There are different aspects to consider when subscribing to a managed Layer 2 Ethernet access service.
While the ultimate goal is to transport your Ethernet frames from one location to another, there are multiple kinds of services to accomplish this.
Managed Ethernet access is available in a variety of different forms, each of which is designed for different capabilities and respective price points. When you subscribe to a managed Ethernet service, you sign an agreement with one or more service providers to establish Layer 2 connectivity between your sites.
Learn how our Authorised BT Partnership is able to help your business design and set budgets across Managed Ethernet.
With dedicated short haul fibre service, your traffic is bridged from one site to another using traditional Layer 2 methods and is typically constrained to a single carrier’s network. Frequently, this is provided as an optical wavelength service where you are assigned a dedicated portion of bandwidth that no other customers can affect, though the optical wavelength carrying your network traffic is multiplexed with other wavelengths through the service provider core.
- Do you need dedicated bandwidth?
- Do you need multipoint bridged connectivity or is your application strictly point to point?
- What kinds of routing and topology considerations are there?
- Will a managed Layer 2 Ethernet access service work with SD WAN?
The Virtual Leased Line
Virtual leased lines (VLLs, also known as pseudowires) are point to point Layer 2 connections that are considered virtual because they are multiplexed over one or more carrier networks using Multi Protocol Label Switching (MPLS).
This means that unlike with dedicated short haul fibre service, traffic within the carrier networks between your sites is not dedicated to you and is shared among multiple customers. MPLS encapsulation serves as a tunnelling mechanism in order to maintain strict privacy between your traffic and the network traffic of other subscribers.
In addition, when you purchase a VLL service there is normally a service level agreement (SLA) in place that guarantees specific performance from the VLL such as a guaranteed level of throughput. Depending on your contract and the QoS configuration placed on the carrier equipment, you might be able to utilise more than your contracted bandwidth limit if it is available, but you will always be guaranteed a minimum throughput level.
VPLS (Virtual Private LAN Service)
Virtual Private LAN Service (VPLS) uses similar underlying technology as VLLs except VPLS is offered as a multipoint service which makes all of your sites appear as if they were connected to the same logical Ethernet switch.
With VLLs, there is no MAC learning and whatever enters one end of the connection will be delivered to the other end, as long as it is a valid Ethernet frame. With VPLS, the carrier network learns the MAC addresses at each of your sites so that it can emulate a traditional bridge and forward frames as appropriate between your sites. This saves bandwidth across the carrier network and optimises traffic between your locations.
SHDS (Short Haul Data Service)
The dedicated fibre option is usually a little more expensive than VLLs and VPLS because the entire portion of bandwidth is dedicated solely to your connection and is not shared among other customers.
This requires dedicated resources within the carrier network, which usually leads to slightly higher prices, though it usually accompanies improved levels of service and better guarantees. This option is very popular for connecting regional data centres together.
How Layer 2 Ethernet WAN differs from Layer 2 MPLS?
While an MPLS Layer 2 VPN service can be marketed as a Layer 2 Ethernet WAN, the primary difference between these two services is in how the traffic is transported across the carrier backbone network. Layer 2 Ethernet WAN is normally transported as regular Ethernet frames across the entire network from ingress to egress. This can be done through one or more levels of bridging or through optical multiplexing. In either case, the bandwidth is dedicated to you.
Layer 2 MPLS, on the other hand, has a Layer 2 Ethernet ingress and egress when connecting to the customer premises equipment (CPE), but is encapsulated in IP/MPLS packets within the carrier core network. The greatest advantage of carrying traffic in this manner is that it is easier to connect globally across different service provider networks. This extends the Layer 2 reachability between your locations further than a Layer 2 service like dedicated short haul fibre is capable of.
Controlling routing over your Layer 2 WAN
One of the biggest advantages of subscribing to a Layer 2 service as opposed to Layer 3 is that you retain more control over how your individual sites are connected. This is particularly true if you are subscribed to a multipoint Layer 2 Ethernet service like VPLS. For example, you could design a full mesh or hub and spoke topology across the Layer 2 network whereas routing over Layer 3 services is typically only point to point.
With a traditional MPLS Layer 3 VPN service, your CPE peers with the carrier’s provider edge (PE) router with a routing protocol such as BGP and the carrier participates in and controls the routing between your sites. In most cases, the carrier dictates which routing protocol you must use. You may want to use something like Open Shortest Path First (OSPF), but they only support BGP. With a Layer 2 service, you have full control over which routing protocols you use because it is transparent to the service provider. With a Layer 3 service, you must work with the carrier to design the routing topology, which may or may not be a default full mesh. With a Layer 2 service, the design is completely under your control and can be modified whenever you wish without carrier involvement.
Hardware devices typically used in Layer 2 Managed WAN
When purchasing a Layer 2 managed WAN service, the service provider typically installs a small device at each of your participating sites so they can manage the service. The equipment could be as simple as an ONT (optical network terminal) that provides a copper or fibre Ethernet handoff, or it could be more advanced such as a managed switch or even a carrier-class router.
Each of these different devices provides the carrier with different levels of manageability and service offerings. In the case of connectivity within a colocation facility, it is typical to have just a copper or fibre cross-connect delivered to your company’s equipment since the service provider has their own equipment installed elsewhere in the facility.
Hybrid designs of Layer 2 and Layer 3 WAN
Layer 2 and Layer 3 WAN services have different and sometimes overlapping use cases. It is not uncommon to subscribe to both Layer 2 and Layer 3 services from the same service provider. For example, you may have weighed the risks and carefully designed a Layer 2 DCI to provide the same IP subnets at multiple sites and you use a Layer 2 Ethernet WAN service for this. At the same time, perhaps the carrier offers a shared private or extranet service that you must access over a Layer 3 VPN WAN service such as MPLS. This is a common delivery model with IP telephony service providers (ITSPs) where SIP trunks and call centre functionality is delivered to multiple isolated customers through a shared private network.
As more enterprise network environments begin to place workloads within public cloud offerings like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform, sometimes it makes sense to utilise a private Layer 3 backhaul service into the cloud environment through your service provider. Frequently larger carriers have private peering agreements with major cloud players and can offer improved performance and lower network latency by connecting to the cloud environment privately through the carrier. This almost always requires subscribing to a Layer 3 service, whether you peer with the provider using a dynamic routing protocol or just use static routing.
SD WAN in a Layer 2 environment
You can still use SD WAN within a Layer 2 environment and depending on your use case it may be beneficial to do so because you have more control over the underlying characteristics of the link such as QoS signalling or network segmentation using VLAN tags. However, using pure Layer 2 links within an SD WAN may require some extra considerations depending on the SD WAN platform or hosting model being used.
The SD WAN edge device must have some way to reach the upstream controller. In the traditional centralised hosted controller model, the SD WAN edge device uses the Internet to reach the controller for its configuration settings and policy updates. If you are hosting the controller yourself, the SD WAN edge device might be able to reach your controller directly through the attached private Layer 2 WAN connection without requiring direct Internet access.
It may also be possible to maintain a separate lower-speed “out of band” Internet connection, such as a 4G/LTE link, simply for SD WAN edge orchestration and controller reachability. You can then specify through policy that the Layer 2 links are used for your data transport while the out of band connection is used for configuration updates and monitoring.
Likewise, similar to the hybrid Layer 2 and Layer 3 WAN design, you can mix different types of connectivity with your SD WAN edges to achieve optimal routing designs with regard to the services you need to access. You can maintain private inter-data centre connectivity over a high throughput Layer 2 Ethernet WAN service while accessing shared private services like public cloud backhaul through a Layer 3 WAN service from the same carrier.
Is a managed Layer 2 Ethernet access service right for you?
Most organisations like to maintain as much control as possible over their own networks. WANs built from Layer 2 Ethernet links enable this control since there is no participation required with the underlying carriers in how your traffic is routed between your sites. Whether you use point to point or multipoint services, you can change the configuration on your own edge devices to modify how traffic gets from one site to another any time you like.
Most carriers make it easy to subscribe to multiple WAN services including Layer 2 and Layer 3 simultaneously for different aspects of your overall network connectivity needs. Finally, as SD WAN continues to increase in popularity, you can rest assured that managed Layer 2 links will still work as long as your SD WAN edges have some method of reaching the orchestrator and may even enable some additional benefits over traditional Layer 3 WAN links.