In the previous post, we have seen the configuration of Layer 3 VPN. here we will see how we can configure Layer 2 VPN.
As shown in the diagram, the CEs (R1 and R6) are connected to the PEs (R2 and R5). Both CE1 and CE2 are in the same subnet and configured with the ip address 10.1.1.1/24 and 10.1.1.6/24.
Layer 3 VPN requires the PE participating in the CE routing. Sometimes PE cannot support specific routing protocol as required by the customer or the CE devices may not be IP aware.
Also customer will have to involve the service provider if they want to do any routing changes.
Layer 2 VPN resolves this issue by providing a layer 2 connectivity between CEs, effectively providing a broadcast domain. Customer can run any routing protocol between the CEs and will be in full control of the routing.
Generally it's done by using AToM (Any transport over MPLS) or L2TPV3 (Layer 2 tunnelling protocol).
The key difference between both the methods is that AToM uses the MPLS as the transport while L2TPV3 uses IP.
Generally it's done by using AToM (Any transport over MPLS) or L2TPV3 (Layer 2 tunnelling protocol).
The key difference between both the methods is that AToM uses the MPLS as the transport while L2TPV3 uses IP.
Let's look at the below scenario and see how we can implement this. We will use AToM in our example.
We are already running MP-BGP in the core. and provide a single broadcast domain between the CEs.
Let's do the configuration step by step
First let's check if there is an LSP between the loopback IPs of the PEs
First let's check if there is an LSP between the loopback IPs of the PEs
Now we will configure CE1 and CE2 with basic IP addresses
On R2, we will configure "xconnect" command on the interface connecting to the CE R1.
The peer IP will be 5.5.5.5 which is the loopback IP on the R5.
The VC (Virtual circuit) id can be any number but it has to be the same on both the PEs. We will use 100 as the VC ID.
Our implementation uses MPLS for transport so we will use mpls as encapsulation. The l2tpv3 can be used when we want to use IP network as the transport.
We will apply similar config on R5
The VC (Virtual circuit) id can be any number but it has to be the same on both the PEs. We will use 100 as the VC ID.
Our implementation uses MPLS for transport so we will use mpls as encapsulation. The l2tpv3 can be used when we want to use IP network as the transport.
We will apply similar config on R5
If we check the mpls forwarding-table
it shows the label 205 associated with l2ckt (layer 2 circuit) with VC ID 100. There is no nexthop as it's layer 2 connection.
We can also verify that there is an active virtual circuit from R2 to R5.
Let's check the connectivity between CEs (R1 to R6)
The arp table on R1 shows the mac-address of R6's Ethernet interface.
Customer can also run any routing protocol between the CEs. Let's configure OSPF.
The OSPF adjacency has come up. Now customer can advertise prefixes and control the routing without involving service provider.
One limitation of using this method is that we can only create point to point tunnels using this method. If there are multiple locations and customer wants a single broadcast domain between them then we have to use "VPLS (Virtual Private LAN Service)" which we will discuss in future post.
We can also verify that there is an active virtual circuit from R2 to R5.
Let's check the connectivity between CEs (R1 to R6)
The arp table on R1 shows the mac-address of R6's Ethernet interface.
Customer can also run any routing protocol between the CEs. Let's configure OSPF.
The OSPF adjacency has come up. Now customer can advertise prefixes and control the routing without involving service provider.
One limitation of using this method is that we can only create point to point tunnels using this method. If there are multiple locations and customer wants a single broadcast domain between them then we have to use "VPLS (Virtual Private LAN Service)" which we will discuss in future post.
Nice post.Thanks for useful information.
ReplyDelete10webhostingservice
Very usefull. thanks
ReplyDeleteExcellent article. Very interesting to read. I really love to read such a nice article. Thanks! keep rocking. torrenting without vpn
ReplyDeleteI admire this article for the well-researched content and excellent wording. I got so involved in this material that I couldn’t stop reading. I am impressed with your work and skill. Thank you so much. discount spotify premium
ReplyDeleteI wanted to thank you for this excellent read!! I definitely loved every little bit of it. I have you bookmarked your site to check out the new stuff you post. anime torrents
ReplyDeleteThanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. setup vpn iphone
ReplyDeleteThis is my first visit to your web journal! We are a group of volunteers and new activities in the same specialty. Website gave us helpful data to work. VPN
ReplyDeleteThis blog helped me to understand the fact that even a simply written article can be best over thousands of other highly qualified no-meaning articles. So always keep in mind that use simple but accurate parameters for your blog.fast cargo to Pakistan
ReplyDeleteThanks for sharing this useful Content. Pak Direct Cargo offers the generally professional UK to Pak Cargo Service to the clients.
ReplyDeletecargo to pakistan
Fast cargo