Ethernet invasion continues

Nov. 1, 2001
Ethernet's future

Ethernet private-line service extends Ethernet from the local and metro space to the WAN.

STEVE VOGELSANG, Laurel Networks Inc.

Ethernet rules the LAN. Its simplicity and low cost have won over network administrators, making Ethernet the dominant transport method for local network traffic in corporations. This familiarity in corporate LANs led to the recent Ethernet invasion in MANs. Yet to date, no Ethernet-based contender has been able to dislodge the popularity of ATM and Frame Relay (FR) services for remote connectivity. That's about to change.

MPLS-enabled core routers or switches and new service edge routers make it possible to easily and cost-effectively extend Ethernet beyond the reach of local and metropolitan networks to remote sites. This new service, called Ethernet private line, promises to make Ethernet the technology of choice for both WANs and LANs.

Ethernet private-line service offers a number of advantages to both corporate customers and service providers. For corporations, the extension of Ethernet through the WAN leverages the investment in Ethernet equipment already in place. Ethernet can be offered in more granular fashion than FR and ATM service, meaning customers are not forced into major bandwidth leaps when they only want an incremental addition. Also, Ethernet private line can be "turned on" in software, dramatically reducing the time and cost typically associated with private-line service provisioning.

For service providers, Ethernet private line introduces a substantial new revenue opportunity as well as cost savings. Ethernet private line is offered over existing IP/MPLS networks, leveraging available IP capacity. The ease with which the service can be provisioned also benefits service providers, since they can more quickly offer service to customers with less initiation costs.

Ethernet private line is made possible by multiservice over MPLS, also called Layer 2 transport over MPLS, which allows service providers to consolidate existing data services such as FR and ATM onto a converged IP/MPLS backbone. This consolidation enables scaling of these profitable services beyond the capacity of the existing data service backbones, while reducing cost and complexity. Multiservice over MPLS enables what could be the most exciting application of MPLS to date-Ethernet private-line service-seamlessly extending Ethernet from the LAN through the WAN.
Figure 1. The network architecture to implement Ethernet private-line service across an IP/MPLS backbone is shown here. At each location, a service edge router is deployed in the service-provider point of presence, delivering a Gigabit Ethernet port directly to a customer.

The simplicity, high speed, and cost savings of Ethernet private-line service distinguish it from other attempts to extend Ethernet into the WAN. A pair of Internet drafts defines Ethernet private line. The first draft, "Transport of Layer 2 Frames Over MPLS" (, defines a signaling mechanism based on the MPLS label distribution protocol (LDP) that allows creation and status notification of Layer 2 transport connections. The second draft, "Encapsulation Methods for Transport of Layer 2 Frames Over MPLS" (, defines the encapsulation for various Layer 2 frames such as FR, Ethernet, ATM Adaptation Layer 5 (AAL5), and ATM cell mode.

The benefits of offering Ethernet private-line service over IP/MPLS backbones include:

  • Layer 2 simplicity with Layer 3 intelligence. The ability to transport Layer 2 Ethernet traffic over the IP/MPLS backbone enables service providers to make the most of Ethernet's simplicity and low cost while maintaining circuit-oriented intelligence. This intelligence provides quality of service, constraint-based routing, traffic engineering, mesh protection, fast restoration, policing, prioritization, and service-level management. With MPLS-enabled service edge routers, providers can plan any mesh or loop architecture that evolves and expands easily without reconsidering the entire network design.
  • Virtual LAN (VLAN) scalability. MPLS addresses the critical scaling limitation resulting from the system-wide limit of 4,096 802.1Q Ethernet VLANs while transparently maintaining 802.1Q interoperability. By replacing 802.1Q tags with MPLS labels, the number of unique identifiers is expanded to more than one million per device. Furthermore, 802.1Q tags become locally significant, allowing tag reuse at the network edge.
  • Service creation at the edge. Traditional data service provisioning models require a service provider to maintain connection state throughout the core network. In contrast, with Layer 2 services over MPLS, Ethernet connection state is maintained only at the edge of the network, with service creation at the edge and service transparency at the core. That significantly reduces administrative complexity.

How does MPLS enable Ethernet private-line service? Simply defined, MPLS is an efficient tunneling mechanism with an IP control plane. It allows the creation of tunnels, called label-switched paths (LSPs), across an IP backbone. The service edge router inserts packets into these tunnels by prepending one or more four-octet labels to the packet. Core MPLS devices, called label-switch routers (LSRs), forward these packets based solely on these labels.

MPLS tunnels require less overhead than IP-based tunnels (such as Layer 2 tunneling protocol (L2TP), generic routing encapsulation, and IP in IP). In addition, MPLS tunnels offer the same security as FR or ATM and are not as susceptible to denial of service attacks as IP-based tunnels.

The earliest application of MPLS was traffic engineering, applied to the core of service-provider networks. The normal hop-by-hop, destination-based forwarding mechanism employed by IP routers tend to cause high usage on certain network links, while other links remain relatively idle. MPLS was employed to give service providers greater control over the path IP traffic takes across the network. IP packets enter an MPLS tunnel near the edge of the network, and the service provider controls the path of each tunnel, enabling balanced usage on network links and increased overall efficiency.

Although traffic engineering is an important function in the network core, the edge of the network is where service providers reap the greatest benefits of MPLS technology. MPLS has two basic features that enable transport of a variety of data services, including Ethernet private line:

  • Protocol transparency. Once an edge router forwards a set of MPLS labels, core devices forward packets based only on these labels-not based on any field inside the original packet. As a result, MPLS is not limited to IP transport. It can carry any type of traffic, including frame relay, ATM, Ethernet, point-to-point protocol, and even TDM.
  • Hierarchical tunnels. MPLS tunnels are hierarchical, meaning that an MPLS tunnel can be inserted inside another tunnel by using the MPLS label-stacking mechanism. This capability gives service providers tremendous flexibility and scalability, since many tunnels can be aggregated into a relatively small set of tunnels in the network core. It also has service restoration benefits because a core-network failure results in fewer connections to reroute.

The network architecture to implement Ethernet private-line service across an IP/MPLS backbone is shown in Figure 1. At each location, a service edge router is deployed in the service-provider point of presence, delivering a Gigabit Ethernet (GbE) port directly to a customer. The service provider offers its customer a single Ethernet interface for multiple serv ices, including Internet access on one virtual LAN and other virtual LANs for Ethernet private-line service. To transport the Ethernet frames, the edge router prepends two MPLS labels to each Ethernet frame received from the customer.

The outer label, or tunnel label, defines the path across the MPLS network. All intermediate LSRs a-long the path forward packets based on the tunnel label. The inner label, or virtual connection (VC) label, associates the Ethernet frame with an outgoing port, enabling the service provider to support multiple Ethernet connections on the same tunnel.
Figure 2. Full-rate Gigabit Ethernet (GbE) refers to a customer who has purchased a full 1 Gbit/sec of access bandwidth on a full-duplex GbE link. In this case, an edge router permits up to 1 Gbit/sec of traffic from the customer.

Ethernet service is provisioned by choosing two Ethernet ports to connect on the edge routers, and by defining the MPLS tunnel that will be used to transport the Ethernet frames. Upon configuration, the edge router will bind a locally significant VC label to its Ethernet port and advertise this label to its peer edge router. These labels are exchanged using LDP running in extended discovery mode as defined in the Internet Engineering Task Force RFC 3036.

The VC label must be associated with an MPLS tunnel that connects the two edge routers. Although the VC labels are established using LDP, the tunnel may be established in a variety of manners such as LDP, resource reservation protocol-traffic engineering (RSVP-TE), or static configuration. The characteristics of the MPLS tunnel determine the level of service offered by the service provider.

How would a corporate customer use Ethernet private-line service? The first scenario is full-rate GbE (see Figure 2), which refers to a customer who has purchased a full 1 Gbit/sec of access bandwidth on a full-duplex GbE link. In this case, an edge router permits up to 1 Gbit/sec of traffic from the customer. As an option, the edge router may meter the incoming traffic rate (and limit outgoing traffic) against a provisioned service profile and mark or drop out-of-profile traffic. If traffic metering is enabled, the customer is responsible for ensuring that its most important traffic is delivered to the edge router in profile and therefore is not marked or dropped.

The second scenario is shown as any-rate GbE, which refers to a customer who has purchased less than 1 Gbit/sec of access bandwidth but still has a dedicated GbE access port. Unlike the previous case where metering and packet marking may be used to enforce a lower traffic rate, this approach restricts traffic to a lower rate based on the customer's requirement. The key difference is that transmission of traffic bursts in excess of the provisioned rate is buffered and delayed instead of being marked or dropped. Input buffering and input rate shaping are required for the GbE ports delivering any-rate GbE service.

The third deployment scenario uses tagged GbE. In this case, customer traffic is identified via 802.1Q virtual LAN tags. That is a very cost-effective way of reaching the customer with Ethernet, especially when front-ended with a low-cost Layer 2 Ethernet switch.

Service edge routers provide features necessary to offer advanced IP services, including packet classification, per-flow policing and metering, differentiated-service marking, per-logical interface queuing, and per-logical interface shaping. These same mechanisms can be used for Ethernet private-line service. The combination of these advanced features equips service providers with extremely robust and flexible services, including:

  • Differentiated-service marking on an IP/MPLS network. A service provider could map traffic to a set of service classes available for its network. Classification may be based on a combination of incoming logical interface, multifield classification, and metering. In addition, classification of traffic using border gateway protocol-4 (BGP-4) routing policy is a way to assign a service class to traffic based on its ultimate destination. Incoming packets are assigned to classes by marking them with a particular IP differentiated-service code point or MPLS exponential value. Subsequently, core routers or switches maintain these classes by means of strict priority queuing or weighted fair queuing.
  • Service-level management. Service providers must be able to offer the same service-level management for Ethernet private-line service as for FR and ATM networks. That includes these service-level agreement (SLA) parameters: frame delivery ratio, which is the number of Layer 2 frames delivered to the destination versus the number of frames offered; frame transfer delay, which is a measurement of delay between two service end points; and virtual circuit availability, which is counting the number of seconds of downtime per month.
  • Traffic protection. MPLS offers a number of ways to protect the integrity of traffic, such as secondary LSPs and fast reroute, which increase the reliability and robustness of services offered over an MPLS core. With these protection mechanisms, service providers can offer different levels of traffic protection and tie them to different SLA statements. For example, MPLS can reroute LSPs in less than 100 msec in the case of a core trunk or node failure, making the failure transparent to user traffic.

While Ethernet has been the standard for data connectivity in the LAN for many years, only recently has Ethernet become a viable technology in the MAN and WAN. SONET has been the Layer 1 technology of choice for most service providers. Layer 2 technologies such as FR and ATM have had success but can be expensive to maintain from a service-provider and customer perspective.

While Ethernet is an exciting service alternative for WAN connectivity, service providers considering this migration must assure the same or better customer experience as that found with current FR and ATM services. Ethernet private-line service using MPLS will allow service providers to deliver exceptional levels of performance, flexibility, and responsiveness to their customers.

Steve Vogelsang is vice president and co-founder of Laurel Networks (Pittsburgh). He can be reached via the company's Website,