No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - VPN

S7700 and S9700 V200R013C00

This document describes the configurations of VPN, including GRE, IPSec, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, VPLS, L2VPN Access to L3VPN.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of L2VPN Access to L3VPN

Overview of L2VPN Access to L3VPN

By using Layer 2 Virtual Private Network (L2VPN) tunnels, users can access L3VPN services of the public network or bearer network. This reduces user information maintained on the access device. In this manner, low-end devices can be deployed on access networks, lowering the networking cost.

Multiprotocol Label Switching (MPLS) is widely applied in networks because it features high reliability, high security, and sound IP-based operation and maintenance capabilities, and supports Quality of Service (QoS). L2VPN provides MPLS-based L2VPN services and transparently transmits Layer 2 data over an MPLS network. L2VPN provides a tunnel for transmitting data. This reduces the number of Label Switching Paths (LSPs) maintained by transit nodes.

Figure 8-1  Networking diagram of traditional L2VPN access to L3VPN

On a traditional network, a Provider Edge Aggregation (PE-AGG) and a Network Provider Edge (NPE) are used to connect the access network to the bearer network or L3VPN. In this manner, an L2VPN can access the public network or L3VPN.

As shown in Figure 8-1, the User Provider Edge (UPE) device is responsible for accessing user sites by creating an L2VPN tunnel to the PE-AGG over the access network. The PE-AGG terminates the L2VPN and connects to the NPE. An L3VPN is set up between the NPE and another common PE on the bearer network of the carrier. As a CE of the L2VPN, the NPE connects to the PE-AGG. For the L3VPN on the bearer network, CE1 accesses the L3VPN through the leased line emulated by the L2VPN.

Figure 8-2  Networking diagram of L2VPN access to L3VPN supported by the switch

If an NPE device can provide the functions of both the PE-AGG and NPE, it helps lower the networking cost and simplify the network. As shown in Figure 8-2, the switch functions as an NPE, and it terminates the L2VPN and connects to the L3VPN through a Virtual Ethernet Group (VE group). Therefore, the switch realizes the functions of both the PE-AGG and NPE on the traditional network.

In a VE-Group, the VE interface used to terminate the L2VPN is called Layer 2 Virtual Ethernet (L2VE), and that used to connect to the L3VPN is called Layer 3 Virtual Ethernet (L3VE).

Updated: 2019-04-08

Document ID: EDOC1100065751

Views: 32511

Downloads: 50

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next