Académique Documents
Professionnel Documents
Culture Documents
Technical Whitepaper on
L2/L3VPN Bridging
1 Abstract
With the construction of commercial LTE network accelerating, there is a new demand
that data is horizontally forwarded. Core-layer PTN equipment is added with L3 function
(hereinafter referred to as the L3VPN solution) and core-layer PTN is interconnected to
CE router to meet the demands. The CE router solution introduces a variety of device
types and there are many difficulties in the device interconnection and network
maintenance, so technical focus is on the L3VPN solution. The L2/L3VPN bridging
technology described below is a key point to deploy the L3VPN solution.
L2/L3VPN bridging integrates L2VPN and L3VPN in one device and achieves logic
isolation and interworking of L2 Virtual Entity (L2VE) and L3 Virtual Entity (L3VE) in one
Virtual Group. It substantially reduces network complexity to implement end-to-end (ETE)
QoS features and deploy unified protection switching policy, while cutting OPEX.
L2VPN and L3VPN function as well as L2/L3VPN bridgings technical feasibility and
device maturities have been fully verified in large-scale networks and complex
environment.
PE1 and CE1 create a L2VPN to terminate a L2VPN packet and access the L3VPN
corresponding to PE2, while PE2 and CE2 create a L3VPN to terminate a L3VPN packet
and access the L2VPN corresponding to PE1.
The networking logic is clear. L2VPN and L3VPN are physically isolated from each other,
but there are the following problems:
The L2/L3VPN bridging solves the above problems. The fundamental idea is that PE1
and PE2 are integrated and the networking is shown as below:
PE is logically divided into two parts: one corresponding to L2 VPN is called L2 Virtual
Entity (L2VE), and the other corresponding to L3 VPN is called L3 Virtual Entity (Virtual
Group) which has both L2VPN and L3VPN features.
This solution saves network costs while significantly reducing network complexity. MPLS
label is available in the transport from CE1 to CE2 to implement ETE QoS features and
deploy the unified protection switching policy.
The paper describes L2VPN bridging to L3VPN. In the actual network, it can directly be
bridged to public network in the similar principle which is not repeated here.
Compared with traditional 2G/3G network, LTE is characterized by a flat network and the
introduction of S1 and X2 interfaces, as shown below:
S1 interface: Located between eNB-sGW. It connects and bears such user services
as UE HD VOD, HD video supervision, real-time RGB online games, music
downloads, mobile TV and high-speed Internet access. S1 interface needs flexible
dispatching to make eNB attributable to multiple sGWs.
Bearing demands for S1 interface: If several separate paths attributable to different sGW
are created for each base station, more connections lead to a dramatic increase in costs.
The IP route forwarding (L3VPN) should be introduced into bearer network to flexibly
forward services from different base stations to different sGWs. At present, the IP route
forwarding is generally deployed at aggregation/core scheduling layer to control route
domain to a small size for better manageability, scalability and security while remaining
the conventional L2VPN technology between access and aggregation layers.
forwarding (L3VPN) at the core dispatching layer of bearer network to avoid N squared
connection problem between adjacent base stations caused by X2 connected and
reduce network complexity and costs.
Aiming at the LTE bearing characteristics mentioned above, the industry's most widely
used solution is: A L2VPN is between access and aggregation layers, a simplified L3
VPN is between aggregation and core layers, and both are accessed at the aggregation
layer, as shown below:
As seen above, a packet is encapsulated with L2VPN PW and transmitted via E-Line at
access/aggregation layer, and is encapsulated with IP PW and forwarded via L3VPN at
core layer.
Simplified L3VPN means bearing L3VPN and L2VPN over MPLS-TP static tunnel like a
service, and having low requirements for VRF number, VPN route number and VPN
route control complexity. It gets a route in the following ways:
Statically configure L3VPN route: In this case a PTN device does not need to
support any dynamic protocol.
Release and learn L3VPN route through MP-BGP: In this case a PTN device just
needs to support simple BGP requirements such as basic protocol processing,
neighbour creation mechanism and MP-BGP.
In LTE network, there are various networking scenarios, in which each uses different
service deployment solutions based on different user needs. The following sections
analyze and introduce the common VPN application scenarios and service deployment
solutions in LTE network from different perspectives.
The application scenario of LTE bearing metro area scheduling is shown in the following
figure. The whole transport network is divided into four areas: A, B, C, and D. Among
these only A, B, and C are deployed with a core equipment room with SGW/MME
equipment set. D area is not deployed with core equipment room. In practical application,
eNB may be homed to multiple sGWs. Thus there is both scheduling inside the area and
cross-area scheduling. This requests PTN between core equipment rooms to connect by
OTN to provide cross-area scheduling channel.
Figure 3-4 Application scenario of LTE bearing scheduling inside metro area
The services beared by LTE are divided into two scenarios based on different sGW
locations:
Scenario of eNB communication with local aGW: sGW is connected with local core
layer PTN equipment. The networking is shown in Figure 3-5:
Scenario of eNB communication with remote sGW: sGW is connected with remote
core layer PTN equipment. The traffic can be transmitted to remote sGW by L3VPN
route forwarding of core layer PTN. The networking is shown in Figure 3-6.
In some application scenarios, access aggregation layer may not support L2VPN
besides VLAN. So we need to take direct access by local AC at core node (bridging
equipment).
The services beared by LTE are divided into two scenarios based on different eNB
access locations:
eNB gets access by PW established between access equipment and core node.
In the application scenario described above, different solutions can be adopted to deploy
bridging service based on the quantity and position of downlinking eNM of core node, as
well as different eNB neighborhood.
When there is few eNB uplinking to a core node, port+vlan can be used to deploy
bridging service. The networking is shown in Figure 3-7:
Figure 3-7 Scenario of eNB communication with local sGW typical networking of
port+vlan access
Firstly, each eNB is distributed with an independent VLAN and IP address. At the same
time, establish different P2P EVPL service between the access equipment and core
node respectively. Then terminate the EVPL services inside the core node by different
bridging virtual VLAN sub-interfaces, and take mapping of it to a particular VRF instance.
Take L3VPN route forwarding in VRF. And finally transmit it to local SGW/MME
equipment to realize eNB and sGW interconnection (S1 interface).
In this solution, the broadcast between eNB is totally separated. The core node saves all
eNB arp items so that the interconnected (X2 interface) between eNB communicate by
routing of core nodes. And they can interconnect only when they get access to the eNB
of the same L3VPN.
When there are a lot many eNB uplinking to a core node, port+vlan-range access can be
used to deploy bridging services. The networking is shown in Figure 3-8:
Figure 3-8 Scenario of eNB communication with local aGW typical networking of
port+vlan-range access
The working principles for this solution are similar to those for supervlan. Each eNB is
distributed with an independent VLAN but IP address doesnt need to be individually set.
They share the same gateway on the core node, which greatly optimizes IP address
management. There are two configurations for this solution:
Establish different P2P EVPL service between access equipment and core node.
Use the same bridging L2 virtual interface + different VLAN at core node to
terminate these EVPL services. Take the mapping of all EVPL services to a
particular VRF instance by a bridging L3 virtual VLAN-RAGE sub-interface. Then
take L3VPN route forwarding in VRF. Finally transmit it to local SGW/MME
equipment to realize interconnection (by S1 interface) of eNB and aGW.
Besides, ARP proxy should be initiated at core node to enable different eNB to learn ARP
from each other so as to realize their interconnection (by X2 interface).
The basic principles of this solution are similar to those of prot+vlan access. The main
difference lies in the fact that when eNB gets access, vlan tag cannot be carried or Vlan
is not cared about. Thus the bridging equipment must use port access.
As a special case, if Client MPLS PSN bears L3 or L3VPN service in Packet PW service
model, this situation can be seen as a L2VPN/L3VPN bridging application model.
As the figure 4-1 shows, LSR1 and LSR2 belong to the client MPLS PSN network, and
the PE devices (including PE1 and PE) belong to the server MPLS PSN, offering the
connections between the client LSRs. The AC used for access between the MPLS LSR
and PE are the virtual interface in the device. The Packet PW provides connections
between these virtual interfaces. The Packet PW can be used to transfer the necessary
L2 and L3 protocols between LSR1 and LSR2.
The figure 4-2 shows the packet PW forwarding model. In a short word, this model
includes three steps:
The Packet PW PE is composed by three parts: client layer LSR, PW processing unit and
service layer LSR. The following paragraph shows the basic principle of transferring the
client MPLS service in the Packet PW.
First of all, the PE device has an inbuilt LSR which decides the client next hop and
encapsulates the label required by the client next hop. Then the messages are sent to
the corresponding PW entities via which they are encapsulated with PW labels and sent
to the service layer LSR for future forwarding. When the messages are sent from the
server PSN to the egress PE, they have corresponding PWs through which the relating
PW entities can be found. As per the configuration, this entity is known as packet PW
type. The messages are sent to the client SRP for future processing.
As the figure 4-3 shows, the RNC communicates with the base station via the L3VPN.
The private network S1, S2 and S3 initate ISIS protocol. As theres no physical link
between the S1 and S2,ISIS neighbor can not be built. Therefore, when the physical
link between the S1 and S3 breaks down, the uplink streams can realize 50ms
switchover via the IP FRR. While, the downstream services need to use the L3VPN
protocols to implement dynamic convergence, which can not satisfy 50ms switchover.
Thus, in this condition, a PW Packet (virtual interface PW in the figure) between the S1
and S2 can be built to send ISIS messages. In this way, the IP FRR can also form on the
S1. The active link is the the direct link between the S1 and S2. The standby link runs
from S1 to S2 through the Packet PW, then it extends to the S3. The bridging devices
mentioned above can also initiate OSPF protocol.
ACC-1
AGG-1 CORE-1
CIP
ACC-2
VRRP TE
TE
RNC
PW L3VPN
ZESR+
VRRP
ACC-3 CIP
xgei_1/2
gei_3/12
AGG-2 CORE-2
ACC-4
As the figure 4-4 shows the base station and RNC implement 3G service transmission,
i.e. L3 VPN forwarding is implemented. The ACC devices in the following figure build
an access network with ZESR+ service initiated to implement L2 transparent
transmission. As the L3 gatway of the base station, the AGG-1 and AGG-2 initiate VRRP
protocol. In the real application, the physical link between the AGG-1 and AGG-2 could
either exist or not. So as a unified solution, L2L3 VPN bridging technology (VPLS bridges
to L3VPN) can be used. The specific way is :
2. Build a PW between the AGG-1 and AGG-2 as the VRRP heart jumper to transfer
VRRP protocol message. When the ACC ring implements the switchover, this PW
will forward the data messages. The forwarding path is
ACC-2ACC-3ACC-4---AGG2PW---AGG-1.
3. PW can pass through the outer TE. When therere physical links between the
AGG-1 and AGG-2, the outer TE can initiate TE hot standby or TE FRR services.
The major path is AGG-1 and AGG-2. The standby path is
5 Abbreviation
AGG Aggregate
CE Customer Edge
PE Provided Edge
PW Pseudo-Wire