R E S E A R C H W H I T E P A P E R

VPN Services: Layer 2 or Layer 3?

Which Service is Preferred by Enterprises and Why?

This research paper focuses on enterprise requirements and opinions regarding Layer 2 and
Layer 3 networking services. Specifically, the services discussed in this report are Ethernet
(Layer 2) and IP (Layer 3). Additionally, VPNs based on these services are highlighted, including
VPLS (RFC 4762) and IP-VPNs (RFC 4364), both of which leverage an MPLS network. While
IP-VPNs are ubiquitous, VPLS (also described as carrier Ethernet VPNs) are just starting to
become available in certain markets.
Table of Contents
1 Report Background

1 VPN Overview

1 Layer 2 Ethernet

2 Comparing Layer 2 and Layer 3

3 Benefits of Layer 2 Ethernet VPN Services
4 Benefits of Layer 3 Services
5 Current Service Usage

6 Making the Decision: Why Enterprises Choose Layer 2 or Layer 3

6 Demarcation Point
6 Local Loop
6 Service Cloud
8 Future Service Plans

8 Views on Pricing Levels of Different VPNs

9 Differences Between Industry Verticals

9 Financial Services
9 Public Sector
10 Professional Services
10 Other Verticals

11 Summary

11 Research Methodology

12 Author

12 Acronyms
Report Background
The research presented here is derived Figure 1. Vertical Markets Represented in this Research Report
from direct interviews with more than
40 enterprises based in North America Technology
4
Health
4
and Europe. Figure 1 illustrates the
distribution of the vertical markets rep-
resented in this research report. The
enterprises interviewed would mostly Professional Financial
be considered large enterprises and so 9 Services
10
the conclusions presented here should
only be considered representative of
this segment of the market. Additional
information on the research process is
presented at the end of this report.
Public
Sector
2
VPN Overview
Consumer Industrial
Historically, Layer 2 and Layer 3 VPNs 6 7
referred to frame relay and best-effort IP-
VPNs respectively. Frame relay allowed
enterprises to cost-effectively connect
multiple corporate locations together, compared to point-to-point private line services, and allowed
service providers to leverage cost efficiencies from statistical multiplexing. Early IP-VPNs, based on
IPSec and PPP (point-to-point tunneling protocol) allowed enterprises to more easily create mul-
tipoint data networks, and support remote locations and mobile employees, and they were cheaper
than frame relay. Both of these VPN services were effective at supporting multi-site data services,
but had limitations related to bandwidth scalability, provisioning simplicity and features.

As service providers upgraded their networks to incorporate next-generation technologies, MPLS

was used to bring networking efficiencies to their IP network and also to offer new services. These
MPLS networks were initially used to deliver IP-VPNs based on the RFC 2547bis standard. More
recently, service providers have started to upgrade their MPLS networks to support VPLS (Ether-
net VPNs), with some service providers offering their customers a combination of both VPLS and
Premium IP-VPNs based on these MPLS networks.

As this research paper shows, there is some overlap with these next-generation Layer 2 and Layer 3
VPNs. These VPNs should not be considered mutually exclusive services, as many service providers
are using Ethernet access circuits to connect to IP-VPN clouds, and enterprises can use both types
of VPN services for their communications requirements.

Layer 2 Ethernet
Ethernet services, with an Ethernet hand-off and in some cases an Ethernet local loop, were launched
in the mid-1990s. These early Ethernet services were mostly point-to-point solutions delivered as an
extended bridged Ethernet solution. As such, LAN Ethernet technologies, such as spanning tree
protocol, were simply extended into a metro area environment, and so had limited reliability or
OA&M capabilities.

In early 2001, the Ethernet market started to take off as competitive service providers targeted and
attracted large enterprises with high-speed bridged Ethernet services. These services had low prices
compared with high-speed private line services but still had limited reliability or OA&M capabilities.

VPN Services: Layer 2 or Layer 3? | Research White Paper 1

 Simultaneously, service providers with next-generation SONET / SDH networks started to support
Ethernet services, leveraging the underlying reliability of SONET / SDH. These types of Ethernet
services leveraged existing networks, but proved expensive for the best-effort Ethernet services that
most enterprises were willing to pay for.

More recently, service providers have focused on leveraging MPLS networks to deliver Ethernet
services. MPLS proved to be capable of supporting the QoS parameters and CoS queues that enter-
prises started demanding as they introduced VoIP and started migrating other business-critical data
services onto their Ethernet services. Point-to-point services based on the Martini encapsulation
technique were the services that were initially offered. Most recently, some service providers have
been upgrading their MPLS networks to support next-generation VPLS, with the ability to support
mesh VPN services.

As enterprise business practices have evolved, more and more business applications are considered
business critical. Enterprise requirements for QoS and the multiple service queues associated with
data services have intensified. By extension, service provider networks need to fulfill these enter-
prise requirements, and Layer 2 and Layer 3 VPNs delivered from an MPLS network is one unified
approach to meeting these needs.

Enterprises have complicated networking requirements and are faced with many
decisions on how to connect their corporate locations together. These networking
services can typically be viewed from three perspectives, including the enterprise
demarcation point, the local loop and the service core.

Comparing Layer 2 and Layer 3

For this research report, we looked at the impact of choosing either Layer 2 or Layer 3 VPN option
at three network service points:
• Demarcation point (or enterprise / service provider hand-off)
• Local loop or access circuit
• “Service cloud” (the core network that connects local loops together)

These three service points are depicted in Figure 2.

Before discussing enterprise preferences for each network service point, the general benefits of Layer 2
Ethernet and Layer 3 services are detailed. Table 1 provides an overview of these benefits. For the
purposes of this paper, a Layer 2 Ethernet service1 is described as:
• Having an Ethernet hand-off,
• Having an Ethernet local loop (or a TDM-based local loop with rate limiting),
• Allowing the enterprise to control networking and routing decisions end-to-end,
• Supporting multiple application protocols, and
• Having flexible and granular bandwidth.

1
 ote that an “Ethernet” service can have many different interpretations, exceptions to our list can exist, and there may be arguments against our parts of our list.
N
Many different connection mediums exist for “Ethernet” services, and therein is the diversity of interpretations.

2 VPN Services: Layer 2 or Layer 3? | Research White Paper

Figure 2. Enterprise Layer 2 and Layer 3 Networking Decisions

The Enterprise/Operator Demarcation Point (UNI)

The Operator “Service Cloud”

Customer A
FR UNI IP IP
Customer A VPN VPN Customer B
Frame
Relay VPLS VPLS Ethernet
Customer C

IP IP IP
VPN Multi-Service VPN Ethernet Service VPN
ATM Edge Routers Switches/Routers Ethernet
ATM UNI VPLS VPLS VPLS MTU Switch
Customer B
IP IP
TDM VPN VPN
VPLS VPLS

Ethernet UNI
Customer C The Local Loop or Access Connection

Table 1. Layer 2 and Layer 3 VPN Benefits for Enterprises

Ethernet Layer 2 Service Benefits Layer 3 Service Benefits

Highly flexible, granular and scalable bandwidth Almost ubiquitous availability globally
Simple troubleshooting Service provider manages and maintains all circuits, and routing and networking changes
Enterprise maintains networking and routing decisions Can be built by the enterprise
Easily add new locations to VPN
Transparent to underlying application protocols
Ubiquitous use for router ports

Benefits of Layer 2 Ethernet VPN Services

From an enterprise perspective, there are many benefits to using an Ethernet Layer 2 service:

Flexible, granular and scalable bandwidth, with the ability to easily change bandwidth levels up to
the port capacity. Using rate limiting, service bandwidth levels can easily be matched to the needs
and budgets of the enterprise. In comparison, frame relay, ATM and private lines rely on TDM
circuits, which have explicit bandwidth levels.

Simplified maintenance, with every IT organization understanding the Ethernet protocol, any IT
employee can troubleshoot Ethernet demarcation points. Equally, while every IT organization under-
stands IP, this OSI Layer 3 protocol must rely on lower order protocols to move the packets across a
MAN or WAN. Where Ethernet is used for transport, the simplicity is maintained; however, when
frame relay, ATM or TDM are used at the demarcation point, the benefits do not follow through as
fewer IT employees understand these protocols. Using Ethernet at the demarcation point therefore
provides the simplest interface for enterprise IT organizations.

VPN Services: Layer 2 or Layer 3? | Research White Paper 3

 Networking and routing control is maintained by the enterprise, which is typically preferred by
enterprises that want to ensure the security of their underlying packets. With this type of service,
the enterprise implements its end-to-end networking and routing decisions itself without having to
involve the service provider, and these decisions are therefore only known within the enterprise.
Additionally, although changes are usually not a common occurrence, this approach allows these
changes to be implemented faster.

Specifically with VPLS, enterprises can easily add new locations to the VPN, without having to
change the networking and routing configurations for all existing locations. When a new location
is connected to the VPLS instance, the new location can automatically communicate with every
existing location, and vice versa.

Protocol transparency, with the ability to transport all legacy application protocols, such as SNA,
DECnet, IP.X, and others. Ethernet, as an OSI Layer 2 protocol, can support any higher-order
protocol, making it an ideal method of supporting legacy application protocols that are still in use
at some enterprise. In comparison, IP is an OSI Layer 3 protocol, so it cannot support these legacy
application protocols, and can only support IP-based applications. Enterprises, however, are gradu-
ally moving away from these legacy application protocols to IP-based applications, so this benefit
will dissipate.

Universal availability of Ethernet ports on routers, with every router shipped having Ethernet ports.
There is no need for the enterprise to purchase expensive high-speed serial interfaces (i.e. TDM-based
ports) to support TDM-based local loop, or an additional CSU / DSU for a frame relay service. An
Ethernet handoff also simplifies the enterprise’s telecom closet, with reduced equipment, and by exten-
sion, reduces the power draw for the related equipment. These benefits would be minor considerations
for the enterprise.

Benefits of Layer 3 Services

From an enterprise perspective, the benefits of using a Layer 3 service include:

Ubiquitous availability, with most service providers globally offering Layer 3 VPN services, with
bandwidth starting at 56 Kb/s and scaling up to whatever the enterprise requires. In comparison,
Ethernet services and Layer 2 VPNs are for the most part available only in metro markets and in
only selected developed markets; getting an Ethernet demarcation in rural markets or developing
countries is either impossible or prohibitively expensive. With this ubiquitous availability, enterprises
can easily plan for and implement a network globally with the knowledge that local loop connec-
tions should be fairly straightforward.

Network and routing control is maintained by the service provider. In this scenario, the enterprise
has to simply list its routing and networking requirements and the service provider will implement
those decisions across the VPN. Enterprises who do not want to spend time and resources maintain-
ing networking and routing decisions can shift that responsibility to the service provider by using
an IP-VPN.

Many equipment vendors ship equipment (firewalls, VPN dialers, IADs, etc.) that allow enterprises
to build Layer 3 VPNs themselves. Microsoft Windows even supports simple VPN connections, which
is very useful for remote and mobile workers. These VPNs are based on IPSec or SSL encryption,
and are not as complex as network-based VPNs, but are cheap, simple and quick to deploy.

4 VPN Services: Layer 2 or Layer 3? | Research White Paper

 Current Service Usage
Having considered the various benefits for Layer 2 Ethernet or Layer 3 services, it is interesting
to take a look at what services the large enterprises in this study are currently using, and where.
Figures 3 and 4 detail the type of services used to connect to the small corporate locations of these
large organizations, and the large or core corporate locations of these same organizations.

Based on the charts from Figure 3, we can see that private line and frame relay services still domi-
nate connections to the smaller corporate locations. The services cloud for the wide-area is corre-
spondingly dominated by ATM or point-to-point private line connections but secondly by IP-VPNs.

In Figure 4, we can see that Ethernet and private line are the two services that enterprises use to
connect their large corporate locations together or to the Internet. As all organizations participating
in this research would be considered large organizations with large data bandwidth requirements, it
is not surprising the high bandwidth private line and Ethernet services are used, as opposed to low
bandwidth frame relay or xDSL.

Figure 3. Access and WAN Services Used to Connect Small Corporate Locations

Small Locations, Access Circuits Small Locations, WAN Connections

xDSL Frame Relay

12% 22% IP VPN ATM/
35% Private Line
47%

Etherrnet,
Point-to-Point
Private Line
20%
41% Etherrnet,
ATM Point-to-Point
5% 18%

Figure 4. Services Used to Connect Large Corporate Locations

Existing Large Location Services

Private Line Ethernet

33% 67%

VPN Services: Layer 2 or Layer 3? | Research White Paper 5

Making the Decision: Why Enterprises Choose Layer 2 or Layer 3
For the most part, enterprises understand and prefer the benefits of Ethernet, and would like all their
service provider demarcation points to be Ethernet ports. Beyond the demarcation point, preferences
are based on a number of factors, including service supply, budgets and application requirements.
Enterprise decisions can be viewed for the three network service points (demarcation point, local
loop, and service cloud). Decisions for each service point though are almost always based on busi-
ness criteria, and not technology.

Demarcation Point
Enterprises almost universally preferred to have an Ethernet demarcation point (i.e. the enterprise /
service provider hand-off). With an Ethernet hand-off, enterprises can use an existing Ethernet port
on their router. Troubleshooting of the demarcation point is also simplified and the enterprise can
choose to take advantage of the flexible and granular bandwidth if the local loop is rate limited.

Local Loop
Generally, enterprises preferred to have an Ethernet local loop or access circuit. This preference
was based on the same advantages listed for the demarcation point, with the ability to allow the
enterprise to have flexible and granular bandwidth being particularly important. If the local loop
is delivered via a fiber connection, this bandwidth also becomes very scalable. Most enterprises
indicated that bandwidth requirements are growing strongly and are expected to continue growing;
having flexible, granular and scalable bandwidth will obviously best support this growth.

Service availability
Despite the advantages of an Ethernet local loop, local loop decisions are mostly decided by what
services are available. Although most service providers globally offer Ethernet services, these services
are not always available in all markets, or in all buildings within a market. As a result, enterprises
that prefer to have an Ethernet local loop may not be able to get one.

Ethernet services are still not as ubiquitous as frame relay or private line services, as most service
providers who offer Ethernet services are still building out the networks to support these services
(i.e. adding the necessary equipment in their points of presence).

Additionally, almost all Ethernet services globally are offered via fiber access local loops, while most
buildings do not have fiber access. Buildings that have fiber access are mostly located in central business
districts of cities, and the oft quoted metric that “10 percent of buildings have fiber access” seems to
be quite accurate.

In most cases, access circuits to an IP-VPN are much more readily available, using xDSL and private
line services. Acquiring a frame relay or private line circuit at multiple corporate locations globally,
all connecting to an IP-VPN cloud is typically an easier solution for enterprises needing multipoint
corporate connectivity.

Service Cloud
As mentioned earlier, VPLS is just starting to be offered by service providers, and while there are
markets globally where this service can be acquired, this market is still in its infancy. Many enter-
prises have heard of VPLS, but indicated that either their service providers were not offering this
service, or had not been actively marketing it. VPLS network deployments continue to increase,
and this market will grow rapidly, as enterprises become more aware of the benefits of VPLS.

6 VPN Services: Layer 2 or Layer 3? | Research White Paper

Below is a list of the various issues that enterprises deal with when managing and maintaining their
communications network. Each issue will typically indicate a preference for Layer 2 Ethernet or IP-VPN;
many enterprises though may be faced with multiple issues, making their selection of either Ethernet
or IP-VPN more difficult.

The need for control

Enterprises that want to control their networking and routing decisions will prefer a Layer 2 Ethernet
service end-to-end. This approach lets the enterprise manage these decisions between their various
corporate locations. With the enterprise IT department in control, it has a much clearer handle on
the cause and effect of its decisions. In the increasingly regulated corporate environment, the abil-
ity of IT departments to document processes and data integrity is becoming critical, and a Layer 2
service provides that control.

Outsourcing control
Some IT departments are comfortable having the service provider implement the enterprise’s
networking and routing decisions. These companies prefer to focus their IT resources on core busi-
ness issues and believe that having their service provider implement their networking and routing
decisions allows them to do this. With IT budgets stretched to the limit, decisions are being made
on what IT functions are core to the company’s business and which IT functions can be outsourced.
IP-VPNs allow these enterprises to outsource a variety of IT functions to their service provider.

Specialized IT departments
Some IT departments at very large multinational companies have extensive technical knowledge,
especially for a variety of routing protocols. These companies demonstrated a high comfort for inter-
working at Layer 3 with their service providers (BGP), to implement their networking and routing
decisions (EIGRP). These types of enterprises are much smaller in number, but represent a portion
of the market that prefers IP-VPNs.

Site scalability
VPLS is defined at the PE (provider edge), creating a Layer 2 cloud between all PEs. The enterprise
connects its corporate locations to this VPLS cloud, or instance. With this infrastructure, adding a
new corporate location simply involves connecting to the existing cloud, as opposed to every other
existing corporate location, as in the case of an IP-VPN. Enterprises that are changing their corporate
locations regularly appreciate the ease of adding these new locations to their corporate network.

Historical issues
Most companies using IP-VPNs had designed and built these networks in the past couple of years,
with plans for these networks preceding the buildout by a few months. Enterprises that investigated
Ethernet VPNs two-to-three years ago indicated that these services were either very limited in
availability or non-existent, making Ethernet VPNs not an option for consideration.

As these contracts come up for renewal, the availability and capabilities of Ethernet VPNs will have
greatly increased from two to three years ago. It is therefore likely that some of these enterprises will
choose to switch some of their sites to an Ethernet VPN at that point.

VPN Services: Layer 2 or Layer 3? | Research White Paper 7

 Future Service Plans Figure 5. Planned or Desired Services Used to Connect Small
Corporate Locations
Based on these Layer 2 and Layer 3
preferences and on the increasing Planned Access Circuits, Small Locations
availability of MPLS-based VPN ser-
vices, enterprise plans for their future
service requirements will change. Fig- IP VPN, Ethernet Private Line
Access 23%
ures 5 and 6 show the mix of services 17%
that enterprises plan or would like to
use for their communications require-
ments in the next two years.
xDSL
6%
Ethernet
Based on the results in Figure 5, we 15%
can see that enterprise plans or desires Wireless
are to significantly change the services 4%

used to connect to their small corpo-

rate locations. The use of frame relay
IP VPN
has disappeared entirely while private 35%
line use has decreased. In comparison,
the use of MPLS has increased signifi-
cantly, including the introduction
of Ethernet access circuits to MPLS-
based VPNs. Ethernet and xDSL Figure 6. Planned or Desired Services Used to Connect Large
services have decreased somewhat, Corporate Locations
also due to the increase in MPLS-
Planned Services, Large Locations
based VPNs.

In comparison, enterprise plans for

VPLS Private Line
large corporate locations are heavily 11% 26%
weighted to Layer 2 services. As men-
tioned in relation to existing services
used, these corporate locations have
large bandwidth requirements. Many
of the organizations that participated
in this research are already using
100 Mb/s and higher point-to-point
services, or DS3 / E3 and higher private Ethernet
line services and these bandwidth 63%

requirements are growing. These large

enterprises plan to continue to use
these types of services to support the
growing bandwidth requirements.

Views on Pricing Levels of Different VPNs

Enterprises view Ethernet services as lower priced service in comparison with frame relay and private
lines. This perception has been created due to the fact that early Ethernet-based services were simply
best-effort bridged services, based on spanning tree protocol for resiliency. As bandwidth requirements
increase, Ethernet services will likely cost more than an E1 / T1 lease line or fractional frame relay
service, but on a per-megabit basis, these will still be significantly cheaper than the legacy services.

8 VPN Services: Layer 2 or Layer 3? | Research White Paper

 As enterprises demanded QoS features and CoS queues, premium pricing compared to best-effort
Ethernet services has occurred. Equally, CoS queues for IP-VPNs have also resulted in premium
pricing compared with best-effort IP-VPNs. On a per-megabit basis, though, Ethernet services are
still priced below IP-VPN pricing levels, with service providers positioning IP-VPNs as a premium,
managed service.

Ethernet services are growing in availability, allowing enterprises to use them at

more of their locations.

Differences Between Industry Verticals

Generally, the research outcomes listed above were consistent across industry verticals. Some differ-
ences did emerge, though, as described below.

Financial Services
These companies mostly want to control their networking and routing decisions, at a minimum for
their core locations if not company-wide. Most of the companies in this vertical are networking their
core locations using Ethernet services; these locations included head offices, data centers, disaster-
recovery sites, and in some cases, regional headquarters. For most of these companies, Ethernet
services have been used for more than a year or two, and so most of these services are point-to-point
bridged Ethernet connections over dedicated fiber. These sites have large bandwidth requirements
(a minimum of 100 Mb/s, but more often, GigE) and high security requirements, making Ethernet
connections ideal.

For the companies in this vertical that have smaller locations, such as branches for retail banks,
typically these locations are connected to an MPLS-based IP-VPN. These locations generally have
lower bandwidth requirements and are also generally in locations with limited fiber local loop avail-
ability, making IP-VPNs with private line or xDSL connections most efficient.

Retail banks however are a perfect example of an enterprise using both Layer 2 Ethernet and IP-VPN
services. The core locations of these companies are mostly networked using point-to-point high
capacity bridged Ethernet services, likely the only type of Ethernet service available when these
connections were built over the past few years. These companies would be ideal candidates for a
hybrid MPLS-based single network solution, with VPLS for the core locations and IP-VPNs for the
branches, as noted above.

Public Sector
Many public sector organizations, including municipalities and school boards, have built Ethernet
networks. As these organizations usually have most of their locations in a single metro area, the
likelihood of fiber local loops supporting Ethernet services is higher. A number of these organiza-
tions have also deployed their own fiber network, leveraging their own rights-of-way. As a result,
many of these organizations have high capacity Ethernet services to most or all of their locations,
typically in a hub-and-spoke architecture.

VPN Services: Layer 2 or Layer 3? | Research White Paper 9

 Given the short distances of many connections between these locations, and the fact that most
of the connections are dedicated to the organization (i.e. un-shared), an Ethernet network was the
optimal solution. The Ethernet networks were significantly cheaper than any other solution, and as
an extension of each LAN, are easily managed as a single LAN. As an example, Figure 7 depicts a
municipality’s private fiber-based network.

Many hospital networks have built Figure 7. A Private Fiber-Based Network

similar networks. As with munici-
palities and school boards, hospital
networks would mostly be located
within a single metro area where fiber
access would be available. The catalyst
for these organizations building private
networks is to support imaging data
and an associated PACS application.
This application allows imaging data
from X-rays and scans to be stored
and accessed from any location that is
connected to the PACS application.
These images are tens-of-megabytes in
size and larger, requiring large amounts
of bandwidth to support the network-
ing of these files.

Professional Services
This vertical includes law firms, accounting and consulting companies, and printing companies.
These companies have most of their locations in central business areas of cities, and therefore are
more likely to have access to fiber connections. These types of companies typically are experiencing
strong growth in bandwidth requirements, due to increases in business-related email traffic, and a
growing reliance on sophisticated, graphically rich applications.

Many professional services organizations have implemented Ethernet-based services. Most of these ser-
vices are bridged Ethernet solutions or other legacy architectures, and as their networking requirements
increase in complexity, we expect that these companies will implement VPLS or hybrid solutions.

Other Verticals
Most other verticals have typically only implemented Ethernet connections between their head office,
data centre and disaster recovery locations. The bandwidth requirements between these locations
are high, with 100 Mb/s Ethernet connections usually being the minimum. These connections are
also mostly point-to-point and so have mostly being built as bridged Ethernet connections over
dedicated fiber.

As many of these connections were built over the past few years, these companies have been able
to “test” Ethernet services and experience some of the benefits described above. As a result, many
of these companies are starting to explore the use of Layer 2 Ethernet services for other corporate
locations, particularly as contracts come up for renewal.

10 VPN Services: Layer 2 or Layer 3? | Research White Paper

Summary
Enterprises preferring Layer 2 VPN services can be generalized as having these main characteristics:
• Fewer than 20 corporate locations
• Bandwidth requirements for most of these locations of more than 10 Mb/s
• Have sophisticated IT departments that want to maintain control of their networking and
routing decisions
• Applications written with non-IP protocols, such as SNA, IP.X, etc.

Enterprises preferring Layer 3 VPN services can be generalized as having these characteristics:
• More than 20 corporate locations
• Bandwidth requirements for most of these locations of less than 10 Mb/s
• Have IT departments that want to outsource the maintenance of their networking and
routing decisions
• Mostly IP-based applications

Nevertheless, most enterprises do not fit these criteria exactly. Rather, they have a mix of core locations
and remote locations, a mix of locations requiring high bandwidth and low bandwidth, and a mix
of IT preferences regarding the control of networking. As a result, enterprises across many verticals
have been using Ethernet services for some of their corporate locations and IP-VPNs for other locations.
Given this scenario, a hybrid approach that uses a single MPLS network to implement both types
of VPNs will address most enterprise networking requirements.

As Layer 2 Ethernet access services and VPLS become more available, enterprises will increase
their use of both. Many enterprises indicated a preference for these services, and will likely replace
private line and frame relay as Ethernet options become available. We therefore expect spending
on Ethernet access and VPLS to increase going forward.

We also expect spending on IP-VPNs to grow, as there are distinct benefits for enterprises with these
services as well. As described above, most enterprises can leverage both the benefits of Layer 2 Ethernet
and Layer 3 at different parts of their network, and therefore a hybrid networking solution fits these
needs best. The growth in spending for these services will come at the expense of private line and
frame relay.

Research Methodology
This research report is based on direct interviews with more than 40 enterprises, specifically telecom
manager type personnel. These enterprises are based in North America and Europe, and for the most
part, would be considered large enterprises. The choice of questions asked and information gathered
were based on prior knowledge of MAN and WAN data networking requirements for more than
50 enterprises based in North America and Europe. The structure of the interviews focused on the
existing networking solutions used and plans for future solutions, and why these decisions were made.

The enterprises interviewed for this report broadly speaking represent seven industry verticals: Consumer
Goods, Financial Services, Industrial, Health, Professional Services, Public Sector, and Technology.

VPN Services: Layer 2 or Layer 3? | Research White Paper 11

Author
Brian Van Steen, CFA
Director, Solutions Marketing
brian.van_steen@alcatel-lucent.com

Acronyms
BGP border gateway protocol
CoS class of service
CSU channel service unit
DSU data service unit
EIGRP enhanced interior gateway routing protocol
IAD integrated access device
MPLS multiprotocol label switching
OA&M operations, administration and maintenance
OSI Open Systems Interconnection
PACS picture archiving and communications system
PE provider edge
PPP point-to-point protocol
QoS quality of service
SSL secure socket layer
UNI user-network interface
VPLS virtual private LAN service
VPN virtual private network

12 VPN Services: Layer 2 or Layer 3? | Research White Paper

www.alcatel-lucent.com
Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other
trademarks are the property of their respective owners. The information presented is subject to change
without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein.
© 2007 Alcatel-Lucent. All rights reserved. WLN1103070848 (10)