Who’s Pushing Layer-2 VPN Services?
Here’s another great point Tiziano Tofoni raised in his comment to my EVPN in small data center fabrics blog post:
I cannot understand the usefulness of L2 services. I think that the preference for L2 services has its origin in the enterprise world (pushed by well known $vendors) while ISPs tend to work at Layer 3 (L3) only, even if they are urged to offer L2 services by their customers.
Some (but not all) ISPs are really good at offering IP transport services with fixed endpoints. Some Service Providers are good at offering per-tenant IP routing services required by MPLS/VPN, but unfortunately many of them simply don’t have the skills needed to integrate with enterprise routing environments.
For example: I’ve seen MPLS/VPN providers who force the customers to accept external OSPF routes because the provider wants to own the CE-router and is not willing to do BGP-to-OSPF redistribution in a way that would preserve the OSPF route attributes the way they were meant to be preserved in MPLS/VPN architecture.
More about this can of worms in the Choose the Optimal VPN Service webinar and Integrating DMVPN-based Internet VPN with MPLS/VPN WAN case study. Both are included in ipSpace.net webinar subscription.
Long story short: I always believed in greatness of MPLS/VPN architecture, but when the theory meets reality things often get ugly. As much as it hurts me, I’d prefer buying layer-2 services or IP transport services from a service provider because I know they can’t mess them up too much, and I’d still own the end-to-end routing.
I would then use the layer-2 transport service to build my own routed core, or use IP transport service with a tunnel VPN on top of it. You could also use SD-WAN if you’re happy to deal with GUI-driven undocumented technologies.
Also, many SPs rightfully don't want to deal with the mess that's called Enterprise routing ;))
I would not exactly call that small scale.
Use L2 tunneling to transport the packets to the closest (virtual) L3 endpoint?
IMHO it really depends on where you're deploying the fabric.
In a regular DCs maybe you don't need EVPNs, but in SP PoPs? Well you do.
Are we at risk of applying logic to emotion?
In a world where economic stimulus comes in the form of 'job creation' instead of proper grass roots agitation, you may find you're designing for a 95th percentile which no longer exists. Gone is the curious, extroverted, inner geek, who weighed up his career options as a project engineer or a support analyst and decided that support was probably the perfect combination of people+tech.
In his/her place, we have state sponsored employee numbers with designations that bear no resemblance to the geek-come-customer-champion of yesteryear. IT jobs FTW?
"Fill those seats and get them filled ASAP or you can kiss goodbye to the second, third and fourth stages of that grant we promised!"
Applying a cattle prod to your country's employment statistics is a brilliant short term win. Everyone's a winner!
Is this really true, though?
It's possible that such endeavours could jumpstart someone's ascent on the Needs Hierarchy and in turn, propel a nation out of stagnation... but is it enough to merely set the wheels in motion?
Yeh, course. Just like when you plug cables into any port of any switch, all of your apps come alive, magically.
In such a state (demoralised, depressed, angry, resentful, unproductive - pick one? :P) how likely are people to welcome additional complexity into their lives? Is it, perhaps, more likely they'll stick to what they know?
24 bit masks?
The ARP cache?
Who knows! :)
The reason for the migration to L2 service by network service providers is automation.
An L3VPN deployment cannot be easily automated, since you have to agree on IP addressing, IP routing, you have to test the integration, and you have no real separation of administrative domains. The full process might take weeks, with multiple meetings, documents to review, etc.
If you provide an L2 service only, then you do not have to discuss anything. You just provide the service, make an automated test using Ethernet OAM, notify the customer, the customer connects and the frames are forwarded. You can light up such service instances in minutes. If it is just a P2P L2 service, then it is easy to guarantee bandwidth and it is just a check-box to order automated protection switching.
Nowadays you can also automate L2 service provisioning over multiple service providers. On the long term this will make L2 services much cheaper than L3 services.
In about a decade, L3 services might become a small niche market...