MPLS and VPNs: A winning combination?

Accurate and comprehensive testing provides the answer to this question.

Ken Van Orman and Brad Whittington
Spirent Communications

As service providers (SPs) struggle to upgrade aging ATM backbones, many are considering Multi-Protocol Label Switching (MPLS) as a solution. MPLS backbones can provide a converged, traffic-engineered platform for value-added virtual private network (VPN) services. While MPLS is a relatively new technology, the promise of management and cost efficiencies for VPN services is sufficiently compelling to prompt decision makers to investigate which MPLS VPN variant or variants will best fit their needs.

MPLS VPN basics

There are three major variants of MPLS VPNs. In a Layer 3 VPN (based on the IETF RFC 2547bis draft), the customer connects an internal Internet Protocol (IP) network to the SP IP network and participates in routing at the edge. In a Layer 2 VPN, the customer connects an internal Layer 2 network to the SP access network and does not participate in routing. A Layer 2 point-to-point VPN is based on the two Martini drafts, named for primary author Luca Martini of Level 3 Communications. Virtual private LAN services (VPLS) VPNs are defined by the lasserre-vkompella IETF draft, which references the Martini drafts. Common to all is an MPLS-based core providing aggregation, tunneling, and scaling for VPN traffic.

There are at least two clear benefits of deploying an MPLS backbone (Figure 1). First, core routers (known as provider or "P" routers) do not connect to customer edge devices. A provider edge (PE) router connects customers to the provider network and maintains the VPN. As a result, P routers function purely as MPLS packet-forwarding devices and are removed from the internal workings of the VPN. The result is a scaleable and manageable core network implementation.

The second benefit is that an MPLS-based backbone can converge IP and other network services. MPLS supports label switching of native IP traffic in addition to VPN traffic, significantly reducing the costs associated with supporting separate network infrastructures by implementing a single converged network.

The primary difference between Layer 2 and Layer 3 VPNs is the requirement for routing in the customer-to-SP connection. Layer 2 implementations are Layer 3-protocol agnostic, whereas a Layer 3 MPLS VPN solution requires IP as a basic connectivity mechanism. As a result, the Layer 3 VPN is often sold to customers as a managed routing service, allowing enterprises to outsource routing management to the service provider, resulting in operational cost savings.

In a Layer 2 point-to-point service the customer is sold connectivity through frame relay, ATM, or Ethernet. These traditional Layer 2 circuits are translated by the ingress PE router into pseudowires, which carry traffic through the core between PE routers. A modified version of LDP that describes the characteristics of the pseudowire is used for signaling. To provide scalability, the pseudowires are aggregated and tunneled via traditional MPLS tunnels in the core network.

VPLS is a form of a Layer 2 VPN specialized for Ethernet services. It extends the corporate LAN over a wide area network through Ethernet bridging behavior provided by the PE routers. Remote offices or telecommuters appear as part of the corporate Ethernet broadcast domain. VPLS is more flexible compared to a point-to-point implementation and is more easily implemented and managed.

Deploying MPLS

As an SP plans for upgrading the infrastructure to next-generation routers/switches, evaluating MPLS as a backbone technology is recommended. This strategy allows SPs to consider newer switches with full MPLS capability. Further cost savings may be realized by SPs with IP core networks. This path may be less expensive and less difficult to migrate to MPLS than an ATM backbone because the network is likely built on routers that already support MPLS, therefore avoiding the costly forklift upgrade.

For either case, before deployment, service providers must rigorously qualify their network devices in the lab to determine whether they can deliver the quality of service and reliability that their customers require. Service providers using mixed-vendor networks have an additional need for interoperability testing (Figure 2).

The test cycle includes three steps: testing the protocol implementation, unit testing, and system testing. Testing begins with conformance and functional testing of all of the protocols used in the implementation. This step is used to expose glaring protocol issues and provide a high degree of confidence of interoperability among network elements. Unit testing of the individual network element types follows. In this step, each component undergoes performance testing of the control plane and data plane to determine product quality and stability under extreme network conditions. Capacity and profitability planning for the desired services also takes place during unit testing. Finally, a scaled-down network is constructed to test the overall interoperability, function, performance, and stability of the system.

While P routers must be rigorously tested (and also customer edge routers in a managed-service model), testing the PE router composes the bulk of the testing time and complexity. The PE devices are the workhorses for all three MPLS VPN flavors. PE routers must be tested for conformance to ensure they handle new protocol formatting, error cases, and message types correctly. In addition, functional testing is used to ensure that the services planned by the SP work properly. Layer 2 point-to-point implementations require testing of the appropriate Layer 2 functionality, such as frame relay, ATM, Ethernet, Ethernet VLAN, or PPP customer connections. Layer 3 VPNs require testing for customer connections using E-BGP, RIP, static routes, and OSPF. In the final stages of testing, performance-related scalability tests are conducted to determine the number of customer sites that can be supported per PE device.

Some service providers already have such tests underway. Some early deployments occurred in 2002. More ambitious large-scale deployments are planned for 2003.

The value proposition for implementing an MPLS solution is significant because it supports the convergence of networks based on ATM and IP. Just as compelling, traditional Layer 2 point-to-point VPNs can be supported over a scalable backbone while simultaneously offering new Layer 3 and VPLS VPN services. This allows service providers to increase the profitability of Layer 2 services while realizing growth through new value-added services, making MPLS-based VPNs a convincing solution.