Q & A
Cisco Systems® technology leader Ali Sajassi has found a better way to keep companies connected.
In an effort to reduce the cost and complexity of connecting branch offices, telecommuters, and other geographically disparate parts of modern corporations, Sajassi and several of his industry colleagues created a Virtual Private LAN Service (VPLS). VPLS is a type of virtual private network (VPN) but has several advantages over traditional VPNs. VPLS can easily connect multiple sites through a single connection to the service provider network. Also, it uses the ubiquitous Ethernet protocol for this connectivity, therefore greatly simplifying network provisioning and management at customer sites.
News@Cisco spoke with Sajassi about his innovation and how VPLS can make life easier for service providers and corporate network managers.
Q. What is virtual private LAN service (VPLS)?
A. Ali Sajassi: VPLS is a multipoint Ethernet service over an IP-based Multiprotocol Label Switching (MPLS) network, which provides connectivity between geographically dispersed customer sites across metropolitan-area networks (MANs) and WANs, as if they were connected through a LAN. It is "virtual" because customer connections share the same service provider infrastructure and facilities with other customers and applications. It separates the customer traffic using dedicated tunnels and databases per customer, thus providing a "private" service. This technology is a step forward from traditional VPNs, which were the first technology to provide this type of service. Both services were created to address the need for private WAN connections without the costs associated with leasing a dedicated line. But VPLS takes the traditional VPN concept a step forward by providing end-to-end connectivity in Ethernet, which greatly simplifies the process while lowering the costs, both for the service provider and for the end customer, meaning businesses. It also improves on VPNs because each customer site can connect to other sites using a single connection to the provider network, whereas traditional VPNs require each customer site to have multiple connections (one per remote site) to the provider network. Also by using the service provider MPLS/IP network, VPLS eliminates the need for having different infrastructures and networks for different VPN types and services.
Q. How does VPLS work?
A. Ali Sajassi: VPLS basically works the same way as a regular Ethernet-bridged LAN - that is, learning, forwarding, and flooding based on MAC addresses. However, it performs these functions not only on Ethernet physical interfaces but also on MPLS/IP virtual circuits (pseudowires), and is thus able to provide a bridged service over MPLS/IP networks and provide scalability much greater than existing LANs. Basically, I took one of the Cisco® technologies for creating multipoint VPN connections for MANs, called QinQ, and combined it with MPLS/IP. There are two reasons to use an MPLS/IP network in VPLS: to enable the service providers to offer many different services over the same MPLS/IP infrastructure, and to scale this service offering in terms of the number of customers supported to much more than existing LAN and QinQ MAN networks. The way VPLS works is by learning customer MAC addresses and forwarding customer data packets based on the address. To isolate customer MAC addresses from each other, it uses a separate filtering database per customer. And to limit the scope of broadcast domains for different customers, it uses a separate set of pseudowires for each customer.
Q. What are the biggest advantages of VPLS?
A. Ali Sajassi: A business can now connect its various LAN networks at different office sites with the same ease as if these sites were part of the office LAN. This greatly reduces configuration and management challenges. Ethernet interfaces are easy to use. However, the same cannot be said for traditional point-to-point interfaces such as Frame Relay, Point-to-Point Protocol (PPP), ATM, and others. VPLS replaces the use of traditional point-to-point interfaces with Ethernet interfaces.
Also, it offers multipoint capability, which is an improvement over traditional ATM or Frame Relay-based VPNs, which are point-to-point connections. That means a customer only needs a single Ethernet connection from each of its sites to the service provider network. Traditional VPNs, however, require many connections for each site (one connection per remote site) - a laborious undertaking.
Q. Why did you create VPLS?
A. Ali Sajassi: Like all Cisco innovations, it was inspired by our customers' requests. Service providers - both interexchange carriers (IXCs) and incumbent local exchange carriers (ILECs) - have been asking for such capabilities. They want to use their existing MPLS/IP infrastructure to offer new services and generate more revenues. And their corporate customers are looking for ways to connect their sites easily and inexpensively, and build data networks for increasingly dynamic business structures. Companies these days are less centralized, but corporations still want a dependably secure yet highly flexible way to link together all of their employees. VPLS answers that need by improving on traditional VPNs with easier deployment capabilities and more flexible configurations.
Q. What is the current deployment status of VPLS?
A. Ali Sajassi: Some telecommunications companies, such as SBC, are now starting to deploy VPLS. The solution is new and, like all telecommunications technologies, it needs time in real deployments to mature. But the interest in VPLS is strong. Service providers and business network managers want better ways to build WANs. And VPLS offers a big step forward for doing just that.
