MPLS VPNs – Layer 2 or Layer 3, Understanding the Choice

The Basics


We often take for granted the complexities that arise when it comes to sending out information across the internet.

For an individual network, this is not a big deal, since we are typically using our home internet to look for something or speak to an individual online. It is a one-to-one kind of connectivity. When you are dealing with multiple locations within the same network, however, more complications arise easily.

Any modern business needs to have its internet working well in order to survive. In order to ensure that every computer within a business is working along the same network, it will need to consider the type of multi networking that it needs.

An MPLS is an answer to this problem, connecting networks into a complicated and interconnected web as a unified company. Beyond the MPLS, however, businesses will also need to think about the type of MPLS that they should be using for their businesses. It comes down to whether a Layer 2 or Layer 3 MPLS is the right choice.

But does Layer 2 and Layer 3 mean? How are they different? This is what you need to know in order to make the best decision for your business’s network.


The acronym MPLS stands for “multiprotocol label switching.” It is an internet engineering task force (IETF) that helps scale networks that are complex and large in size. The IETF is just an open organization that helps define the internet operating standards, such as TCP and IP. Perhaps the best part about MPLS is that it is not tied to one specific underlying technology.

An MPLS works by combining flexible communication along a frame relay, private line, or even an ATM. It offers a variety of performance levels as well as QoS across a large network, ensuring that the most sensitive traffic will not experience any delays. It is primarily used by businesses who have multiple points that need to connect to the same network. The routing tables connect the entire network to appear as if it were on a single LAN in one type, but that is not always the case, depending on the type of MPLS that you opt to go with.

What Is A VPN?

Before we delve into the types of MPLS that are available, let’s just do a quick review of a VPN. A VPN utilizes a telecommunications infrastructure (as in the internet) in order to allow businesses or individuals with security to their network. It will allow for the same performance as an open network, but it has all of the privacy and security that you would want, without needing a security company to completely oversee the protection.

Types Of MPLS

While it might seem like MPLS is one networking standard, there are multiple types of it. Layer 2 has two options and Layer 3 has one.

Layer 2

Layer 2 VPLS: Layer 2 VPLS (virtual private LAN service) is a popular MPLS choice for businesses who use Ethernet services, because of the increased level of security that you get from it. Businesses often use a VPN simply to secure their internet usage within an office, but having a Layer 2 VPLS is a step up. It can provide security for the entire network, across multiple locations.

The best perk that comes from a VPLS is that it makes it appear as if the entire business is functioning over a single LAN rather than the multiple LANs that would be required to handle a business’s connectivity effectively. This can screen activity so it cannot be located to an isolated location or user from outside of the network.

Layer 2 VPN: A Layer 2 VPN is different than the VPLS, because it is working with the CE switch. It has to connect to the right circuit in order to control traffic in a secure manner. Customers have to configure their own switches in order to have this work. It will also be able to carry any Layer 3 traffic that might be passing through, but the provider still needs to be able to detect how much traffic that the Layer 2 VPN will have to carry.

This is also sometimes referred to as the Layer 2 point-to-point rather than VPN. The MPLS Layer 2 point-to-point is a cheaper alternative to having high bandwidth leased lines. Whole network operators tend to base their entire core network infrastructure along Ethernet with Layer 2. It is considered “protocol agnostic,” because it allows anything running along the LAN to also be sent over the WAN without getting caught up in converters or having router trouble.

Pros To Layer 2:

  • Easy to upgrade without altering the hardware
  • Low latency switches rather than routers
  • Plug and play, so easy to set up and get going
  • Traffic is monitored by MAC address rather than an IP
  • All sites appear to be on the same LAN regardless of geography
  • The provider does not need information about the customer directly
  • Customer has total control over policies and routing

Cons To Layer 2:

  • More susceptible to broadcast storm
  • More administrative overhead due to multiple site set ups
  • No provider visibility means no monitoring
  • Flat subnet across multiple locations
  • Troubleshooting with the provider is impossible if an error arises

Layer 3

Layer 3 IP VPN: A Layer 3 IP VPN is normally used by vast enterprises or retailers that have an incredible amount of locations and servers to handle. Layer 3 can work with business on a global level, and is the alternative to the legacy frame relay as well as ATM. It also can provide monitoring for troubleshooting while still providing the increase level of security that most businesses are looking for.

Layer 3 VPNs require a lot more configuration from the service provider since the PE’s routers have to store and process all of the customer routes in order for them to have a smooth and uninterrupted connection. This is commonly the most recommended choice between the two, but it does have its pros and cons.

Typically BGP is used to distribute VPN routing information throughout the backend of the provider while the MPLS is controlling the VPN traffic to the remote locations. This can be used privately to either public or private addresses and overlap can sometimes occur. If the VPN locations are properly identified, however, there should not be an issue.

Pros To Layer 3:

  • IP/VPN has a high scalability for fast deployment
  • Short hop count between two local sites
  • Prioritization is simplified, even across multi-site networks
  • Works for global locations that normally have a high latency
  • Providers can offer extra services easily through network convergence
  • Excellent choice for multi-location businesses

Cons To Layer 3:

  • Any modifications have to be submitted to the IP carrier and cannot be dealt with in-house
  • A lot more customer router hardware is required
  • The core infrastructure is generally going to cost a lot more than other options
  • Add-ons, such as QoS, might also incur more fees
  • Requires technical experts to pull off effectively
  • Customers have to share information about their network topology
  • The provider determines the policies and routing
  • Other protocol packets are not supported

In order to make the appropriate decision between Layer 2 and Layer 3 for your business, you will need to weigh the pros and cons of each.

While Layer 3 is often the preferred choice because of its high scalability, it is also the more expensive option that has more information given to the provider. Layer 2 is less expensive and has less revealed to the provider, but its privacy means that the provider cannot help if something goes wrong along the network.

You will need to think about what your business really needs from its network in order to make the most appropriate choice.

Leave a Comment