White Paper

MPLS-based Layer 2
Virtual Private Networks

Kireeti Kompella, Senior Protocols Engineer

Matt Kolon, Marketing Engineer
Pierre Bichon, Systems Engineer
Annette Kay Donnell, Marketing Engineer

Juniper Networks, Inc.

1194 North Mathilda Avenue
Sunnyvale, CA 94089 USA
408 745 2001 or 888 JUNIPER
www.juniper.net

Part Number : 200009-001 05/01

Contents
Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Perspective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
MPLS-based Layer 2 VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Inherent Scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Separation of Administrative Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Routing Privacy and Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Ease of Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Native Multiprotocol Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Signaling Flexibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
MPLS Traffic Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
MPLS Standards Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Cost-efficient Migration from Traditional Layer 2 VPNs . . . . . . . . . . . . . . . . . . . . . . . . 6
Juniper Networks MPLS-based Layer 2 VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
ATM Replacement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Value-added Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Carrier of Carriers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
High-speed Transparent LAN Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
MPLS Internet Exchanges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

List of Figures
Figure 1: MPLS-based Layer 2 VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Figure 2: Example Network with Circuit Cross-connect for Frame Relay . . . . . . . . . . . . . . 7
Figure 3: Example Network with Circuit Cross-connect for Ethernet 802.1Q VLANs . . . . 7
Figure 4: Carrier of Carriers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Figure 5: LSP Stitching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Figure 6: High-speed Transparent Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Figure 7: MPLS Internet Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Figure 8: Example Local and Remote Peerings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Copyright 2001, Juniper Networks, Inc.

Executive Summary
While virtual private networks (VPNs) based on Frame Relay or ATM circuits are common, the
costs of maintaining separate networks for Internet traffic and VPNs and the administrative
burden of provisioning VPNs have led to alternative solutions. This paper identifies one of
several alternatives: namely, one in which the VPN is constructed on MPLS-based Layer 2
circuits. The paper further explains how Juniper Networks, Inc. delivers solutions to resolve
Layer 2 VPN requirements.
In an MPLS-based Layer 2 solution, you, the service provider, maintain and manage a single
MPLS-based network on which you can additionally run standard best-effort IP, Layer 3 VPNs,
traffic engineering, Diffserv, and many other services in a converged network. Juniper
Networks offers a range of the most scalable and flexible VPN solutions available for
deployment on a single network. This convergence of services onto a single infrastructure
significantly reduces operational cost and complexity.

Perspective
The first corporate networks were based on dedicated leased lines interconnecting the various
offices of the corporation. Such networks offered connectivity, but were wasteful of bandwidth,
expensive, and difficult to provision.
The first VPNs were based on Layer 2 circuits: X.25 to some extent, Frame Relay, and ATM.
These Layer 2 VPNs are easier to provision than dedicated lines, and virtual circuits allow you
to share a common infrastructure for all the VPNs. However, while these traditional VPNs are
a significant step forward from dedicated lines, they still have their drawbacks.
They are too slow. Without support for OC-192c/STM-64, they cannot keep pace with the
increasing speed requirements of the Internet.
They tie your VPN infrastructure to a single medium, such as ATM. This burden increases
if the Internet infrastructure shares the same physical links.
While provisioning is much easier than for dedicated lines, it is still complex, which is
especially evident when adding a site to an existing VPN.
An MPLS-based Layer 2 VPN solution preserves the benefits of a traditional Layer 2 VPN,
while leveraging the advantages of today's routing technology with regard to speed, flexibility,
and ease of provisioning. You can offer MPLS-based Layer 2 VPN services together with
best-effort IP and Layer 3 VPNs, and provision all three services from the same network
infrastructure.

Copyright 2001, Juniper Networks, Inc. . 3

 MPLS-based Layer 2 Virtual Private Networks

MPLS-based Layer 2 VPNs

An MPLS-based Layer 2 VPN is one in which you, the service provider, use your MPLS
network to deliver Layer 2 services to the customer. As far as the customer is concerned, they
have circuits such as Frame Relay connecting the various sites; each customer edge (CE) device
is configured with a DLCI on which to transmit to other CEs through the provider network,
which appears as a traditional Layer 2 cloud to the customer. Within your service provider
network, the Layer 2 packets are transported in MPLS label switched paths (LSPs). You do not
participate in the customer's Layer 3 network routing, resulting in several advantages to you
and to PE (provider edge) routers in particular.

Figure 1: MPLS-based Layer 2 VPN

VPN A VPN A
PE
P P
CE M20 CE
PE
M160 M160
M40

VPN B VPN B
LSP M20

CE CE
PE

CE = Customer Edge
P = Provider Routers
PE = Provider Edge

Inherent Scalability
In an MPLS-based Layer 2 VPN, PE routers share between themselves only a small amount of
information about each CE router. Therefore, each PE need only maintain a single entry from
each CE and keep a single route to each CE in every VPN. Both the Forwarding Information
Base and the Routing Information Base of provider routers scale linearly with the number of
customer sites.

Separation of Administrative Responsibilities

In a Layer 2 VPN, you are responsible for Layer 2 connectivity; the customer is responsible for
Layer 3 connectivity, which includes routing. Once a PE provides Layer 2 connectivity from its
connected CE to other CEs in the same VPN, its job is complete. For example, if the customer
experiences connectivity issues, you need to demonstrate that site A is connected to site B. The
details of how routing is done within the private customer network is the customer's
responsibility.
This separation of responsibility also isolates customer-generated faults from your provider
network. A misconfigured CE can, at worst, flap its interface, an event that has little or no
effect on your network. The customer is free to implement or experiment with any technology
of interest without fear of destabilizing your network.

4 Copyright 2001, Juniper Networks, Inc.

MPLS-based Layer 2 Virtual Private Networks

Routing Privacy and Security

As the provider, your network need not be concerned with routing table scalability or
overlapping address spaces because the per-VPN separation of routing information creates
natural boundaries between different customers, as well as between your network and the
customers'. This natural division lessens your administrative burden and also provides the
same level of routing security and data privacy to the customer that he or she experiences with
traditional Layer 2 VPNs.

Ease of Configuration
Configuring traditional Layer 2 VPNs is a burden primarily because of the n-squared nature of
the task in a fully meshed environment. If there are n number of fully meshed CEs in a Frame
Relay VPN, you must provision n*(n-1)/2 PVCs across the your network. At each CE, you
must configure (n-1) DLCIs to reach each of the other CEs. Furthermore, when a new CE is
added, you must provision n new DLCI PVCs and update each existing CE with a new DLCI
to reach the new CE.

Native Multiprotocol Support

Since you simply provide Layer 2 connectivity, a customer can implement any Layer 3 protocol
he or she chooses. This flexibility enables customers to use your L2 VPN as a native transport
for IBM SNA, Novell IPX, or any other protocol suite without the need for additional
encapsulation. It also enables you to deploy innovative new services, such as transparent LAN
and multicast services.

Signaling Flexibility
The VPN path across your provider routers can be signaled using LDP or RSVP. A hybrid
solution is also possible: LDP on the edge and RSVP in the core. RSVP allows for the
considerable benefit of traffic engineering across the network, which makes it possible to
choose explicit paths for a particular VPN. Using RSVP, you can traffic engineer paths for
customer data to meet such needs as low latency, and to include that attribute as part of an SLA
for which the customer pays a premium.
PE membership in a Layer 2 VPN can be signaled in two ways: LDP or BGP4. While there is no
industry consensus on which protocol is preferable, BGP4 offers several advantages.
Edge routers already run BGP4 almost without exception.
BGP4 was designed to carry numerous routes of various kinds.
BGP4 is better positioned to handle interdomain routing, which is needed for
multiprovider VPNs and carrier-of-carrier VPNs.
PE routers can maintain IBGP sessions to route reflectors as an alternative to a full mesh of
IBGP sessions. Deploying multiple route reflectors enhances scalability because it
eliminates the need for any single network component to maintain all VPN routes.
Import and export route targets allow control over where a particular route is advertised.

Copyright 2001, Juniper Networks, Inc. . 5

 MPLS-based Layer 2 Virtual Private Networks

MPLS Traffic Protection

MPLS offers a number of ways to protect the integrity of traffic, such as secondary LSPs and
fast reroute, which increase the reliability and robustness of services offered over an MPLS
core. With these protection mechanisms, you can offer different levels of traffic protection in
your services and tie them to different SLA statements.

MPLS Standards Development

As deployments of MPLS increase and as advances are rapidly introduced into the maturing
MPLS area, an MPLS core is prepared to exploit these developments. For example, the promise
of Generalized MPLS is to control not just label switches, but optical ones, too, with the result
of dynamic signaling of lambdas along a forwarding path. By choosing an MPLS solution, you
are in a position to take advantage of this and other MPLS developments.

Cost-efficient Migration from Traditional Layer 2 VPNs

Since MPLS-based VPNs are indistinguishable from traditional Layer 2 VPNs from the
customer's point of view, migrating from one to the other raises minimal issues for the
customer. This easement helps alleviate customer concerns about the adoption of new
technology or that which is perceived as complex.
Additionally, migration from leased lines is simple. The manner in which Layer 2 VPN links
are advertised into the routing protocol for VPNs is essentially identical to the manner in
which ATM links, Frame Relay links, leased lines, and physical lines are advertised

Juniper Networks MPLS-based Layer 2 VPNs

The Juniper Networks implementation of MPLS-based Layer 2 VPNs is based on MPLS Circuit
Cross-connect. This Layer 2 encapsulation method enables you to transparently transport any
traffic type over an MPLS core.
This feature enables the transparent connection of two Layer 2 circuits at different edges of the
network. Since no Layer 3 parsing or lookup is done, Circuit Cross-connect supports the
transmission of any Layer 3 protocols in the packet payload. Circuit Cross-connect consists of a
static mapping of incoming to outgoing logical ports, virtual circuits, or DLCIs.
Supported encapsulations include the following.
ATM (AAL5 or cell relay)
Ethernet 802.1Q VLANs
Frame Relay
HDLC
MPLS (stitching)
PPP
This mechanism enables you to create tunnels through an MPLS backbone network cloud,
between the CE routers as per Figure 2 and Figure 3.

6 Copyright 2001, Juniper Networks, Inc.

MPLS-based Layer 2 Virtual Private Networks

Figure 2: Example Network with Circuit Cross-connect for Frame Relay

Table
In Out Good Service SP
LSP 1 DLCI 605 DLCI Europe Region
Good Service SP 605
USA Region DLCI LSP 1
CE M160 M20 10.0.0.0
600 PE M160 PE

Source M20 Large Provider IP/MPLS Network CE

PE CE
DLCI M40
M40
610 LSP 2 M20
20.0.0.0
DLCI
Routing Table Table 608
In Out In Out Table
Good Service SP
10/8 DLCI 600 DLCI 600 LSP 1 In Out Asia Region
20/8 DLCI 610 DLCI 610 LSP 2 LSP 2 DLCI 608

Figure 3: Example Network with Circuit Cross-connect for Ethernet 802.1Q VLANs
Table
In Out Good Service SP
LSP 1 VLAN 2 Europe Region
Good Service SP VLAN 2
USA Region LSP 1
M160 M20 10.0.0.0
CE VLAN 2 PE M160 PE

Source M20 Large Provider IP/MPLS Network CE

PE CE
VLAN 3 M40
M40
LSP 2 M20
20.0.0.0
Routing Table Table VLAN 3
In Out In Out Table
Good Service SP
10/8 VLAN 2 VLAN 2 LSP 1 In Out
Asia Region
20/8 VLAN 3 VLAN 3 LSP 2 LSP 2 VLAN 3

The PDUs of the various encapsulations are handled by the Circuit Cross-connect feature in the
following manner.
For ATM AAL5 VPNs, the AAL5 PDU is transported without directly carrying the
VPI/VCI. At the receiving PE, the AAL5 PDU is fragmented, a VPI/VCI added to each cell,
and the cells sent to the CE. The VPI/VCI to use is inferred from the top level MPLS label.
For ATM cell relay, cells submitted by one CE are transported as is, with an MPLS header
applied to each cell. The receiving PE removes the MPLS header and forwards the cell to
the appropriate CE.

Copyright 2001, Juniper Networks, Inc. . 7

 MPLS-based Layer 2 Virtual Private Networks

For Frame Relay VPNs, the two DLCI octets are stripped, and the rest of the Layer 2 frame
transported. At the receiving PE, the new DLCI is applied to a newly generated Frame
Relay header, which is added back to the frame and sent to the CE.
For PPP, Cisco HDLC, and Ethernet VLANs VPNs, the Layer 2 frame is transported whole,
without any modification. The Layer 2 frame does not include HLDC flags, Ethernet
pre-ambles, or CRCs. The assumption is that the bit/byte stuffing is undone. At the
receiving PE, the frame is sent to the CE on the appropriate interface.

ATM Replacement
With MPLS Circuit Cross-connect's capability to handle cell-relay and AAL5 ATM services,
you can offer transit solutions for many customer applications that currently operate over
end-to-end ATM. AAL5 services are well suited for applications that use ATM as a generic
Layer 2 transport and are therefore tolerant of some degree of delay and delay variation, as is
expected in an AAL5 service. Cell-relay service operates in an AAL-agnostic fashion, with no
segmentation or re-assembly in the provider network, and is therefore suitable for many VBR
applications.
While some ATM networks exist primarily for circuit emulation and other real-time CBR
services, virtually all other ATM circuits are candidates for extension or replacement with
MPLS-based Layer 2 VPNs.

Value-added Services
You can use MPLS-based Layer 2 VPNs to build and sell value-added IP services on a single
core infrastructure, such as carrier of carriers, Layer 2 VPNs, extranet access at Layer 2,
high-speed transparent, and Internet exchange services.

Carrier of Carriers
You can offer other carriers transparent bandwidth services to deploy their core backbone
without having to build their own transport network (Figure 4). You could deploy such
services, which you could name virtual core services, on a regional, national, or international
basis. The carrier can continue to manage its own network equipment and simply connect to
your provider network as a CE site to a PE node. You could use any supported Layer 2 protocol
between the CE and PE provided each point-to-point connection implements the same access
protocol at both ends. You need only maintain MPLS LSPs between any point-to-point
interconnection for the carrier. You can apply traffic engineering to these transit LSPs in order
to offer SLAs as a value-added benefit.
Such a service is much more efficient for the carrier than using leased lines or fibers. A single
CE can connect to multiple remote CEs when you create a mapping between a pair of PVCs or
VLANs. Moreover, you can offer bandwidth at any speed because local connections can range
from T1 and E1 up to OC-48c/STM-16 and OC-192c/STM-64.

8 Copyright 2001, Juniper Networks, Inc.

MPLS-based Layer 2 Virtual Private Networks

Figure 4: Carrier of Carriers

Table
In Out Good Service SP
LSP 1 DLCI 605 DLCI Europe Region
Good Service SP 605
USA Region DLCI LSP 1
M160 M20 10.0.0.0
CE 600 PE M160 PE

Source M20 Large Provider IP/MPLS Network CE

PE CE
DLCI M40
M40
610 LSP 2 M20
20.0.0.0
DLCI
Routing Table Circuit Cross-connect Table 608
In Out In Out Circuit Cross-connect Table Good Service SP
10/8 DLCI 600 DLCI 600 LSP 1 In Out Asia Region
20/8 DLCI 610 DLCI 610 LSP 2 LSP 2 DLCI 608

To meet the needs of customers who are carriers using MPLS, you can deploy the Juniper
Networks LSP stitching feature(Figure 5). LSP stitching enables you to map a carrier's ingress
LSP to a core LSP on your own backbone and then to the carrier's egress LSP at the remote end.
This method enables a carrier to provide MPLS-based services to its customers by enlisting
your network as a bridge between areas of its network that are not contiguous, either from lack
of full MPLS support or due to geographic considerations.

Figure 5: LSP Stitching

Traffic Engineering Traffic Engineering Traffic Engineering
Domain 1 Domain 2 Domain 3

AS 1 AS 2 AS 1
M5 M20 M40 M10

LSP Stitching

High-speed Transparent LAN Services

In a metropolitan environment, you can use the same IP/MPLS infrastructure to offer to
customers the interconnection of sites at high speeds using simple LAN interfaces, such as Fast
Ethernet and Gigabit Ethernet. Deploying such a service is very simple once a core IP/MPLS is
in place because you need only maintain a single Ethernet network across the WAN. You can
offer IP services, and additionally on the same local loop access, LAN-to-LAN interconnection
at Layer 2 (Figure 6). Your customer can use one VLAN to access the IP services, another
VLAN for IP VPN services such as a national or an international intranet service, and other
VLANs to connect to several sites in the same city. The CE can be a remote Ethernet connection

Copyright 2001, Juniper Networks, Inc. . 9

 MPLS-based Layer 2 Virtual Private Networks

over fiber (to connect to an existing LAN switch, for instance), a leased Ethernet concentrator
(which several customers in the same building could share), or a Juniper Networks router to
connect one or more customers at a variety of speeds.
Benefits of using Juniper Networks routers in a high-speed transparent LAN solution include
the following.
Transit delays of the Juniper Networks routers are so low and stable that you can plan any
mesh or loop architecture that evolves and expands easily without having to reconsider the
whole network design.
You can offer an access from 100 Mbps to 1 Gbps seamlessly.
Services range up to 43.50 miles / 70 km with the use of advanced long haul Gigabit
Ethernet technologies.
You can offer transparent LAN service benefits from the inherent redundancy of the MPLS
core. For example, the MPLS fast reroute feature reroutes LSPs in less than 100 milliseconds
in case of a core trunk or node failure, making the failure transparent to user traffic.

Figure 6: High-speed Transparent Services

VPN A VPN B

Fast Ethernet
Gigabit Ethernet
VLAN ID VLAN ID VLAN ID
with 802.1Q Business Center
612 600 601

PE M160
PE Fast
M20
Ethernet VPN B
LSP 5
VLAN ID
LSP 6 601
LSP 3
PE M40 M10 CE
MPLS Core VLAN ID
Fast Ethernet VLAN ID PE 612 VPN A
Gigabit Ethernet 600 Fast
with 802.1Q Fast Ethernet Ethernet
Gigabit Ethernet
with 802.1Q

VPN B
Circuit Cross-connect Function

10 Copyright 2001, Juniper Networks, Inc.

MPLS-based Layer 2 Virtual Private Networks

MPLS Internet Exchanges

Today, Internet exchange points encounter scalability issues that you can resolve using an
MPLS-based Internet exchange service (Figure 7). For instance, you can address requirements
to reach high speeds in Gbps, to act at Layer 2 for controlling peering relationships, to allow for
remote peering connections, and to maintain bandwidth management, and class of service.
For peering connections, MPLS reaches up to OC-192c/STM-64 speeds, avoids the ATM cell
tax, and still runs over any medium or Layer 2 protocol such as SONET/SDH (using Frame
Relay, PPP, or HDLC), ATM, or Ethernet. ATM technologies suffer from the inability to reach
speeds above OC-48c/STM-16 (due to SAR chip limitations), and Ethernet makes it difficult to
design remote peering connections.
You can offer an MPLS Internet exchange service using two methods.
An end-to-end traffic engineered tunnel switch where the exchange router is only
switching MPLS LSPs and provides no BGP routing function; LSPs are signaled end to end
between peering routers.
An MPLS Circuit Cross-connect in which the exchange router interconnects LSPs coming
from peering routers in a static configuration.

Figure 7: MPLS Internet Exchange

Peer 1 Peer 2 Peer 1 Peer 2

M10 M20 M10 M20

Signalled M40 MPLS IX M40 MPLS IX

Router MPLS Circuit Router
End-to-end LSPs Cross-connect

M5 M5

Peer 3 Peer 3

End-to-end Traffic Engineer Tunnel Switch MPLS Circuit Cross-connect

As opposed to an Ethernet- or ATM-based exchange, MPLS extends the peering connections

through a core network that is independent of the medium used. You can base the MPLS core
on Ethernet, Frame Relay, ATM, or serial segments; it only needs to run MPLS as a common
transport layer.
This capability is particularly important now because Internet exchange points are facing
exponential growth and need to expand, most of the time by duplicating the physical
co-location site. Interconnecting both sites transparently at high speeds becomes a problem,
and multiple physical fibers or lambdas are necessary to overcome this situation. Customers
need to maintain maximum flexibility, retaining the freedom to peer with anyone on short
notice, or to quickly deploy a peering connection for a business situation that requires
re-activity.

Copyright 2001, Juniper Networks, Inc. . 11

 MPLS-based Layer 2 Virtual Private Networks

MPLS has the advantage of offering OC-192c/STM-64 speeds between sites, with remote
peering made available by the simple extension of LSPs between both sites using the
MPLS-based Layer 2 VPN. You can even offer the MPLS Internet exchange between the two
sites as a service or when renting co-location space in both sites.
You can view such a remote peering service on a national or international scale, where using a
transit connection to set up a peering relationship with service providers located in a
completely different region or country (Figure 8).

Figure 8: Example Local and Remote Peerings

Peer 3

M10
MPLS IX MPLS IX
Router Router Local
OC-192c/STM-64 MPLS Pipe Peering
Peer 1
M160
Connection
M160
M20
M10

Trunk LSP Peer 2

Remote Peering
Connection

Conclusion
Juniper Networks MPLS-based Layer 2 VPNs address the most significant VPN issues today.
Easily configurable and maintained, and thus cost efficient.
Delivery of value-added services with predictable performance.
Private, any-to-any VPN connectivity for increased scalability.
Differentiation of traffic on a per-customer basis.
Reduced operation costs by converging traffic across a single IP infrastructure.
In addition to offering the simplicity and transparency of Layer 2 VPNs, Juniper Networks also
makes it possible for you to provision MPLS-based Layer 3 VPNs, and to thus provide
customers with the outsourced routing, single-point CE connection, and provider oversight
that are the hallmarks of such a service.
By offering customers the option of deploying either or both of these VPN models, you reap
the benefits of retaining an existing customer base, attracting new customers that you can
quickly, reliably provision, and remaining flexible in capitalizing on new opportunities.

12 Copyright 2001, Juniper Networks, Inc.

MPLS-based Layer 2 Virtual Private Networks

Acronyms
AAL ATM Adaptation Layer

ATM Asynchronous Transfer Mode

BAS broadband access server

BGP Border Gateway Protocol

CE customer edge

CBR constant bit rate

CRC cyclic redundancy code

DLCI data-link connection identifier

HDLC High-level Data Link Control

IBGP Internal Border Gateway Protocol

IP Internet Protocol

IPX Internet Packet Exchanges

LDP Label Distribution Protocol

LSP label switched path

MPLS Multiprotocol Label Switching

PE provider edge

PDU protocol data unit

PPP Point-to-Point

PVC permanent virtual circuit

RAS remote access server

RIP Routing Information Protocol

RSVP Resource Reservation Protocol

SAR segmentation and re-assembly

SLA service level agreement

SNA Systems Network Architecture

VBR variable bit rate

VCI virtual circuit identifier

VPI virtual path identifier

VLAN virtual local area network

VPN virtual private network

WAN wide area network

Copyright 2001, Juniper Networks, Inc. . 13

 MPLS-based Layer 2 Virtual Private Networks

Copyright 2001, Juniper Networks, Inc. All rights reserved. Juniper Networks is a registered trademark of Juniper Networks, Inc. Internet Processor, Internet
Processor II, JUNOS, JUNOScript, M5, M10, M20, M40, and M160 are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered
trademarks, or registered service marks may be the property of their respective owners. All specifications are subject to change without notice. Printed in USA

14 Copyright 2001, Juniper Networks, Inc.