Layer 2 VPNs have been in our lives for a few decades now. Whatever the underlying technology used (VPLS, VPWS etc.), it is always based on a group of customer premises equipment (CPE) devices connected over fiber to an underlying MPLS/IP backbone via a group of Provider Edge (PE) routers. These work as adaptation functions that tunnel emulated Ethernet services (also referred to as Ethernet Pseudowires) across the MPLS/IP backbone.
There are various well known Ethernet services defined by the MEF: E-LINE, E-LAN, E-TREE etc. Each one emulates a different L2 functionality and fits a different use case.
Carrier Ethernet services still major revenue generators
Despite the hype over recent developments related to SDN/NFV/SD-WAN and so on, Carrier Ethernet is still a major source of revenue for CSPs. It is also the motivation for much of the recent developments and MEF definitions. This is a mature market, yet it clearly keeps growing.
In addition, this market is being challenged from many directions. Looking at the service provider’s competitive landscape, we see small city carriers appear and disappear, trying to bring in low cost services. Competition is fierce over each customer, existing or new, which is partly why prices-per-byte are in decline.
With a large variety of alternatives, customers are demanding instant connectivity, and many alternative OTT service providers (Amazon, Google, Facebook…) also take their (large) share of the overall revenue pie.
So, how can service providers improve their ability to compete? The answer to that is two-fold:
- Improving Time to Service deployment – by increasing network automation and using easy-to-install alternative lines. More importantly, however, is maximizing service up time for business customers and connecting to them wherever they are!
- Lowering operational costs – by avoiding the use of expensive leased lines and reducing technician dependency for the installation phase.
Bridging fiber gaps with L2TPv3
The main tactic for CSPs to retain their existing customers is, by far, allowing them to connect to existing L2 VPN services, even from remote locations where fiber isn’t available, using an internet connection.
The underlying solution is simple. Since L2 VPNs are all about distributing or tunneling Ethernet PWEs (e.g., over an MPLS backbone), extending these services over the public internet requires an Ethernet tunneling over IP solution such as L2TPv3.
L2TPv3 is supported by many existing PE routers and allows tunneling of Ethernet PWEs over any underlay IP network, much in the same way it is done over an MPLS backbone. Furthermore, L2TPv3 provides a secure and reliable control channel between the two end-points, allowing them to negotiate the establishment of new services (Ethernet PWEs) and exchange required information, including monitoring information to check on the health and status of the connection. This greatly simplifies the operational effort and shortens the time required to set up such services. What’s more, as L2TPv3 can run over IPsec (transport and tunnel mode), it can be made fully secured and well-suited for the public internet.
The service extension model
The first use case that we will address here is the lack of fiber to connect the CPE at the remote location to the PE.
In such cases, Ethernet PWEs over an L2TPv3 tunnel (with or without IPsec) can be established over a cellular LTE network up to the MPLS PE, replacing the missing fiber connection. Each Ethernet service will be carried as a separate PWE mapped, at the PE, to a pre-defined VLAN that is recognized as an existing service by the existing L2 VPN.
Needless to say that the typical traffic bandwidth offered by the cellular network (or internet network in general) today is far more limited than a real fiber connection. Thus, it might very well be that only a portion of the required Ethernet services could be supported (on top of the CPE management that is always required). Nevertheless, with the appearance of 5G, the bandwidth will grow to match, and even top, the bandwidth provided by wirelines.
The service backup model
The second use case I would like to address here is service backup. Here, the remote CPE is already connected, over fiber, to the L2 VPN PE. However, the CSP would still need to manage the CPE and possibly continue to run customer critical services, should the fiber connection go down temporarily.
Using the same L2TPv3 over LTE principals as before, Ethernet PWEs can now be transported over the backup L2TPv3 tunnel should the primary fiber connection fail. Again, as in the previous use case, the alternative link’s bandwidth might be limited so only a portion of the overall services (CPE management + most critical customer traffic) could be accommodated in protection mode.
ZTP (Zero Touch Provisioning)
I previously dedicated a four-part blog post to Off-Net ZTP over public networks. The underlying guiding principal was that any CPE that is connected over a public internet connection, beyond the control of the SP, needs to support Off-Net ZTP to simplify its initial installation and reduce service set up time.
This is also very true here for the service extension use case mainly since the CPE is required to automatically download configuration, establish the L2TPv3 tunnel and connect itself to the existing L2 VPN. Thus, on first CPE boot, the device should automatically retrieve its configuration from an internet located ZTP bootstrap server rather than be manually staged.
Higher air interface data rates available today allow CSPs to enhance their L2 VPN offering by using these networks to either connect customers to their L2 VPNs where a fiber connection does not yet exist, or use it as a cost-effective backup to an existing fiber connection. This trend will intensify even further with the introduction of 5G networks and the data rates (and other features) they will bring.