Advantages and Disadvantages of MPLS Layer 3 VPNs
As previously mentioned, MPLS Layer 3 VPNs have a number of significant advantages for service providers and enterprises alike. These advantages include the following:
MPLS Layer 3 VPNs offer an extremely scalable VPN architecture that can scale to thousands of customer sites and VPNs.
MPLS Layer 3 VPNs can be offered as a managed service by a service provider to enterprise customers, or implemented by enterprises themselves to provide clear partition between business units or services.
MPLS Layer 3 VPNs allow an enterprise to simplify their WAN routing. Customer Edge (CE) routers need only peer with one or more Provider Edge (PE) routers (as well as Customer [C] routers) rather than with all the other CE routers in the VPN.
MPLS Layer 3 VPNs allow any-to-any connectivity for enterprise customer sites, and can be configured to support quality of service (QoS) for real-time and business applications.
MPLS traffic engineering (an associated technology) allows service providers to optimally utilize network bandwidth, and support tight service-level agreements (SLA) with fast failover (fast reroute) and guaranteed bandwidth.
Disadvantages of MPLS Layer 3 VPNs include the following:
MPLS Layer 3 VPNs natively support IP traffic transport only. If customers want to support other protocols such as IPX, Generic Routing Encapsulation (GRE) tunnels must be configured between CE routers.
Some service providers do not support native IP multicast traffic transport between sites in MPLS Layer 3 VPNs (native support for IP multicast can be implemented using Multicast VPNs [MVPN, covered in Chapter 5, "Advanced MPLS Layer 3 VPN Deployment Considerations"]). If a service provider does not offer native IP multicast transport, multicast traffic must be tunneled between customer sites by configuring GRE tunnels between CE routers.
In an MPLS Layer 3 VPN, the customer does not have complete control of their WAN IP routing. CE routers at the customer VPN sites do not establish direct routing adjacencies, but must instead peer with PE routers.
MPLS Layer 3 VPNs are trusted VPNs, and although they offer similar traffic segregation and security to that offered by Frame Relay and ATM, they do not natively (by default) offer the strong authentication and encryption of secure VPNs such as IPsec. If encryption and authentication are required, however, it is possible to protect VPN traffic in transit between PE routers using either IPsec (see Internet Draft draft-ietf-l3vpn-ipsec-2547) or end-to-end between CE devices.
Now that you understand the main advantages and disadvantages of MPLS Layer 3 VPNs, it is time to move on to a discussion of their operation.