Read about Ethernet Services that work for you:
- Bandwidth that supports the growth of your business
- Secure Ethernet safe from Internet-based threats
- Cost effective Multi-Site Connectivity
EVPL-based hub & spoke and EP-LAN-based any-to-any WAN implementations can achieve secure, high performance multi-site connectivity with full IP transparency. The primary benefits of a hub and spoke EVPL-based implementation are centralized traffic routing and the flexibility and granularity to engineer and manage bandwidth and QoS performance for each site.
The primary benefit of an EP-LAN any-to-any implementation is the simplicity of adding new sites. Once a new site’s UNI is added to an existing EVC, one’s service attaching switch or router at each site will auto-learn the connectivity to all other sites.
Interconnecting three or more sites across a metro or wide area network has traditionally been accomplished via a hub and spoke network topology using Private Lines, Frame Relay or IP VPNs over the Internet. Ethernet services support hub and spoke topologies but also support an “any-to-any” network topology similar to a LAN but delivered over a wide area. This latter capability is unique to Ethernet services and cannot be cost effectively delivered using legacy point-to-point technologies such as Frame Relay or IP VPNs.
This paper discusses two options for multi-site connectivity using Ethernet service. Through examples, the paper illustrates the capabilities of the two approaches and their benefits.
ETHERNET OR IP VPNs FOR MULTI-SITE WAN CONNECTIVITY?
Because most applications today are IP-based, one may presume that IP VPNs are more suited than Ethernet VPNs. While both types of VPNs have their usage in the network and can provide similar connectivity, there are three significant benefits that Ethernet VPNs have over IP VPNs, namely, Security, QoS Performance and IP Transparency.
Ethernet services do not use Layer 3 IP routing protocols since Ethernet does not need them for making traffic forwarding decisions. Therefore, Ethernet services are immune to Layer 3 Internet-based threats across the WAN because they do not traverse the Internet as IP VPNs do. While the payload for IP VPNs is encrypted, the “outer” IP header is not and is therefore vulnerable to popular Internet-based threats such as IP denial of service (DoS) attacks.
Because Ethernet services run over the service provider’s managed network and not the Internet, the service provider can better control the end-to-end packet latency, packet loss and service availability. This results in more predictable WAN QoS performance when compared to running an IP VPN over the Internet.
Ethernet services do not require IP routing information to be shared or coordinated with the service provider. This enables one to use their existing IP addressing and gives them the freedom to use any IP address as they expand their network or applications. Furthermore, if they need to support IPv6 applications, Ethernet services support these transparently. With an IP VPN, one needs to find a service provider that can support IPv6 or needs to purchase and manage routers that perform IPv6 to IPv4 conversion. This is unnecessary with Ethernet services.
Figure 1: Hub & Spoke Implementation using EVPLs
In a hub and spoke topology, spoke sites need to connect through the hub site to communicate with any other site. Since the hub site performs traffic routing among all sites, network operations personnel managing the hub site router are responsible for all route configuration and management to interconnect the remote spoke sites. The EVPLs provide connectivity between the spoke sites and the hub site but do not route traffic among the sites.
The benefit achieved with this approach is centralized traffic routing, requiring simpler and lower cost routers to attach to the EVPL at the spoke sites since these locations only need to make a direct, point-to-point connection to the hub site.
EP-LAN for “any-to-any” connectivity
An Ethernet Private LAN (EP-LAN) service provides any-to-any connectivity using a multipoint-to-multipoint (MP2MP) EVC between Ethernet UNIs on one’s service attaching equipment. EP-LANs enable all sites connected to the MP2MP EVC to communicate with each other over the WAN. An EP-LAN behaves like a LAN but over a wide area. The EP-LAN can support multiple classes of service providing different bandwidth and performance for each application supported over the EP-LAN.
A single EP-LAN service is ordered to connect all sites. All sites are interconnected via a single MP2MP EVC. Refer to Figure 2. With this type of connectivity, the Ethernet Service Provider performs all the switching, enabling each site to communicate with any other site. Since a single EVC is present at each UNI, centralized routing is not required as with an EVPL-based hub and spoke implementation.
Figure 2: Multipoint Implementation using EP-LAN
One benefit achieved with this approach is simplicity in adding new sites to the shared EP-LAN service across the WAN. Routers at each site are able to automatically discover and reach all sites with no additional device configuration changes. Therefore, once a new site is added to the MP2MP EVC, the routers learn the other site addresses and are able to quickly communicate with them.
Another benefit is that an EP-LAN service provides VLAN transparency meaning that one can use any VLAN ID across their WAN, including those used on the LAN. This is possible because, with an EP-LAN service, the Ethernet service provider doesn’t use any VLAN IDs for traffic forwarding.
DIFFERENCES BETWEEN HUB & SPOKE AND ANY-TO-ANY ETHERNET IMPLEMENTATIONS
There are some significant differences to understand between an EVPL-based hub & spoke and an EP-LAN-based any-to-any WAN implementation. In addition to differences in service pricing and availability, assessing one’s applications will help determine the more appropriate Ethernet service to meet their business requirements.
When adding bandwidth to any EVPL WAN implementation, one can add more EVC bandwidth while keeping the UNI speed the same provided that the EVC bandwidth does not exceed the UNI’s physical port speed, e.g., 10 Mbps, 100 Mbps, 1 Gbps, 10 Gbps or 100 Gbps. Otherwise, one must upgrade to a higher speed port. This will result in additional CapEx if a new, higher-speed Ethernet port must be added to one’s existing router and additional service cost (OpEx) if the Ethernet service provider needs to upgrade their customer premises equipment. If one’s existing router is not upgradeable, a new device will need to be purchased.
Figure 3: Adding EVC Bandwidth in EVPL-based Hub & Spoke Implementation
With an EVPL-based hub and spoke implementation, one can selectively apply EVC bandwidth upgrades to those spoke sites that require the higher bandwidth. EVPL EVCs to other spoke sites remain unaffected. Since the P2P EVC interconnects the spoke site to the hub site, one must ensure that the hub site UNI speed can support the new higher EVC bandwidth. Refer to Figure 3.
When adding bandwidth to an EP-LAN implementation, one needs to increase bandwidth for the MP2MP EVC at the particular site. Refer to Figure 4. If the EVC bandwidth exceeds the UNI’s port speed, one must upgrade to a higher speed port resulting in a service disruption at Site 2. In Figure 4, Site 2’s EVC bandwidth is increased by 40 Mbps resulting in 120 Mbps of EVC bandwidth. This requires the 100 Mbps Ethernet UNI port to be upgraded to 1 Gbps which is the next higher Ethernet port speed. While Site 2’s EVC bandwidth has been increased, the other sites’ EVC bandwidth remains unchanged.
Figure 4: Adding EVC Bandwidth to EP-LAN Implementation
By planning ahead, one can avoid this service disruption by initially using a UNI that is one speed higher than required to support the current EVC bandwidth needs. While in 2011 there is a significant cost difference between 1 Gbps and 10 Gbps, 10 and 100 Mbps are essentially the same cost and many newer devices support multi-rate 10/100/1000 Mbps electrical interfaces for only a relatively small incremental cost.
Adding a site to an existing EVPL-based hub and spoke implementation requires a new EVPL service to connect the new spoke site to the existing hub site. No additional Ethernet UNI ports need to be added or installed on the hub site router provided there is sufficient UNI bandwidth available to support the new spoke site EVC and existing EVCs. One just adds the new EVPL EVC and a new UNI for the new spoke site. All spoke site EVCs are multiplexed onto a single UNI at the hub site. Refer to Figure 5.
Figure 5: New Spoke Site added to EVPL Implementation
Adding the EVC to the hub site router requires a software configuration change in the device which may require a reboot to activate the change. This can be scheduled during normal maintenance periods to minimize disruptions to users or applications at the spoke sites.
Adding a site to an existing EP-LAN service does not require adding a new EP-LAN EVC to connect the new site. One just adds a UNI to connect to the existing EP-LAN’s MP2MP EVC. Refer to Figure 6. Unlike with a hub and spoke implementation, the other sites remain operational and unaffected as the new UNI at site 4 is added to the EVC.
Figure 6: New site added to existing EP-LAN Implementation
Traffic Flow Patterns
A hub and spoke EVPL-based WAN implementation is a good approach if most of the communications are to a particular site, e.g., regional sites connecting to a headquarters site or to a data center. This implementation is also well suited for centralized IT management of Internet access, email and storage. An any-to-any EP-LAN WAN implementation is a good approach when regular communications are required between two or more sites. This eliminates the need for all traffic to traverse a centralized hub site.
A hub and spoke EVPL-based WAN implementation enables bandwidth, packet latency and packet loss to be more granularly engineered and managed per site. The traffic patterns and behavior of one spoke site do not impact other spoke sites since each spoke site only connects to a hub site. Each site’s different EVC bandwidth and QoS performance requirements can be unique and each site’s WAN costs can be more accurately allocated per site. While this flexibility adds some complexity, the application and site requirements may dictate this type of Ethernet WAN architecture.
An any-to-any EP-LAN WAN implementation enables bandwidth to be increased at a site or new sites added to an existing EVC without impacting other connected sites. This enables IT WAN managers to easily add new sites or upgrade bandwidth at only those sites that require it. Since the EP-LAN is a shared resource, bandwidth management and QoS performance are more complex than a hub and spoke implementation and may need to be monitored more closely. Nonetheless, this approach can support many applications requiring different QoS performance such as IP telephony (VoIP) and IP video.
EVPL-based hub & spoke and EP-LAN-based any- to-any WAN implementations can achieve secure, high performance multi-site connectivity with full IP transparency. The primary benefits of a hub and spoke EVPL-based implementation are centralized traffic routing and the flexibility and granularity to engineer and manage bandwidth and QoS performance for each site.
The primary benefit of an any-to-any EP-LAN implementation is the simplicity of adding new sites. Once a new site’s UNI is added to an existing EVC, one’s service attaching switch or router at each site will auto- learn the connectivity to all other sites.
REFERENCES AND RESOURCES
Understanding Business Ethernet Services, Comcast White Paper
Metro Ethernet Services – A Technical Overview, Ralph Santitoro, Metro Ethernet Forum
ABOUT COMCAST BUSINESS ETHERNET
Comcast offers a complete range of MEF certified business Ethernet services including Ethernet Private Line, Ethernet Virtual Private Line, Ethernet Network Service (MEF E-LAN compliant) and Ethernet Dedicated Internet. Each service is offered with a 10 Mbps, 100 Mbps, 1 Gbps, or 10 Gbps Ethernet port in customer-selectable bandwidth increments ranging from 1 Mbps to 1 Gbps. For more information or to request a consultation about Comcast’s Business Ethernet Services, please visit http://business.comcast.com/ethernet.