies and routing.

Customers must share information about their network topology.

The service provider determines the policies and routing.

The customer’s CE switch must be configured to use BGPor OSPF to communicate with the service provider’s PE switchto carry IP prefixes across the network. Other protocol packets arenot supported.

Leave a Reply

Your email address will not be published. Required fields are marked *