L2VPN vs L3VPN: What’s the difference?

L2VPN vs L3VPN: What’s the difference?

The best VPN establish a secure, encrypted connection over a private or public network. Although they were originally designed to allow employees to “dial home” to their corporate mainframe whilst away from the office, they have a number of uses from allowing you to access geographic-specific online services like Netflix and protecting your online privacy.

Not all VPNs are created equal however. Layer 2 VPNs have been around for some time but Layer 3 VPNs are also popular. In this guide, you can explore and compare the differences between L2VPN and L3VPN.

What is L2VPN??

As the name suggests, L2VPN (Layer 2 VPNs) work on the second layer of the OSI (Open Systems Interconnection) model, known as the ‘data link’ layer.?

The OSI model is an abstract concept but generally a Layer 2 VPN virtualises this ‘data link’ layer to allow multiple sites to operate as part of the same network using MPLS (Multiprotocol Label Switching). This is a routing technique that transfers data from one node to the next using labels rather than specific network addresses.

In a traditional L2VPN model this routing occurs on the customer edge (CE) router or switch. The CE will connect to the VPN service provider’s edge (PE) switch or router.?

Users - or ‘customers’ - need only know which VPN interfaces connect to their services. They determine their own network policies and the best way to route traffic to the provider via an LSP (Label Switched Path). However, the user must also configure all their devices to handle Layer 3 traffic themselves, as well as to connect with other users rather than the provider.

As it only established Layer 2 connections, an L2VPN can be less resource intensive: it doesn’t have to keep a detailed record of routing info for every single user. This is less of a burden on the provider meaning it can be easier to scale up the network by adding more devices.

The fact that no record of individual user’s routing info is kept is also good news for privacy. It makes it much harder to trace data to an individual device if a bad actor gains access to the L2VPNs connection logs. There’s also no risk of a user’s routing information being made available to other private networks connected to the VPN.

The other main advantage of L2VPNs is that users can use any Layer 3 Protocol they wish, such as IP, IPv6, IPX and SNA.

What is L3VPN? ?

LV3PN (Layer 3 VPN) operates on the third layer of the OSI, known as the ‘network layer’. The key difference between an L2VPN and an L3VPN (Layer 3 VPN) is that routing takes part on the provider’s VPN router or switches.?

Since the service provider manages site to site routing, this can be an advantage given that they can use their expertise to handle this in the most efficient way possible. They may even be able to offer virtual private network-wide services such as video calls which are more difficult to implement on disparate L2VPNs using different protocols.?

To do this though, they need a knowledge of their user’s network structure, so it’s arguably not as private as using a L2VPN, as the service provider is even able to manage routing of user’s sub-nets. This wouldn’t usually be necessary or desirable e.g. when connecting various company offices around the world to a corporate or business VPN.?

In a L3VPN, the CE (customer’s edge) switch or router must be configured to exchange traffic with the PE (provider’s edge) switch/router using either BGP (Border Gateway Protocol) or OSPF (Open Shortest Path First).?

This can be an advantage relative to L2VPNs as there’s no need for every CE device to be connected to every other CE switch/router. Instead each CE device only needs to connect to one of the provider’s routers. However this only works for IP traffic : if users want to support protocols like IPX, the provider must set up GRE (Generic Routing EncapsulatioN) tunnels between CE devices.

The fact still remains that by only requiring a connection between one CE device and one PE device, L3VPNs are very simple to scale up.?

L2VPN or L3VPN?

Ultimately there are workarounds for getting a particularVPN Protocol running on either a L2VPN or L3VPN and scaling up each type of network is feasible with enough time in resources. Although, by default, a L3VPN doesn’t offer the same level of security and encryption implemented by an L2VPN running over IPSEC for instance, it is possible to secure connections between PE devices.

The key difference then between the two types of VPNs is one of control. If a user wants to be able to set its own network policies, perform their own routing and not reveal too much about the topology of their various private networks then L2VPN is the best option, as they can retain granular control over them.

If a user is less concerned with control and more worried about making sure that every site can communicate and share resources in the most efficient way possible, then L3VPn is probably the best option. Giving the provider control over routing has a number of benefits including maximizing bandwidth, support for services like voice and video conferencing and, most importantly, the user/customer doesn’t have to define their own network policies and protocols.?

In summary, each VPN model has its own pros and cons. The reason both exist is because there’s no “right” layer to choose when implementing a VPN, only what’s right for you. If you’re relying on a third-party provider for your VPN - especially when using a free VPN - make sure to ask which model they follow before setting up.?

要查看或添加评论,请登录

Kheir Eddine MAMINE的更多文章

  • Cisco Express Forwarding (CEF)

    Cisco Express Forwarding (CEF)

    It's a common fact that we tend to ignore things that are taken for granted as we assume their presence to be constant…

  • SFlow vs NetFlow vs SNMP: What Are the Differences?

    SFlow vs NetFlow vs SNMP: What Are the Differences?

    Effective network monitor and traffic management are vital for ensuring peak network performance. While SFlow, NetFlow…

  • Dream Big, Work Hard and Make it Happen

    Dream Big, Work Hard and Make it Happen

    I don’t know what that dream is that you have, I don’t care how disappointing it might have been as you’ve been working…

    2 条评论

社区洞察

其他会员也浏览了