Technical Whitepaper on L2/L3VPN Bridging

Technical Whitepaper on
L2/L3VPN Bridging
1 Abstract
With the construction of commercial LTE network accelerating, there is a new demand
that data is horizontally forwarded. Core-layer PTN equipment is added with L3 function
(hereinafter referred to as the L3VPN solution) and core-layer PTN is interconnected to
CE router to meet the demands. The CE router solution introduces a variety of device
types and there are many difficulties in the device interconnection and network
maintenance, so technical focus is on the L3VPN solution. The L2/L3VPN bridging
technology described below is a key point to deploy the L3VPN solution.

L2/L3VPN bridging integrates L2VPN and L3VPN in one device and achieves logic
isolation and interworking of L2 Virtual Entity (L2VE) and L3 Virtual Entity (L3VE) in one
Virtual Group. It substantially reduces network complexity to implement end-to-end (ETE)
QoS features and deploy unified protection switching policy, while cutting OPEX.

L2VPN and L3VPN function as well as L2/L3VPN bridgings technical feasibility and
device maturities have been fully verified in large-scale networks and complex
environment.

2 Basic principles of L2/L3VPN bridging

The networking of conventional L2VPN access to L3VPN is as below:

ZTE Confidential & Proprietary 1

Technical Whitepaper on L2/L3VPN Bridging

Figure 2-1 Conventional L2VPN access to L3VPN

PE1 and CE1 create a L2VPN to terminate a L2VPN packet and access the L3VPN
corresponding to PE2, while PE2 and CE2 create a L3VPN to terminate a L3VPN packet
and access the L2VPN corresponding to PE1.

The networking logic is clear. L2VPN and L3VPN are physically isolated from each other,
but there are the following problems:

At least two PE devices are needed.

It is difficult to achieve ETE QoS.

It is difficult to fulfill inter-PE protection.

The L2/L3VPN bridging solves the above problems. The fundamental idea is that PE1
and PE2 are integrated and the networking is shown as below:

Figure 2-2 L2/L3VPN bridging

PE is logically divided into two parts: one corresponding to L2 VPN is called L2 Virtual
Entity (L2VE), and the other corresponding to L3 VPN is called L3 Virtual Entity (Virtual
Group) which has both L2VPN and L3VPN features.

2 ZTE Confidential & Proprietary

 Technical Whitepaper on L2/L3VPN Bridging

Figure 2-3 Logic diagram of L2/L3VPN bridging

This solution saves network costs while significantly reducing network complexity. MPLS
label is available in the transport from CE1 to CE2 to implement ETE QoS features and
deploy the unified protection switching policy.

The paper describes L2VPN bridging to L3VPN. In the actual network, it can directly be
bridged to public network in the similar principle which is not repeated here.

3 Typical networking and applications of

L2/L3VPN bridging in LTE

3.1 LTE network architecture

Compared with traditional 2G/3G network, LTE is characterized by a flat network and the
introduction of S1 and X2 interfaces, as shown below:

ZTE Confidential & Proprietary 3

Technical Whitepaper on L2/L3VPN Bridging

Figure 3-1 Architecture of traditional 2G/3G network and LTE network

S1 interface: Located between eNB-sGW. It connects and bears such user services
as UE HD VOD, HD video supervision, real-time RGB online games, music
downloads, mobile TV and high-speed Internet access. S1 interface needs flexible
dispatching to make eNB attributable to multiple sGWs.

X2 interface: Located between adjacent eNBs. Different from star structures of

2G/3G backhaul network, LTE backhaul network supports X2 interface and a part of
mesh structures, so a logical connection should be created between adjacent base
stations to directly exchange roaming user data between eNBs.

Bearing demands for S1 interface: If several separate paths attributable to different sGW
are created for each base station, more connections lead to a dramatic increase in costs.
The IP route forwarding (L3VPN) should be introduced into bearer network to flexibly
forward services from different base stations to different sGWs. At present, the IP route
forwarding is generally deployed at aggregation/core scheduling layer to control route
domain to a small size for better manageability, scalability and security while remaining
the conventional L2VPN technology between access and aggregation layers.

Bearing demand for X2 interface: Because X2 interface bandwidth is only about 3% to 5%

of S1 bandwidth, X2 and S1 can share bearing channel, which is supported by the IP

4 ZTE Confidential & Proprietary

 Technical Whitepaper on L2/L3VPN Bridging

forwarding (L3VPN) at the core dispatching layer of bearer network to avoid N squared
connection problem between adjacent base stations caused by X2 connected and
reduce network complexity and costs.

Aiming at the LTE bearing characteristics mentioned above, the industry's most widely
used solution is: A L2VPN is between access and aggregation layers, a simplified L3
VPN is between aggregation and core layers, and both are accessed at the aggregation
layer, as shown below:

Figure 3-2 Simplified L3 VPN ETE PTN solution

PTN EVPL on access/aggregation layer accesses and aggregates S1 and X2 services to

PTN core node. Core-layer PTN device maps EVPL service into a VRF instance through
the L2/L3VPN bridging technology and flexibly dispatches S1 and X2 services via the
simplified PTN L3VPN to bear LTE service. The packet encapsulation format in the
forwarding is as follows:

Figure 3-3 Protocol stack of simplified L3 VPN ETE PTN solution

ZTE Confidential & Proprietary 5

Technical Whitepaper on L2/L3VPN Bridging

As seen above, a packet is encapsulated with L2VPN PW and transmitted via E-Line at
access/aggregation layer, and is encapsulated with IP PW and forwarded via L3VPN at
core layer.

Simplified L3VPN means bearing L3VPN and L2VPN over MPLS-TP static tunnel like a
service, and having low requirements for VRF number, VPN route number and VPN
route control complexity. It gets a route in the following ways:

Statically configure L3VPN route: In this case a PTN device does not need to
support any dynamic protocol.

Release and learn L3VPN route through MP-BGP: In this case a PTN device just
needs to support simple BGP requirements such as basic protocol processing,
neighbour creation mechanism and MP-BGP.

3.2 VPN Application Scenarios in LTE Network

In LTE network, there are various networking scenarios, in which each uses different
service deployment solutions based on different user needs. The following sections
analyze and introduce the common VPN application scenarios and service deployment
solutions in LTE network from different perspectives.

3.2.1 Different Locations of sGW

The application scenario of LTE bearing metro area scheduling is shown in the following
figure. The whole transport network is divided into four areas: A, B, C, and D. Among
these only A, B, and C are deployed with a core equipment room with SGW/MME
equipment set. D area is not deployed with core equipment room. In practical application,
eNB may be homed to multiple sGWs. Thus there is both scheduling inside the area and
cross-area scheduling. This requests PTN between core equipment rooms to connect by
OTN to provide cross-area scheduling channel.

6 ZTE Confidential & Proprietary

 Technical Whitepaper on L2/L3VPN Bridging

Figure 3-4 Application scenario of LTE bearing scheduling inside metro area

The services beared by LTE are divided into two scenarios based on different sGW
locations:

Scenario of eNB communication with local aGW: sGW is connected with local core
layer PTN equipment. The networking is shown in Figure 3-5:

Figure 3-5 Scenario of eNB communication with local sGW

Scenario of eNB communication with remote sGW: sGW is connected with remote
core layer PTN equipment. The traffic can be transmitted to remote sGW by L3VPN
route forwarding of core layer PTN. The networking is shown in Figure 3-6.

ZTE Confidential & Proprietary 7

Technical Whitepaper on L2/L3VPN Bridging

Figure 3-6 Scenario of eNB communication with remote sGW

3.2.2 Different eNB Access Location

In some application scenarios, access aggregation layer may not support L2VPN
besides VLAN. So we need to take direct access by local AC at core node (bridging
equipment).

The services beared by LTE are divided into two scenarios based on different eNB
access locations:

eNB gets access by PW established between access equipment and core node.

eNB gets direct access by local AC of core node (bridging equipment).

3.3 L2L3 Bridging Service Deployment Solution

In the application scenario described above, different solutions can be adopted to deploy
bridging service based on the quantity and position of downlinking eNM of core node, as
well as different eNB neighborhood.

3.3.1 port+vlan Access

When there is few eNB uplinking to a core node, port+vlan can be used to deploy
bridging service. The networking is shown in Figure 3-7:

8 ZTE Confidential & Proprietary

 Technical Whitepaper on L2/L3VPN Bridging

Figure 3-7 Scenario of eNB communication with local sGW typical networking of
port+vlan access

Firstly, each eNB is distributed with an independent VLAN and IP address. At the same
time, establish different P2P EVPL service between the access equipment and core
node respectively. Then terminate the EVPL services inside the core node by different
bridging virtual VLAN sub-interfaces, and take mapping of it to a particular VRF instance.
Take L3VPN route forwarding in VRF. And finally transmit it to local SGW/MME
equipment to realize eNB and sGW interconnection (S1 interface).

In this solution, the broadcast between eNB is totally separated. The core node saves all
eNB arp items so that the interconnected (X2 interface) between eNB communicate by
routing of core nodes. And they can interconnect only when they get access to the eNB
of the same L3VPN.

3.3.2 port+vlan-range Access

When there are a lot many eNB uplinking to a core node, port+vlan-range access can be
used to deploy bridging services. The networking is shown in Figure 3-8:

ZTE Confidential & Proprietary 9

Technical Whitepaper on L2/L3VPN Bridging

Figure 3-8 Scenario of eNB communication with local aGW typical networking of
port+vlan-range access

The working principles for this solution are similar to those for supervlan. Each eNB is
distributed with an independent VLAN but IP address doesnt need to be individually set.
They share the same gateway on the core node, which greatly optimizes IP address
management. There are two configurations for this solution:

Establish different P2P EVPL services to core nodes at access equipment.

Compose a VFI instance at core node with multiple PW established on eNB to
constitute EVPLAN service. A VFI instance is corresponding to a bridging virtual
VLAN-RANGE sub-interface to terminate the EVPLAN service, and take mapping of
it to a particular VRF instance. Then take L3VPN route forwarding in VRF. Finally
transmit it to local SGW/MME equipment to realize interconnection (by S1 interface)
of eNB and aGW.

Establish different P2P EVPL service between access equipment and core node.
Use the same bridging L2 virtual interface + different VLAN at core node to
terminate these EVPL services. Take the mapping of all EVPL services to a
particular VRF instance by a bridging L3 virtual VLAN-RAGE sub-interface. Then
take L3VPN route forwarding in VRF. Finally transmit it to local SGW/MME
equipment to realize interconnection (by S1 interface) of eNB and aGW.

Besides, ARP proxy should be initiated at core node to enable different eNB to learn ARP
from each other so as to realize their interconnection (by X2 interface).

10 ZTE Confidential & Proprietary

 Technical Whitepaper on L2/L3VPN Bridging

3.3.3 Port Access

The basic principles of this solution are similar to those of prot+vlan access. The main
difference lies in the fact that when eNB gets access, vlan tag cannot be carried or Vlan
is not cared about. Thus the bridging equipment must use port access.

4 The Representative Networking and

Application of L2/L3VPN Bridging in IP
RAN

4.1 Packet PW reference model and forwarding model

As a special case, if Client MPLS PSN bears L3 or L3VPN service in Packet PW service
model, this situation can be seen as a L2VPN/L3VPN bridging application model.

Figure 4-1 Packet PW reference model

ZTE Confidential & Proprietary 11

Technical Whitepaper on L2/L3VPN Bridging

As the figure 4-1 shows, LSR1 and LSR2 belong to the client MPLS PSN network, and
the PE devices (including PE1 and PE) belong to the server MPLS PSN, offering the
connections between the client LSRs. The AC used for access between the MPLS LSR
and PE are the virtual interface in the device. The Packet PW provides connections
between these virtual interfaces. The Packet PW can be used to transfer the necessary
L2 and L3 protocols between LSR1 and LSR2.

Figure 4-2 Packet PW forwarding model

The figure 4-2 shows the packet PW forwarding model. In a short word, this model
includes three steps:

1. Client layer forwarding.

2. Service layer encapsulation.

3. Service layer forwarding.

The Packet PW PE is composed by three parts: client layer LSR, PW processing unit and
service layer LSR. The following paragraph shows the basic principle of transferring the
client MPLS service in the Packet PW.

First of all, the PE device has an inbuilt LSR which decides the client next hop and
encapsulates the label required by the client next hop. Then the messages are sent to
the corresponding PW entities via which they are encapsulated with PW labels and sent
to the service layer LSR for future forwarding. When the messages are sent from the

12 ZTE Confidential & Proprietary

 Technical Whitepaper on L2/L3VPN Bridging

server PSN to the egress PE, they have corresponding PWs through which the relating
PW entities can be found. As per the configuration, this entity is known as packet PW
type. The messages are sent to the client SRP for future processing.

4.2 The representative application of L2/L3 VPN

bridging in IP RAN

Figure 4-3 The application of packet PW in IP FRR

As the figure 4-3 shows, the RNC communicates with the base station via the L3VPN.
The private network S1, S2 and S3 initate ISIS protocol. As theres no physical link
between the S1 and S2,ISIS neighbor can not be built. Therefore, when the physical
link between the S1 and S3 breaks down, the uplink streams can realize 50ms
switchover via the IP FRR. While, the downstream services need to use the L3VPN
protocols to implement dynamic convergence, which can not satisfy 50ms switchover.
Thus, in this condition, a PW Packet (virtual interface PW in the figure) between the S1
and S2 can be built to send ISIS messages. In this way, the IP FRR can also form on the
S1. The active link is the the direct link between the S1 and S2. The standby link runs
from S1 to S2 through the Packet PW, then it extends to the S3. The bridging devices
mentioned above can also initiate OSPF protocol.

ZTE Confidential & Proprietary 13

Technical Whitepaper on L2/L3VPN Bridging

4.3 The representative application of L2/L3 VPN

bridging in IP RAN

Figure 4-4 The application of packet PW in 3G service transmission

ACC-1
AGG-1 CORE-1

CIP
ACC-2

VRRP TE
TE

RNC

PW L3VPN
ZESR+

VRRP

ACC-3 CIP

xgei_1/2
gei_3/12

AGG-2 CORE-2
ACC-4

As the figure 4-4 shows the base station and RNC implement 3G service transmission,
i.e. L3 VPN forwarding is implemented. The ACC devices in the following figure build
an access network with ZESR+ service initiated to implement L2 transparent
transmission. As the L3 gatway of the base station, the AGG-1 and AGG-2 initiate VRRP
protocol. In the real application, the physical link between the AGG-1 and AGG-2 could
either exist or not. So as a unified solution, L2L3 VPN bridging technology (VPLS bridges
to L3VPN) can be used. The specific way is :

1. The base station service is transparently transferred by ZESR+. It then accesses

the AGG device as CIP. VRRP gateway is used for L3VPN transmission.

2. Build a PW between the AGG-1 and AGG-2 as the VRRP heart jumper to transfer
VRRP protocol message. When the ACC ring implements the switchover, this PW
will forward the data messages. The forwarding path is
ACC-2ACC-3ACC-4---AGG2PW---AGG-1.

3. PW can pass through the outer TE. When therere physical links between the
AGG-1 and AGG-2, the outer TE can initiate TE hot standby or TE FRR services.
The major path is AGG-1 and AGG-2. The standby path is

14 ZTE Confidential & Proprietary

 Technical Whitepaper on L2/L3VPN Bridging

AGG-1CORE-1---CORE-2---AGG-2. If theres no physical link between the

AGG-1 and AGG-2, only one TE path GG-1CORE-1---CORE-2---AGG-2 exists.

5 Abbreviation

Table 5-1 Abbreviation

Abbreviation Full Name

ACC Access

AGG Aggregate

aGW Access Gateway

BSC Base Station Controller

BTS Base Transceiver Station

CE Customer Edge

eNB Evolved Node B

EVPL Ethernet Virtual Private LAN

ISIS Intermediate System-to-Intermediate System

L2VE L2 Virtual Entity

LSR Label Switch Router

LTE Long Term Evolution

MME Mobility Management Entity

MPLS Multi-Protocol Label Switch

MPLS-TP Multi-Protocol Label Switch - Transport Profile

OSPF Open Shortest Path First

PE Provided Edge

PSN Packet Switch Network

PTN Packet Transport Network

PW Pseudo-Wire

QoS Quality of Services

RNC Radio Network Controller

sGW Serving Gateway

VPN Virtual Private Networks

ZTE Confidential & Proprietary 15

Technical Whitepaper on L2/L3VPN Bridging

Abbreviation Full Name

VRF VPN Routing & Forwarding

16 ZTE Confidential & Proprietary