RE: L2 vs L3 [7:73255]

[Creighton, Bill, NSPM]

Thanks for the kind words, Michelle!

Bill Creighton CCNP
Network Design Engineer, eVPN
NSPM AT&T Business Service Delivery
231 Martingale Rd. Suite 800
Schaumburg, IL 60173-2008
Office: 847-407-4108
Fax: 847-598-6400
Mobile:  630-290-7000
[EMAIL PROTECTED]


> -Original Message-
> From: Truman, Michelle, RTSLS 
> Sent: Thursday, July 31, 2003 12:33 PM
> To: [EMAIL PROTECTED]
> Subject: RE: L2 vs L3 [7:73255]
> 
> 
> Actually John, contrary to what was stated, AT&T has a really great
> bunch of pre-sales engineers who do give customers lots of 
> time, and the
> time of day if they need it, to talk about VPN's. Not to 
> mention lots of
> support on the backend if you are already a customer. We've 
> been running
> 2547 VPN's since 1998 over Fr/ATM and since 2000 over our IP backbone.
> Customers using VOIP really like our VPN's because they have inherent
> full mesh topologies and built in QOS using CBFWQ/LLQ/WRED.
> 
> L2 VPN's are for carriers who don't have other choices, such 
> as Sprint,
> which has IP globally, but not frame relay. They are able to provide a
> global VPN that way. They didn't really have a choice. Now, they have
> totally done an about face due to massive customer pressure and are
> implementing 2547 after saying for years that it wasn't necessary,
> sucks, etc. 
> 
> the industry choice appears to be 2547 though you can't 
> forget the Qwest
> solution as it is popular with many customers. L2 is nice for 
> end to end
> routing control also. But only if you NEED full mesh. 
> Otherwise, there's
> nothing wrong with good old fashioned FR and ATM pvc's. 2547 VPN's are
> different and require some thought, because you are 
> essentially routing
> WITH your carrier instead of transparently to your carrier. 
> 
> Michelle
> 
> Michelle Truman   CCIE # 8098
> Principal Technical Consultant
> AT&T Solutions Center
> mailto:[EMAIL PROTECTED]
> Work: 651-998-0949 
> 
> 
> 
> 
> 
> -Original Message-
> From: John Neiberger [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 31, 2003 10:55 AM
> To: [EMAIL PROTECTED]
> Subject: Re: L2 vs L3 [7:73255]
> 
> 
> >You have a lot of options.  I recommend Sprint first, then Level-3,
> >then GX.  Unless you are already in bed with Qwest or AT&T, they
> >won't give you the time-of-day for support (and you are going to
> >need good support for an offering like this).  In particular, I
> >recommend Sprint's PW option (UTI on Cisco GSR), and Level-3's
> >(3)Packet MPLS-VPN option (Martini L2VPN on Laurel Networks).
> >
> 
> I just checked the Sprintbiz site and they seem to offer a 
> network-based
> IP
> VPN and a CPE-based IP VPN. It appears to me that these are both L3
> VPNs.
> It's hard to find much more than marketing materials on their site,
> though,
> and I'd love to read more details. Are those the Sprint services you
> were
> referring to?  And what is the PW option you refer to?
> 
> I've already read a little about the Level-3 MPLS-VPN and it sounded
> like a
> good option but we come back to the full-mesh issue. It would 
> take over
> 5300
> PVCs to create a full mesh with their L2 VPN. A full mesh isn't a
> requirement, but it is a very nice feature of the Qwest PRN 
> service and
> given our network design and traffic flow, that is a great benefit.
> 
> John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73304&t=73255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: L2 vs L3 [7:73255]

[John Neiberger]

 John Neiberger 7/31/03 10:36:14 AM >>>
>>You have a lot of options.  I recommend Sprint first, then Level-3,
>>then GX.  Unless you are already in bed with Qwest or AT&T, they
>>won't give you the time-of-day for support (and you are going to
>>need good support for an offering like this).  In particular, I
>>recommend Sprint's PW option (UTI on Cisco GSR), and Level-3's
>>(3)Packet MPLS-VPN option (Martini L2VPN on Laurel Networks).
>>
>
>I just checked the Sprintbiz site and they seem to offer a network-based
IP
>VPN and a CPE-based IP VPN. It appears to me that these are both L3 VPNs.
>It's hard to find much more than marketing materials on their site,
though,
>and I'd love to read more details. Are those the Sprint services you were
>referring to?  And what is the PW option you refer to?
>
>I've already read a little about the Level-3 MPLS-VPN and it sounded like
a
>good option but we come back to the full-mesh issue. It would take over
5300
>PVCs to create a full mesh with their L2 VPN. A full mesh isn't a
>requirement, but it is a very nice feature of the Qwest PRN service and
>given our network design and traffic flow, that is a great benefit.
>
>John

I hate to follow-up on my own posts but after further reading about Sprint's
IP VPN network it appears to be very similar to the Qwest PRN except that it
uses IS-IS at the core instead of OSPF, while they both appear to use IPSec
for tunneling. Could it be that they're both based on 2764?

I'm going to call our Sprint account rep and ask her about this service. She
could probably put me in touch with an engineer who could answer some of
these questions.

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73288&t=73255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: L2 vs L3 [7:73255]

[Truman, Michelle, RTSLS]

Actually John, contrary to what was stated, AT&T has a really great
bunch of pre-sales engineers who do give customers lots of time, and the
time of day if they need it, to talk about VPN's. Not to mention lots of
support on the backend if you are already a customer. We've been running
2547 VPN's since 1998 over Fr/ATM and since 2000 over our IP backbone.
Customers using VOIP really like our VPN's because they have inherent
full mesh topologies and built in QOS using CBFWQ/LLQ/WRED.

L2 VPN's are for carriers who don't have other choices, such as Sprint,
which has IP globally, but not frame relay. They are able to provide a
global VPN that way. They didn't really have a choice. Now, they have
totally done an about face due to massive customer pressure and are
implementing 2547 after saying for years that it wasn't necessary,
sucks, etc. 

the industry choice appears to be 2547 though you can't forget the Qwest
solution as it is popular with many customers. L2 is nice for end to end
routing control also. But only if you NEED full mesh. Otherwise, there's
nothing wrong with good old fashioned FR and ATM pvc's. 2547 VPN's are
different and require some thought, because you are essentially routing
WITH your carrier instead of transparently to your carrier. 

Michelle

Michelle Truman   CCIE # 8098
Principal Technical Consultant
AT&T Solutions Center
mailto:[EMAIL PROTECTED]
Work: 651-998-0949 





-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 31, 2003 10:55 AM
To: [EMAIL PROTECTED]
Subject: Re: L2 vs L3 [7:73255]


>You have a lot of options.  I recommend Sprint first, then Level-3,
>then GX.  Unless you are already in bed with Qwest or AT&T, they
>won't give you the time-of-day for support (and you are going to
>need good support for an offering like this).  In particular, I
>recommend Sprint's PW option (UTI on Cisco GSR), and Level-3's
>(3)Packet MPLS-VPN option (Martini L2VPN on Laurel Networks).
>

I just checked the Sprintbiz site and they seem to offer a network-based
IP
VPN and a CPE-based IP VPN. It appears to me that these are both L3
VPNs.
It's hard to find much more than marketing materials on their site,
though,
and I'd love to read more details. Are those the Sprint services you
were
referring to?  And what is the PW option you refer to?

I've already read a little about the Level-3 MPLS-VPN and it sounded
like a
good option but we come back to the full-mesh issue. It would take over
5300
PVCs to create a full mesh with their L2 VPN. A full mesh isn't a
requirement, but it is a very nice feature of the Qwest PRN service and
given our network design and traffic flow, that is a great benefit.

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73293&t=73255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: L2 vs L3 [7:73255]

[John Neiberger]

>You have a lot of options.  I recommend Sprint first, then Level-3,
>then GX.  Unless you are already in bed with Qwest or AT&T, they
>won't give you the time-of-day for support (and you are going to
>need good support for an offering like this).  In particular, I
>recommend Sprint's PW option (UTI on Cisco GSR), and Level-3's
>(3)Packet MPLS-VPN option (Martini L2VPN on Laurel Networks).
>

I just checked the Sprintbiz site and they seem to offer a network-based IP
VPN and a CPE-based IP VPN. It appears to me that these are both L3 VPNs.
It's hard to find much more than marketing materials on their site, though,
and I'd love to read more details. Are those the Sprint services you were
referring to?  And what is the PW option you refer to?

I've already read a little about the Level-3 MPLS-VPN and it sounded like a
good option but we come back to the full-mesh issue. It would take over 5300
PVCs to create a full mesh with their L2 VPN. A full mesh isn't a
requirement, but it is a very nice feature of the Qwest PRN service and
given our network design and traffic flow, that is a great benefit.

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73285&t=73255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: L2 vs L3 [7:73255]

[John Neiberger]

> ""John Neiberger""  wrote in message ...
> > bulk of their traffic. When considering a move to VoIP or expanded
> > video conferencing this can create some traffic shaping issues.
>
> For VoIP, you want to consider a control/data plane that makes this
> traffic forwarding optimal...the topology is of less concern, no?

The topology is not much of a concern for VoIP. Assuming point-to-point
links we'd need each location to have at least two routes back to the hub
for other reasons. This increased the number of frame relay PVCs at each
location, which in turn caused over-restrictive-yet-necessary traffic
shaping issues.

>
> > traffic shaping. In fact, traffic shaping might not be necessary;
> > LLQ might be all that is necessary. I'll have to ponder that some
> > more.
>
> You'll probably want outbound queue and drop mechanisms on a
> class-based model (e.g. CBLLQ with WRED).  Shaping and FR
> Interworking seem to over-complicate what you are trying to do.
>
> > Regardless, with a 2764-style VPN like the Qwest PRN we'd end up
> > with a fully-meshed network where all nodes appear to be one-hop
>
> Where did you read that L2VPN's (or L2TPv3 Pseudowires) don't do
> full-mesh?

I guess that was an assumption. After reading the interview with Martini I
took a look at Level3's offering and it is point-to-point. In my mind I just
assumed that meant more of a traditional hub-and-spoke design and not a full
mesh. A full mesh in our network would require the creation and management
of over 5300 PVCs. Is that reasonable?

>
> > on a per-PVC basis. Since we're still considering moving to IP
> > Telephony and we're expanding our use of video conferencing this
>
> You have a lot of options.  I recommend Sprint first, then Level-3,
> then GX.  Unless you are already in bed with Qwest or AT&T, they
> won't give you the time-of-day for support (and you are going to
> need good support for an offering like this).  In particular, I
> recommend Sprint's PW option (UTI on Cisco GSR), and Level-3's
> (3)Packet MPLS-VPN option (Martini L2VPN on Laurel Networks).

I haven't checked into Sprint yet and I've just browsed through the
marketing blurbs of Level-3's option. We are heavily in bed with Qwest, but
they also have the benefit of infrastructure in Denver. They might even be
better prepared to handle our network than Level-3. I don't know if these
other providers have the infrastructure in Colorado to support our network.

As an example, I checked into one offering over a year ago--I think it was
Worldcom, but I'm not sure--and they only had a single POP in Denver, and
there may have been only a single router, with some redundancy, to handle
our entire network. That sounded a little silly to me. Do you really get the
benefit of MPLS when your traffic never leaves the router?  :-)  Besides,
they also said that they would have to especially provision new big pipes
out to some outlying cities in order to reach many of our branches. It would
simply have been too much of a pain to deal with.

At least with Qwest our connectivity would be quite diverse and there
wouldn't be a single point of failure. Perhaps competitor's networks have
been built out enough that this is no longer an issue. Regardless of the
possibilities of failure, Qwest can reach *every* branch--including the few
in California--right now.

Still, I will check further into these other options. I'm really enjoying
learning about the possibilities.

>
> Any other VPN offering sounds iffy to mecoming from my experience,
> but you should seek other opinions and do a full analysis for
> yourself.  I had never even heard of RFC 2764 before, and I've
> never been impressed by the Passport/Accelar/etc.

The Qwest PRN runs on the Shasta BSN-5000 platform.

>
> > My feeling after spending a few days reading about this is that
> > given a moderately large hub-and-spoke network, a L3 VPN might be
> > of more benefit than a L2 VPN.
>
> I'm curious as to how you came to this conclusion, what did you
> read/hear?
>
> -dre

That was only an initial supposition, really, not a solid position, and
that's based primarily on my assumption that a full mesh with an L2 VPN
would be cumbersome. If that's not true then I'll have to rethink my
supposition.  Keep in mind that I'm a newby with this VPN stuff.  :-)  It's
very interesting but I've really only digging into it deeply for a handful
of days.

Many thanks,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73262&t=73255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: L2 vs L3 [7:73255]

[dre]

""John Neiberger""  wrote in message ...
> bulk of their traffic. When considering a move to VoIP or expanded
> video conferencing this can create some traffic shaping issues.

For VoIP, you want to consider a control/data plane that makes this
traffic forwarding optimal...the topology is of less concern, no?

> traffic shaping. In fact, traffic shaping might not be necessary;
> LLQ might be all that is necessary. I'll have to ponder that some
> more.

You'll probably want outbound queue and drop mechanisms on a
class-based model (e.g. CBLLQ with WRED).  Shaping and FR
Interworking seem to over-complicate what you are trying to do.

> Regardless, with a 2764-style VPN like the Qwest PRN we'd end up
> with a fully-meshed network where all nodes appear to be one-hop

Where did you read that L2VPN's (or L2TPv3 Pseudowires) don't do
full-mesh?

> on a per-PVC basis. Since we're still considering moving to IP
> Telephony and we're expanding our use of video conferencing this

You have a lot of options.  I recommend Sprint first, then Level-3,
then GX.  Unless you are already in bed with Qwest or AT&T, they
won't give you the time-of-day for support (and you are going to
need good support for an offering like this).  In particular, I
recommend Sprint's PW option (UTI on Cisco GSR), and Level-3's
(3)Packet MPLS-VPN option (Martini L2VPN on Laurel Networks).

GX has a lot of MPLS-VPN experience with both Cisco GSR and Juniper
(but their financials are up in the air and Juniper T-series is a
poor platform for low-latency because of the sequence error and
other problems - however, knowing GX engineers they probably already
worked around these).  As a fourth option, I would even look at
C&W over Qwest/others - even though they are leaving the US
marketbecause their PW offering (very similar to Sprint's) is
also top-notch.  Maybe something good will happen to GX and C&W?

Any other VPN offering sounds iffy to mecoming from my experience,
but you should seek other opinions and do a full analysis for
yourself.  I had never even heard of RFC 2764 before, and I've
never been impressed by the Passport/Accelar/etc.  And I'm definitely
not a Qwest fan (except maybe old school USWest FR, the !NTERPRISE
Networking Services group was probably some of the best carrier
services I have ever received in my life -- they were actually
proactive about customer outages and would call you within seconds
of your service going down).

> My feeling after spending a few days reading about this is that
> given a moderately large hub-and-spoke network, a L3 VPN might be
> of more benefit than a L2 VPN.

I'm curious as to how you came to this conclusion, what did you
read/hear?

-dre




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73260&t=73255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VPNs: L2 vs L3 [7:73255]

[John Neiberger]

As some of you can tell I'm on a VPN-related kick lately. Sorry.   

I just finished reading an interview with Luca Martini and that got me
interested in finding out more about L2 VPNs. I'm already getting fairly
familiar with RFC 2764-style L3 VPNs, particularly Qwest's PRN offering.
After reading the interview I checked into Level3's (3)Packet Data Services
solution and it seems to be pretty cool, as well.  However, I'm still
leaning toward L3 VPNs and here's why.

Right now we have a frame relay network where most of our locations has at
least two or three PVCs and sometimes as many as four or five that carry the
bulk of their traffic. When considering a move to VoIP or expanded video
conferencing this can create some traffic shaping issues. For example, in
frame relay you want to shape your traffic such that no PVC can burst over
its CIR. If you have three PVCs that limits each of them to 512k even when
no critical traffic is present! This is not flexible, and during our VoIP
testing it really irritated our LAN group who were used to transferring
large amounts of data at night to these locations.

As I understand L2 VPNs, at least the Martini/Level3 variety, we'd still end
up with a large, hub-and-spoke, point-to-point network and hence would have
similar traffic shaping issues. Perhaps the big benefit is that we don't
have the CIR limitation so we might not have to be so restrictive with our
traffic shaping. In fact, traffic shaping might not be necessary; LLQ might
be all that is necessary. I'll have to ponder that some more.

Regardless, with a 2764-style VPN like the Qwest PRN we'd end up with a
fully-meshed network where all nodes appear to be one-hop away from all
other nodes. It's a multipoint solution where each location gets to use the
full access pipe into the network without worrying about shaping or queueing
on a per-PVC basis. Since we're still considering moving to IP Telephony and
we're expanding our use of video conferencing this provides some amazing
benefits from a functional perspective but it also greatly reduces the
complexity of our router configuration. There are some operational
trade-offs but I think those are workable.

My feeling after spending a few days reading about this is that given a
moderately large hub-and-spoke network, a L3 VPN might be of more benefit
than a L2 VPN.

Any thoughts?

Thanks,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73255&t=73255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]