|
Posted by Steinar Haug on July 26, 2006, 8:09 am
If you were Registered and logged in, you could reply and use other advanced thread options
> > Most definitely. There is no uniformly agreed upon definition of "network
> > VPN" - but as we implement it:
>
> The expression "network based VPN" is defined in Y.1311 ITU-T
> Recommendation :
>
> "The term "network based" is used to distinguish the network provider
> solutions described in this Recommendation [Y.1311] from VPN solutions
> which are implemented solely through the use of customer equipment
> based solutions. Whenever the term "VPN" is used in this Recommendation
> it shall be taken to mean a "network-based VPN".
That's fine - but remember that not everybody thinks ITU-T Y.1311 has
any special significance. Personally I think that this definition makes
sense.
> > - VPN normally means a Layer 3 VPN, implemented using MPLS (RFC 2547).
> > It can be hub and spoke, full mesh or several other variants - but for
> > instance the "full mesh" really comes for free.
>
> SSL VPN is layer 4,
> HTTP VPN is application layer,
These are both normally implemented with customer equipment.
> ATM VPN is layer 2...
Yup - but ATM is on its way out and isn't particularly relevant here.
> and it's real VPN, with tunnelling.
>
> > - VPLS means a Layer 2 multipoint (full mesh) network. This used to be
> > implemented with classical Ethernet switches, and the multipoint/full
> > mesh came more or less for free.
>
> OK, we are talking in network povider as it is said in Y.1311.
That's what I'm talking about also.
> > However, if you have a network large
> > enough that simply connecting Ethernet switches is impractical, you
> > need VPLS (which comes in two incompatible variants) - and multipoint/
> > full mesh no longer comes for free.
>
> I don't understand, could you please precise this.
Some providers try to create large L2 networks by connection Etnernet
switches. At some point they usually find that this doesn't scale well
enough, which is where other technologies (e.g. VPLS) come to the rescue.
> > > It would seem that a VPLS is a multipoint-to-multipoint connection in a
> > > transport network, unlike to a network VPN that would be
> > > point-to-point. Do you agree that difference, and are there others?
> >
> > No, the difference is usually L2 versus L3.
>
> Now, I rather would say Ethernet multipoint versus :
>
> (1) non Ethernet multipoint (as L2 multipoint MPLS, or multipoint ATM
> through AAL5 frames) or
> (2) Ethernet point-to-point.
What is "L2 multipoint MPLS"?
I stand by my claim that the difference between VPLS and "network VPN"
is usually L2 versus L3.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map