Solved

L2VPN/ L3VPN /GETVPN/DMVPN/MPLSVPN

Posted on 2014-04-08
3
3,390 Views
Last Modified: 2014-04-09
I would like to know what is the difference between the following VPN solutions:

L2VPN/ L3VPN /GETVPN/DMVPN/MPLSVPN

Thank you
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
Hassan Besher earned 500 total points
ID: 39986621
We have 2 types, L2 and L3 MPLS VPN's. L3 VPN named MPLS/BGP L3 VPN and this is the most common type of MPLS VPN.
 
For Metro Ethernet we can use MPLS L2 VPN. MPLS L2 VPN is a great topic, much harder that MPLS L3 VPN. All the time when I'm teaching MPLS VPN's I'm starting with L3 VPN's.
 
L2 VPN's are divided in 2 main categories: VPWS (Virtual Private Wire Service) also known as point-to-point VLL (virtual leased line) VPNs and VPLS (Virtual Private Lan Service) point-to-multipoint service.
 
From VPWS historically speaking we have:
 
- VLL in CCC mode - circuit cross connect
In this type of VPN you don't have a inner label for customer service. You have only the outer label and this label is manually allocated by the operator when building the VPN.
 
- SVC - static virtual circuit this can be called simplified Martini Mode
In this mode you have 2 labels, one for LSP announced by LDP and one inner configured by the operator. The inner label defines the Virtual Circuit thus the customer Service.
 
- VLL in Martini mode also known as EoMPLS service - this mode complies with draft-martini-l2circuit-mpls
In Martini mode, the VC type and the VC ID are used to identify a VC between two CEs. You will need extended remote LDP sessions between PEs to transmit the VC message. To transmit the VC message, an FEC is added with the type as 128.
I want to notice here the presence of PWE3 (Pseudo-Wire Emulation Edge to Edge). VLL in Martinit Mode is a subset of PWE3 technology. PWE3 adopts the same signaling process as VLL in Martini mode but adds some new extensions on data plane and control plane thus is more advanced and used today.
 
- VLL in Kompella mode
This mode adopts the MP-BGP as the signaling protocol for inner label.
This mode also adopts the RD and RT for transmitting the VC information and adopts the label block mode to assign the label to VC's.
 
VPLS is the point-to-multipoint service and you can think that you service provider appears as a big L2 switch from the customer point of view.
Depends on the network scale you can have simple VPLS or hierarchical VPLS. In VPLS the you adopt LDP as signaling protocol or MP-BGP.
 
The LDP mode is preferable when the number of VPLS sites is relatively small and the VPLS network seldom or never traverses multiple domains, especially in the case that BGP is not run on PEs.
 
The BGP mode is applicable at the core layer of a large-scale network in the case that BGP is run on PEs and cross-domain is required.
If the scale of a VPLS network is large (a great number of nodes or a wide geographical range), you can use hierarchical VPLS (HVPLS) that combines the two modes. In HVPLS, the core layer uses the BGP mode and the access layer uses the LDP mode.

https://www.google.com.eg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&uact=8&ved=0CE4QFjAE&url=https%3A%2F%2Fwww.isoc.org%2Fpubs%2Fguest%2FComMag_June04_Knight.pdf&ei=yydEU_ChNZCqhQeX3oBg&usg=AFQjCNFyGNt_OInCjYK61aRwQfPIfW4IsA


http://www.ccie1.com/getvpn-over-dmvpn/
0
 

Author Comment

by:jskfan
ID: 39987294
if I understand :

GETVPN  is like the classic (IPSEC VPN with GRE Tunnel), however GETVPN is Tunnel-less and does not use GRE. Spokes still connect to the HUB(Key Server) and authenticate to get a Key, after they get initial key then they can talk to each other "without going through the HUB", in reality they do go through the HUB, but no chatting with the HUB since they already they have the appropriate key to talk to other spokes. I believe there is life time to the key, after it expires, spokes renew their key with the HUB

DMVPN  is like IPSEC VPN with GRE Tunnel , however it uses point to multipoint instead of point to point..In DMVPN , we create Multipoint GRE Tunnel interface on the HUB, and create Tunnel Key, we can use Routing protocol on the HUB(EIGRP or OSPF,etc…) the Spokes will register with the HUB.
on the spokes will create Tunnel interfaces and a Key that matches the key on the HUB.
The traffic can be encrypted with IPSEC


GETVPN and DMVPN sound like they have a lot of similarities other than that:
GETVPN is Tunnel-less and is point-to-point does not use GRE and DMVPN use GRE Tunnel and is Point-To-Multipoint.

I still do not understand why GETVPN is considered point-to-point and DMVPN is considered point-to-multipoint.
in some Docs, they say " DMVPN is designed to secure traffic over the Internet, and GETVPN is designed to secure traffic over WAN (i.e. MPLS VPN)"… Actually I though GETVPN is also used over the internet.


MPLS VPN =sounds to me like GETVPN inside MPLS… The first Customer Edge Router
receives data from customer1 and puts it in the appropriate VRF that corresponds to Customer1 then transfers that data to the destined Customer2 going through Customer Edge Router facing Customer2. I believe the routers in the middle will just forward data and cannot read it since it is in different VRF. I may need to know if I am correct on the MPLS VPN explanation.

 
L2VPN and L3VPN, I believe are MPLS technology….I cannot tell how different they are when compared to the VPNs mention above…and in which case they would use them instead of the other VPNs cited above.
0
 

Author Closing Comment

by:jskfan
ID: 39989622
Thank you
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question