Layer 2 VPNs, commonly used for private data networking, have been available in the market for some time in the form of ATM, Frame Relay and X.25 switched services. All of these services offer security in the form of dedicated connections between customer sites.

ECI's Multi-service over MPLS solution (also referred to as Layer 2 transport) enables carriers to offer scalable and flexible Layer 2 VPNs over an IP/MPLS backbone. ECI is a pioneer in Multi-service over MPLS deployment, introducing the first commercial implementation based on IETF Draft Martini (co-authored by our technical leaders) in September of 2001.

The Appeal of Layer 2 VPNs

An increasing number of carriers are now offering MPLS-based Layer 2 VPNs, with a number of factors driving deployment. Internet providers can expand their IP/MPLS backbone into a multi-service network using Multi-service over MPLS to offer Layer 2 VPN services. Internet provider Level 3 Communications is successfully using the ST200™ to offer Layer 2 VPNs across the U.S. and Europe.

Current ATM and Frame Relay providers are also seeing demand for high-speed services straining capacity. Rather than continue to invest in multiple ATM and Frame Relay networks, carriers are taking advantage of Multi-service over MPLS technology to offer high-speed Layer 2 VPN services to existing ATM and Frame Relay customers.

The ECI Layer 2 VPN Difference

The ST200 enables Layer 2 VPNs that combine the characteristics of a number of successful services including:

· Ethernet connectivity of Transparent LAN Service
· High bandwidth and QoS of ATM
· Reliable site-to-site connectivity of Frame Relay
· Access flexibility of IP VPNs

Specific capabilities of the ST200 that enable flexible and scalable Layer 2 VPN services include:

Sophisticated QoS: To ensure that existing service levels agreements (SLAs) are met, the ST200 provides robust QoS and traffic management capabilities for Layer 2 VPNs, enabling each customer's traffic to be managed independently with dedicated software-configurable traffic policers, queues and schedulers. Only ECI's solution can precisely match the high levels of QoS previously only associated with traditional ATM and Frame Relay switches.

Service Interworking: The ST200 enables interworking between ATM, Frame Relay and Ethernet services. This any-to-any service interworking enables customer sites to be connected regardless of access network type - whether ATM, Frame Relay or Ethernet.

Service Provisioning: Provisioning and management of Layer 2 VPNs is dramatically simplified via the LPS, a powerful, API-based provisioning and element management system. Operators can easily create and manage Layer 2 VPNs, dramatically reducing the time required to provision new services while preventing costly configuration errors. To provision services, operators simply select an interface, service type and class, and then assign a service name.

Security: To meet the high level of security required in service provider networks, the ST200 ensures the confidentiality of Layer 2 VPN traffic using secure tunnels, access control and encryption. Service management security is ensured through authentication using local password and account, local SSH public key and RADIUS and TACACS+ server authentication. In addition, the ST200 has been extensively tested against a wide range of known security attacks using security auditing software and port scanners such as NMAP and Nessus.

Conclusion

The ST200 enables carriers to offer Layer 2 VPNs, a service that is highly appealing to both service providers and end users. With the ST200, Layer 2 VPN services can be offered over a range access network types and speeds, tying together ATM, Ethernet, and Frame Relay-connected sites through service interworking. Sophisticated ST200 QoS capabilities enable Layer 2 VPNs with the same QoS as that found in ATM and Frame Relay networks, with the confidence of total security. ECI's Layer 2 service provisioning system dramatically reduces the time required to provision new services while preventing costly configuration errors.