VPN L2 Overview


This document discusses the general overview of L2 VPN. In particular special attention is paid to Virtual Private Wire Service (VPWS), Virtual Private LAN Service (VPLS) and Ethernet VPN (EVPN).


  • L2 VPN based on MPLS are categorized into two categories: VPWS and VPLS.
  • Virtual Private Wire Service (VPWS) is a single point to point circuit emulation.
  • Virtual Private LAN Service (VPLS) is a LAN emulation.
  • All of these services are provided by PE routers.
  • Each service connects to the CE device via an Attachment Circuit (AC). The AC could be Frame Relay, Ethernet, ATM, a VLAN..etc. AC are used between CE and PE.
  • Pseudowire (PW) is the logical wire between the PEs across the backbone. PEs establish and maintain the PW.
  • PW are bidirectional when they are point to point, while unidirectional when multipoint-to-point and point-to-multipoint.
  • Frames enter the Attachment Circuit from CEs, traverse the Pseudowire and exit on the egress Attachment Circuit.
  • The entity that binds the PW and AC is called a Forwarder.
  • A forwarder can bind the AC to a single PW. It can bind it to multiple PWs as well (VPLS). When using multiple PW, the forward has to make a forwarding decision on L2 frame's information of the tunneled frame.
  • Attachment circuit can be of the same transport technology, but can also be different. For example ingress AC be Ethernet, while egress AC be Frame Relay. When a translation is required, some sort of interworking has to occur.
  • Tunnel is defined between any two PEs. It can have multiple PW in each tunnel, as long as they terminate on the same PEs. For example PE1 and PE2 can have two PWs within it's tunnel.
  • Pseudowire signaling is another important functionality of L2VPNs. It is used to setup and maintain the PWs. Depending on which PW is used (P2P or M2P) different functions are required. See details in respective section.


  • A particular combination of <AC, PW, AC> forms a "virtual circuit" between two CE devices.


  • Signaling functionality for point to point PW include:
    • Demultiplexer distribution - since each tunnel can carry multiple PWs, it has to have a value to distinguish each other. The demultiplexer is usually the PW ID. It is essential to the setup of any PW.
    • Selection of a Forwarder on Remote PE - It has to contain a way for the remote PE to select the proper forwarder (binding between PW and AC) to know which AC should be used.
    • L2 Emulation - Signaling includes a method to select the proper l2 technology at the AC.
    • State Changes - Maintain and notify any state changes.
    • Parameter Negotiations - Signal all of the know properties of the PW and agree upon any of them.
  • Signaling is accomplished using LDP, L2TP or BGP.


  • PE can be viewed as containing a Virtual Switching Instance (VSI) for each L2VPN that it serves. It has a separate VSI per each VPLS.
  • Unlike VPWS, VPLS perform forwarding based on the user L2 headers.
  • VPLS supports a number of topologies:
    • Point to point
    • Point to multipoint (hub and spoke)
    • Any to any (full mesh)
    • Partial mesh
    • Hierarchical
  • The forwarder in a VPLS-PE is a Virtual Switching Instance (VSI) that maps multiple attachment circuits to multiple pseudowires.
  • Forwarding decision are based on MAC source address learning. Each VPLS instance has its own bridge.
  • VPLS terminology is as follows:
    • CE> (Bridge-> Emulated LAN Interface -> Emulated LAN) PE ->……()PE> CE
  • PEs carry each client MAC address, there is no way to summarize addresses. Because of this a limit on the number of MACs is usually imposed from SPs.


Additional Resources



rating: 0+x
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License