What is VPWS?
VPWS (Virtual Private Wire Service) is Point-to-Point Layer 2 MPLS VPN Service of Nokia Service Routers. The other Layer 2 VPN Service is VPLS that is explained in another lesson. Here, we will focus on Virtual Private Wire Service . In another lesson, we will learn How to Configure VPWS on Nokia Service Routers.
Below, a logical picture is given for VPWS Service and shows this structure better.
This general structure shows that, VPWS logical structure independant from the used L2 Technology and Virtual Private Wire Service type.
VPWS (Virtual Private Wire Service) is also called as Virtual Leased Line. It provides Point-to-Point VPN Service and from the Customer point of view, it is like a Leased Line. With VPWS two sites of customer are like directly connected as Point-to-Point.
VPWS service encapsulates the customer data and transports over the service provider’s IP or MPLS network in a GRE or MPLS tunnel. In other words, customer traffic is encapsulated and transfered over service provider network.
Above, we said that VPWS is a Layer 2 VPN Service. But sometimes Virtual Private Wire Service can be defined as Layer 1 VPN Service. Because there is no MAC learning in this service.
Virtual Private Wire Service offers service for Ethernet, ATM, Frame-Relay and TDM across a common IP/MPLS network. According to used L2 technology, there are five types of Nokia VPWS Services. These are :
Epipe : Epipe is Ethernet Pipe. It is a simple Point-to-Point L2 VPN Ethernet Service between two Ethernet SAPs.
Fpipe : Fpipe is Frame-Relay Pipe. It is a simple Point-to-Point L2 VPN Frame-Relay Service between two Frame-Relay SAPs.
Apipe : Apipe is ATM Pipe. It is a simple Point-to-Point L2 VPN ATM Service between two ATM SAPs.
Cpipe : Cpipe is TDM Pipe. It is a simple Point-to-Point L2 VPN TDM Service between two TDM SAPs.
Ipipe : Ipipe is Interworking Virtual Private Wire Service. It is a simple Point-to-Point L2 VPN Service between two nodes that has different technologies.
Epipe (Ethernet Pipe) is the VPWS VPN Service of Nokia that is for Ethernet Services. In other words, Epipe is a simple Point-to-Point L2 VPN Ethernet Service between two Ethernet SAPs. Epipe Service is also called “Virtual Leased Line (VLL)”.
Fpipe is the VPWS VPN Service of Nokia for Frame-Relay. It is a simple Point-to-Point L2 VPN Frame-Relay Service between two Frame-Relay SAPs. Here, Frame-Relay PVCs are used between routers.
Apipe (ATM Pipe) is the VPWS VPN Service of Nokia for ATM. It is a simple Point-to-Point L2 VPN ATM Service between two ATM SAPs. Here, ATM PVCs are used between routers.
Cpipe is the VPWS VPN Service of Nokia for TDM. It is a simple Point-to-Point L2 VPN TDM Service between two TDM SAPs. Cpipe is like a TDM Leased Line.
Ipipe is Interworking Virtual Private Wire Service. It is a simple Point-to-Point L2 VPN Service between two node that has different layer 2 technologies. For example, an Ipipe can connect an Ethernet technology to an ATM technology, or a Frame-Relay technology to Ethernet technology etc.
How VPWS Works?
SAPs and SDPs
As we have discussed before, in VPN Service terminology there are SAPs (Service Access Points) and SDPs (Service Distribution Points). In VPWS, these terms are also used.
On the Service Router, the ports that will connect to customer are defined as SAPs (Service Access Points). Customer access VPN Service over this port. On a physical port, many SAPs (Service Access Points) can be defined. Because SAPs are logical definitions.
Again, on the Service Router, there are other logical definions, SDPs (Service Distribution Points). Here, SDP is used as the tunnel of the VPN Service. There can be many SDPs and each SDP can have one more VPN Service.
Basically, these two terms show the two sides of the Service Router.
VPWS is a Layer 2 VPN Service so it works as other MPLS VPN Services. AS we have discussed before, two label mechanism is used in this VPN Service. So how VPLS Works? Let’s explain this process in five steps:
- Firstly, the customer sends the packet to the SAP from CE router to the Ingress Provider Edge Router (PE) of the Service Provider.
- Secondly, this packet is encapsulated on PE with a Service Label (Inner Label). This encapsulation differs this VPN Service from other VPN Services in the service provider network. This label will remain until Egress PE.
- Then, to send this traffic over SDP, the second label, Transport Label (Outer Label)is added to the data. This label shows the Label Switched Path (LSP) that the data follow. This label is swapped through the Service provider network on each hop.
- After that, the egress PE, the Transport Label and Service Label are removed.
- And lastly, according to the Service Label, the data is sent through the related SAP to the customer.
VPWS SAP Encapsulations
SAP encapsulation is used for some important roles. According to Layer 2 technology, there are some different encapsulations types. Let’s talk about these encapsulations.
There are some SAPs encapsulations used in Epipe and Ethernet. These encapsulations and their roles are given below:
Null Encapsulation means that this interface can be used for “Single Service” for “Single Customer”.
Dot1q Encapsulation means that this interface can be used for “Multiple Services”for “Multiple Customers”.
Q-in-Q Encapsulation means that this interface can be used to expand VLAN space by tagging tagged packets.
There are also other encapsulation types for SONET. These are :
- SONET/SDH (IPCP)
- SONET/SDH TDM (BCP-null)
- SONET/SDH TDM (BCP-Dot1Q)
- SONET/SDH ATM (ATM)
- SONET/SDH Frame Relay (Frame Relay)
In the following parts, we will focus on VPWS Configurations on Nokia Service Routers.