A Comparison

of L2VPN
Technologies
Amir Tabdili
Consulting Engineer
July 13th, 2004

Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

Junos supports both L2VPN flavors

Juniper Supports both Martini and draftKompella (l2vpn)
Customers have a choice to decide based on
requirements:

Scalability
Manageability
Maturity of features
Cost and ease of provisioning

Customer makes the ultimate decision

Will the network have a variety of VPN types and attract a
large number of customers?
Will the network be comprised of a small number of point
to point connections?

Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

Why Juniper developed draftKompella

Juniper was first vendor to have shipping
code to support transport of Layer 2
protocols over MPLS Circuit Cross Connect
(CCC)
CCC was a big success and as it became more
deployed it became evident that it was
missing three key ingredient:
CCC did not use label stacking
CCC was hard to provision
CCC did not support Interworking

draft-Kompella was Junipers second

generation L2VPN technology with these
enhancements in mind

Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

Kompella at a glance: Why BGP?

When draft Kompella was designed several
choices were considered for signaling
protocol to carry VPN membership
information. LDP was NOT chosen since:

The lack or reflectors or other hierarchy mechanisms

The lack of community or other policy mechanism
The lack of refresh capability
The lack of an Inter-Provider mechanism
The greater amount of protocol state needed
BGP provided a common signaling protocol for networks
which as well run L3VPN (RFC 2547) and VPLS services.
Less number of protocols to run

Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

Draft-Kompella: Topological
flexibility
The Kompella draft uses the RFC 2547bis
defined route targets to create arbitrary
topologies
Ptpt, hub and spoke, partial full mesh or full mesh
The route target attribute defines a collection of sites
(VTFs) to which a PE distributes its site identifiers
A PE router can use this attribute to contain the
import of remote routes in a VTF
To build a hub and spoke topology the hub exports
only its site ID and imports all spoke site IDs. Spoke
sites import only the hub site-id and export its site ids

Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

Draft-Kompella: Scalable VPN

configuration
Draft Kompella uses BGP for automatic
discovery of VPN members
Support for building of full mesh or hub and spoke topologies

Draft Martini does not have a built-in autodiscovery mechanism

Configuration Complexity for Martini is O(n^2)
Configuration complexity for Kompella is O(n)
QOS configuration is a site-specific requirement
which is included along with bandwidth
configuration for each VPN sites
O(n) Configuration operations per VPN for both Martini and
Kompella

Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

Draft-Kompella: Pre-Provisioning
Pre provisioning enhances service
delivery
When a CE has 10 DLCIs configured it can reach
another 10 CR routers.
If you want to add an 11th site you need to
configure a new DLCI on the CE as well as
provision a new DLCI in both the local and remote
PEs
If you pre-provisioned 11 DLCIs on the CE and its
local PE router, your work is now only limited to
the new CE and its attached PE
Saves times and increases service velocity

Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

VPN provisioning example

With Kompella for a full mesh VPN one needs to do the
following:

Decide on a route-distinguisher and route-target for a VPN. This is done

once for a VPN (~15min)
Key in some interface specific configuration for each site (~5min)
List N interfaces where N is the number of sites (~1 min per site)

To configure a VPN with draft Martini

Pick a PE to PE pair
For that Site decide which VC ID to use (which needs to be unique)
For each PE pick the interface and configure the LSP joining the two (about
20 minutes per pair of PEs)

For a full mesh VPN with 30 sites

2.2 Man Days for Kompella

18.13 Man Days for Martini (Man day is 8 hours)

The numbers also apply for adding a site, deleting a site

and moving a site
Result in a difference in operational cost of maintaining
large scale VPNs

Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

Draft-Kompella- Efficient use of

Protocol State

With BGP (Kompella) there is a fixed amount of state carried per site per VPN
With LDP (Martini) State is per connection
For a VPN with n sites up to n^2 amount of state information must be
carried. This forces the providers to implement partial meshes or hub and
spoke topologies to scale
L2VPN with 20 sites (you need 20 labels)

LDP results in 20 independent advertisements each advertising a single label

With BGP you have 20 contiguous labels (one label block). BGP does a single
advertisement with that one block
Also with Martini you have to keep state for 380 connections (190 X 2 ) for a full
mesh topology

L2VPN with 100 sites (you need 100 labels)

You have 100 LDP advertisements while you have one for BGP!
With Martini you have to keep state for 9,000 connections for a Full mesh
topology!

Each provider needs to decide which is more important? Possible

wasting of labels (which are plenty) or wasting protocol state
(which consumes memory and CPU)?

Total label space per PE router is 1 million. If we only use 5 percent of these for
L2VPNs it results in 50,000 customer facing interfaces per PE

Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

BGP Delivers Scalable

Route-Reflector Architecture
PE 1

PE 1

PE 4

PE 5

PE 2

PE 3

PE 6
PE 7

New PE
added
Existing LDP sessions
New LDP
sessions

Targeted LDP: New PE Added

PE 4
RR
PE 5

PE 2

PE 3

PE 6
PE 7

New PE
added
Existing BGP sessions
New BGP
Session
BGP: New PE Added

7 PEs need to be configured to establish PE and Route Reflector need to be

LDP sessions between PEs. All 7 need to configured for 1 BGP session established
with route reflector
be configured again if MD5
authentication desired.

Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

10

Overloading BGP ?
Common concern:
{public Internet + RFC2547 VPNs + V6 VPNs + L2
VPNs + VPLS} will overload BGP, causing it to
crash
Real question:
should a single PE provide all of the above
services ?
If so, doesnt matter which protocol
either the PE device can take it, or not
Putting these services in different protocols doesnt
reduce overall stress on the PE!
Existence proof that some PEs can take it
Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

11

Overloading BGP ? (cont.)

Other concern: BGP is complex to implement
The (perceived) vendor complexity of
implementing Multi-Protocol BGP is well worth
the greatly simplified operations for the Service
Providers
Using Multi-Protocol BGP for both auto-discovery
and distributing VPN labels means fewer
protocols to operate, manage and debug
Therefore it means cost savings in terms of:
Educating the NOC staff
Building tools/expertise to monitor VPNs
Building tools/expertise to debug and manage the VPNs

Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

12

Why not BGP + LDP ?

BGP or LDP for signaling (distributing VPN labels) is a
wrong comparison; ignores requirement for
autodiscovery
Compare BGP for both autodiscovery and signaling
with BGP for autodiscovery and LDP for signaling
With BGP + LDP approach, signaling of VPN labels
requires a completely separate protocol (LDP)
With BGP approach signaling, of VPN labels is a side
effect of (BGP-based) autodiscovery
The overhead of using BGP for both autodiscovery
and signaling is about the same as using BGP just for
autodiscovery
Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

13

Draft-Kompella:
Layer 2 technologies and
resiliency
Draft-Kompella supports all the layer 2
technologies supported by Martini draft

Vlans, Ethernet port, FR, ATM (AAL5 and Cell-relay), PPP,

HDLC

Draft Kompella also supports protocol

Interworking
Example: Ethernet to Frame Relay

Superior Resiliency:

Flexible end to end signaling of PVC/DLCI failure

Draft-Kompella using BGP has flexibility of announcing back
up links through BGPs route preference mechanisms
This becomes important when running FR NNI with a FR switch
Very Similar to what Layer 3 VPNs currently are capable of
Simple addition to draft-Kompella while Martini with LDP is
missing the mechanism to announce a route with less
preference

Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

14

Inter-Provider VPNs
BGP provides a flexible way of
providing inter-provider L2 VPNs
LDP does not provide that mechanism
in a scalable fasion:
No policy, no route dampening, more like an IGP
No way to reduce the full mesh needed for the
indirect mode huge number of interprovider
connections

The way we do interprovider VPNs for

draft-Kompella is exactly the same as
option (c) of 2547 L3 VPNs.
Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

15

Conclusion
Juniper supports both drafts
We believe draft Kompella is superior in
several fronts
Martini is more suitable for point to point
connections or VPNs with very small number
of sites
Juniper supports RIP as well as link state
protocols that does not mean we advocate
running RIP as your backbone protocol

Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

16

Thank You
www.juniper.net

Copyright 2003 Juniper Networks, Inc.

Proprietary and Confidential

17