When we left off, we were looking at Frame Relay as an example of a Layer-2 infrastructure. Some customers will have very few sites, and others may have thousands. The logical topology (hub-and-spoke, partial-mesh or full-mesh) for a particular customer would be negotiated between that customer and the provider, based on the customer’s number of sites, which sites communicate with which, and with what bandwidth and latency requirements. Of course, the customer’s cost increases as the number of PVCs configured and their bandwidths increase. Once the negotiations are complete, the WAN provider will establish the required PVCs between the customer’s sites.
Speaking of money, it’s in the provider’s best interest to have as many customers as possible, and a large provider may have thousands. Refer to Figure 1, which shows the PVC’s for two customers, “A” (in red) and “B” (in blue).
Note that while each customer has three sites, “A” has a full-mesh, while “B” has a hub-and-spoke (with site B1 as the hub), and that although the customers are sharing the same physical infrastructure, their traffic is kept separate. Thus, each customer has a VPN (Virtual Private Network), which means that the provider’s network acts as if there is a private WAN for each customer.
As you can see, Customer A’s site A1 has the same IPv4 address space as does Customer B’s site B1, etc. Since we’re using VPNs (which act as logically separate networks) there are no “address collisions” despite the overlapping address spaces. In fact, the provider’s addressing scheme (Layer-2) is completely independent of those of the customers’ Layer-3 networks. In other words, the provider doesn’t know or care what IPv4 subnets the customers use, or whether the customers are using IPv4 at all (they could just as well be using IPv6, IPX, Appletalk, DECnet, SNA, or whatever). As long as the packet can be encapsulated using Frame Relay, the provider can get it where it needs to go.
Also, because the provider doesn’t know what routed protocols the customers are using, the provider has nothing to do with the customer routing protocols, either. The system we’re using is commonly referred to as an “overlay VPN”, because we have “overlayed” (superimposed) a VPN for each customer onto the provider’s Layer-2 network
Considering all of this, we can summarize the advantages of overlay VPNs as follows:
- A common physical infrastructure is shared between customers.
- Customers can independently choose any logical topology they want.
- Customers can use any combination of Layer-3 protocols they desire.
- There are no “address collisions” between customers.
- The provider does not participate in customer routing.
Since they offered great flexibility at reasonable cost, overlay VPNs using X25, ATM and Frame Relay became very popular over the past few decades.
Next time, we’ll look at the disadvantages of using overlay VPNs.
Author: Al Friebe