Remote Access to Layer 3 MPLS VPN Service

Many different options are available to connect remote users to a Layer 3 MPLS VPN service.The following remote-access solutions are some of the most common:

· Dial-in access via Layer 2 Tunneling Protocol (L2TP) Virtual Private Dialup Network (VPDN)

· Dial-in access via direct Integrated Services Digital Network (ISDN)

· DSL access using Point-to-Point Protocol over Ethernet (PPPoE), Point-to-Point Protocol over ATM (PPPoA), and VPDN (L2TP)

Dial-in Access Via L2TP VPDN

The VPDN solution provides dial-in access via a Public Switched Telephone Network (PSTN) or ISDN. This concept uses a tunneling protocol (such as L2TP) to extend the dial connection from a remote user and terminate it on an L2TP network server (LNS), which in this context is called a Virtual Home Gateway (VHG).

Figure 1 shows a high-level example of the VPDN concept.

Figure 1. Dial-in Using the VPDN Concept

Dial-in Access Via Direct ISDN

Direct ISDN access does not require the use of any tunneling protocol from the remote client to a Layer 3 MPLS VPN PE router, unlike the previous VPDN solution. Instead, a PPP link is established over the ISDN B channel directly to the PE router. The PE router obtains the remote client's credentials using CHAP and then forwards them to a RADIUS server for authentication. Upon successful authentication, the RADIUS server returns configuration parameters for the client (such as VRF name, IP address pool, and so forth). The PE router then creates a virtual-access interface for the PPP session based on local configuration and the information returned by the RADIUS server. The user CHAP authentication process then finishes, and the remote user is afforded access to the relevant VPN.

Figure 2 shows the direct ISDN access solution.

Figure 2. Direct ISDN Connectivity

DSL Access Using PPPoA or PPPoE and VPDN (L2TP)

Digital Subscriber Line (DSL) access is provided by terminating DSL connections using the L2TP VPDN architecture or via a direct connection to a PE router. This provides the infrastructure for large-scale DSL termination. Figure 3 shows the DSL connectivity option using the L2TP VPDN solution.

Figure 3. DSL Connectivity Using PPPoE or PPPoA

As shown in Figure 3, a remote-access client may access his or her Layer 3 MPLS VPN environment using PPPoE (if the CPE acts as a bridge) or PPPoA (if the CPE acts as a router). RFC 1483 routed (PPPoA) and bridged (PPPoE) encapsulation is used, and an L2TP tunnel is built from the receiving NAS/LAC to one of the LNSs within the service provider point of presence (POP).