P1: IXL
Virtual ̇Private WL040/Bidgolio-Vol I WL040-Sample.cls August 14, 2003 17:53 Char Count= 0
582 VIRTUALPRIVATENETWORKS:INTERNETPROTOCOL(IP) BASEDFigure 2: Example of two connection-oriented VPNs in a shared public network.The switch routes the packet, frame, or cell to the outgoing
physical interface using an internal switching fabric and
“switches” the label to the outgoing label retrieved from
the lookup table. The example in the figure uses patterns
for the packets to trace the result of the label-switching
operation implemented by the lookup tables on the input
side of each port. Of course, contention may occur for the
output port in a label switch if multiple packets are des-
tined for the same output. Typically, label switches must
implement some form of queuing to handle this situa-
tion.
An L2 network consists of a number of label switches
implementing the basic function described above. Typi-
cally, these switches also implement a number of other
features related to connection establishment, traffic con-
trol, QoS, congestion control, and the like. Some form of
routing, signaling, and/or network management protocol
establishes a consistent sequence of label-switching map-
pings in the lookup tables to form a logical connection that
can traverse multiple nodes. When the network is connec-
tion oriented, for example in FR, ATM, and MPLS, we call
the allowed pairwise communication a virtual circuit or
connection (VC). For a connectionless L2 network, such
as the Ethernet, we call the set of sites that are allowed to
communicate a virtual local area network.
Figure 2 illustrates a public connection-oriented net-
work supporting two disjoint VPNs. Shaded boxes repre-
sent equipment from different enterprises at various sites
connected to triangles that represent provider-edge (PE)
label switches. The label-switched connection-oriented
network implements disjoint virtual connections (either
permanent or switched) between different enterprise
nodes, as indicated by dashed lines of different styles in
the figure. A connection-oriented label-switched network
operates very much like a private line network, but it uses
virtual connections instead of real ones. The important
difference is that the service provider switches utilize label
switching instead of Time Division Multiplexing (TDM)
cross-connects to logically share trunk circuits between
multiple enterprise VPNs. Thus, a connection-oriented
VPN can be a plug-compatible replacement for a private-line-based network. This has a number of advantages.
First, the granularity of capacity allocation is much finer
with a label switch than with that implemented in the rigid
TDM hierarchy. Second, if the traffic offered by the enter-
prises is bursty in nature, the service provider network can
efficiently multiplex many traffic streams together. Finally,
the shared public network achieves economies of scale by
utilizing high-speed trunk circuits that have a markedly
lower cost per bit per second (bps) than lower-speed links
do.
X.25 was the first connection-oriented data VPN, but
it is now being phased out. X.25 pioneered a VPN con-
cept called a closed user group (CUG), which is similar to
that of an intranet or extranet. In the late 1980s, FR fol-
lowed X.25, simplifying the protocol and, hence, improv-
ing the price-performance ratio. FR pioneered the impor-
tant VPN concept of per-connection traffic management
and some simple responses to congestion. ATM was the
successor to FR, in the mid-1990s, focusing on a fixed
cell size to ease hardware implementation and achieve
high performance. ATM borrows heavily from the sig-
naling protocols of the narrowband integrated services
digital network (ISDN), the traffic management concepts
of FR, and automatic topology discovery from IP. ATM
standards significantly extended the concept of QoS and
more precisely defined traffic management, these being
the hallmarks of ATM. In some ways, MPLS is an en-
hancement of ATM: It provides most of the same capabili-
ties but also adds some useful extensions and refinements
tailored to the support of IP. MPLS overcomes the inef-
ficiency caused by the partial fill of the last fixed-length
ATM cell when carrying variable-length packets in AAL5.
MPLS also supports a more flexible hierarchical aggrega-
tion of connections and supports loop detection as well.
The design of MPLS also allows tighter integration than
did ATM of connection-oriented traffic engineering with
IP routing protocols in service provider backbones. Exten-
sions of these capabilities are also quite useful in support
of network-based VPNs.
A connectionless protocol like IP does not require a
signaling protocol because it does not use connections