Application Note
Cisco Any Transport
over MPLS
Objective and Audience
One of the main benefits of Multiprotocol
Label Switching (MPLS) is enabling virtual
private network (VPN) connectivity over a
public packet-switching infrastructure.
The first VPN offering with MPLS
provided connectivity at Layer 3 and is
defined in the Internet Engineering Task
Force (IETF) standards, namely with RFC
2547. Service providers need to extend
VPN connectivity to Layer 2 to enable new
data services offerings, save costs, and
integrate multiservice functionality and
offer it with Layer 3 VPN on a unified core
network. Using Any Transport over MPLS
(AToM), service providers can transport
Layer 2 data privately over the same MPLS
infrastructure.
AToM is based on the IETF draft-martini
documents. These documents provides a
detailed description of the applications
enabled by an AToM solution, as well
as the benefits and market opportunities
associated with the AToM features
®
supported in Cisco IOS Software. This
application brief is intended for service
providers that are planning to offer Layer 2
connectivity services based on MPLS, or for
the customers of these service providers for
such services.
Cisco Systems, Inc.
All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 1 of 8
Any Transport over MPLS
Overview
Any Transport over MPLS (AToM) is the
Cisco solution for transporting Layer 2
packets over an IP/MPLS backbone. A
new application and service enabler in
MPLS networks, AToM provides
point-to-point connectivity for several
media encapsulations, including Ethernet,
Frame Relay, and ATM. Its ultimate
goal is to enable new services at lower costs
and complexity when compared with
alternative technologies. AToM is provided
as part of the Unified VPN Suite of
leading-edge VPN technologies available
over the widest breadth of Cisco routers.
AToM Technical Description
Summary
AToM uses a directed Label Distribution
Protocol (LDP) session between Provider
Edge (PE) routers for setting up and
maintaining connections. Forwarding is
implemented through the use of label
switching between the edge routers.
Two-level labels are used for better
scalability. The external label, called the
“tunnel label,” is used by the MPLS
backbone to forward packets to the egress
PE. The label used to determine the egress
 interface and circuit, referred to as the “virtual-circuit label,” binds the Layer 2 egress interface to a virtual circuit
(emulated VC). All virtual-circuit label bindings are exchanged over a single LDP session between the two PE routers,
and they use the Virtual Circuit Forwarding Equivalence Class (FEC) element type 128 within the LDP label mapping
message. The VC label is established dynamically and exchanged between Provider Edge pairs via the LDP
“downstream unsolicited mode.”

AToM Applications

Overview

The Cisco AToM solution provides network operators and designers a choice of a number of applications based on
an MPLS backbone. Furthermore, these applications can be enabled in various combinations, as needed by service
providers and enterprise customers alike to achieve the ultimate scalability, flexibility, and performance provided by
the Cisco IOS Software. This section discusses the following applications enabled by the Cisco AToM solution:
• Metropolitan-area network services
• Layer 2 virtual leased-line services
• Layer 2 VPN services

Metropolitan-Area Network Services

One of the most important emerging market opportunities for service providers focused on large deployments is the
requirement for optical-speed data networks to connect multiple large sites within a specific metropolitan
geographical area. This market requirement is frequently referred to as a metropolitan-area network (or “metro”).

The following types of customers might require metro services:

• Service providers upgrading their backbone networks to optical speeds with MPLS can support legacy,
revenue-generating WAN technology over a packet backbone, such as Frame Relay or ATM switches. With Cisco
AToM solution, service providers can offer WAN transport between points of presence (POPs), as a private
connectivity service, or they can transport their own WAN traffic by integrating multiple circuit transport types
into one common backbone.
• With Cisco AToM solution, service providers can provide corporate customers with an optical-speed data
network to connect multiple corporate sites within a specific metro region. The corporate customers are
connected typically with Ethernet to the desktops, enabling the service providers to aggregate the traffic, privately,
over a virtual LAN (VLAN) interface and transport it to other locations across the network. The corporate
customers who require these metro services range in size from small and medium commercial businesses located
in commercial business parks or building complexes up to the Fortune 500 enterprise customers.
• Customers may want to extend the routing domain for Layer 3 services. Internet private peering is an example.
Private peering is the act of multiple Internet service providers (ISPs) establishing dedicated connections at a
network access point (NAP) to their respective networks. These connections are used to exchange traffic that is
destined for each ISP’s network. However, because of the geographical distribution of the ISPs, there is a limit on
who can participate in the peering arrangement. Using Cisco AToM solution, ISPs can create a Layer 2 virtual
connection over the MPLS infrastructure to create a distributed NAP. The virtual connection serves as an
interconnection among the ISPs and allows for a private peering arrangement across to other providers, without
the requirement of direct connections among them.

Cisco Systems, Inc.

All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 2 of 8
 Figure 1 shows a typical metro topology with Ethernet, ATM, and Frame Relay transport over a MPLS backbone.

The common characteristic of virtually all these customers is their need to establish private connectivity among
multiple locations in a specific metro service region or across multiple regions.

Large businesses that are looking for metro services have two basic requirements:
• Transparent WAN services or transparent LAN services (TLS) among various facilities within the metro
service region
• IP services for general-purpose, high-speed access to the Internet or to other corporate facilities located beyond
the metro service region

Figure 1
Metropolitan-Area Network Services

Backhaulling Private Networks

Commercial Commercial
Business Park Business Park

MPLS Network

Building P P
Building
Complex Complex

PE PE

Legacy POPs Transport

P P Frame Relay or
Frame Relay or ATM Switches
ATM Switches
P P

PE PE

Layer 2
Layer 2 Switch
Switch
PE PE

Extension of Broadcast Domain Virtual NAP or

for Layer 3 Services Private Internet
Internet Peering
Router
Virtual NAP or
Private Internet Internet
Peering Router

PE: Provider Edge

P: Provider Node

Cisco Systems, Inc.

All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 3 of 8
 As service providers attempt to meet these emerging requirements, they must evaluate new networking technologies
and architectures at both the data link and physical layers, as well as at the network layer. Obviously, these new
technologies must accommodate the service requirements of the metro customer.

One of the most promising areas of networking technology to address these requirements is MPLS, in general, and
AToM in particular. MPLS offers an excellent foundation for providing private network services across a wide range
of data link and physical network technologies throughout the service provider’s network domain, whether that
domain is in a single metro service area or is an international network spanning many metro service areas.

Cisco AToM solution takes advantage of an existing MPLS backbone network to deliver TLS based on any type of
media, including Ethernet, ATM, and Frame Relay connectivity to the customer site. The concept of transparent
metro services is straightforward: it is the ability to connect two geographically separate network segments, with the
two network segments appearing as a single logical connection or multiple network segments. The introduction of
such transport capability of network segments will allow service providers to deliver a service that allows virtual
networking in different locations within a metro service area to be cost-effectively connected at transmission speeds
equivalent to optical, Fast Ethernet, or Gigabit Ethernet.

Although Ethernet over MPLS (EoMPLS) is capable of delivering TLS functionality, it should not be confused with
traditional LAN bridging. Unlike traditional LAN bridging, EoMPLS does not perform any Layer 2 lookup to
determine if the destination Media Access Control (MAC) address resides on the local or remote segment, and does
not perform any Layer 2 address learning, as traditional LAN bridging does. Instead, EoMPLS is more analogous to
the transport of Layer 2 Frame Relay packets through an ATM backbone (which, in the future, could also be
migrated to an MPLS backbone). Forwarding of layer 2 frames based on MAC addresses will be added as a future
IOS enhancement.

When Cisco AToM solution is deployed in conjunction with MPLS VPN, the service provider can provide
tremendous flexibility in the variety of both Layer 2 and Layer 3 network services that can be provisioned for its
metro customers, and can do so over a single, simplified, integrated MPLS backbone network.

Layer 2 Virtual Leased-Line Services

Cisco Any Transport over MPLS allows ISPs to support several new services with transporting Layer 2 frames. One
attractive service is the ability to provide point-to-point “leased line”-like services over a circuit or packet
infrastructure to carry bandwidth-guaranteed applications such as voice, video, and online transaction processing.
With Cisco AToM solution, service providers can offer Layer 2 virtual leased-line services for Frame Relay, ATM,
PPP, HDLC, or Ethernet networks over a packet-based infrastructure. Furthermore, by using Cisco MPLS AToM
combined with Cisco MPLS traffic-engineering features and Cisco differentiated services/traffic engineering (DS-TE)
capabilities, service providers can provide differentiated services with customized bandwidth guarantees, quality of
service (QoS), and availability.

Today’s enterprise customers are responding to voice and data convergence by actively seeking solutions that are both
robust and inexpensive. These customers are increasingly using data networks to trunk voice traffic between sites for
intra-company communications over VPNs. Another requirement of enterprise customers is transportation of large
volumes of data periodically between primary and disaster recovery sites.

Cisco Systems, Inc.

All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 4 of 8
 With increasing adoption of voice over IP (VoIP), the landscape for deployment is rapidly changing. Service providers
are often driven by the need to provide customers a high grade of service to carry voice traffic across a network.
However, today’s multiservice packet networks rely on IP-based packet switching. In addition, IP by itself is simply
best-effort service that is not sufficient to provide the strict delay, jitter, and bandwidth guarantees required for VoIP
and other real-time traffic. Cisco IOS QoS features are ideal for this situation. Using the IETF differentiated services
(DiffServ) model for QoS, VoIP traffic can be treated appropriately.

With this in mind, a service provider must have the ability to:
• Determine the path that IP routing takes for a particular customer’s traffic
• Provision each router along the path for DiffServ
• Manually assure that not too many customers pass over that path, to avoid demand in excess of available
bandwidth (the “oversubscription” scenario)

Although this scenario is feasible in a small network, a more scalable way to manage bandwidth is necessary to
provide a point-to-point guarantee to the customer. The Cisco DS-TE solution is ideal for this situation. By
automatically choosing a routing path that satisfies the bandwidth constraint for each service class defined (such as
premium, gold, silver, or bronze), DS-TE relieves the service provider from having to compute the appropriate path
for each customer, and each service class per customer. Cisco IOS Software enables service providers to implement
the QoS capabilities they need to provide virtual leased-line services on a data network.

The Layer 2 virtual leased-line services focus on transporting Layer 2 protocols such as Ethernet, Frame Relay, PPP,
HDLC and ATM in a point-to-point fashion across MPLS networks. Layer 2 transport across an MPLS network may
be required either to extend existing services or to provide simple, easy-to-provision services that are attractive to
enterprise customers. For example, one service gaining popularity with providers is Ethernet over MPLS. Customers
can trunk non-IP protocols such as AppleTalk and Internetwork Packet Exchange (IPX) across the provider cloud,
or extend VLAN domains by transporting raw Ethernet frames. Service providers can use this service to create remote
peering points that appear as single hubs by extending the broadcast domains and trunking Ethernet. Another
example is to offer services to multidwelling units by providing Ethernet connection and then trunking the Ethernet
to the POP without adding any routing or content services at the customer location. Figure 2 shows a diagram of a
Layer 2 virtual leased line with Cisco ATM.

Similarly, virtual leased-line service can be used to provide Frame Relay transport. Service providers can continue
to sell Frame Relay services to end users by using Cisco DS-TE QoS techniques and Cisco IOS MPLS label stacking
with Cisco AToM capability. They can provide committed information rate (CIR) guarantees for Frame Relay end
to end. Likewise, combining the above methodology with ATM over MPLS can provide ATM variable bit rate
(VBR) guarantees.

Cisco Systems, Inc.

All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 5 of 8
 Figure2
Layer 2 Virtual Leased Line with Cisco AToM Solution

Any Transport
over MPLS (AToM)
MPLS Tunnel
Backbone

PE1 Virtual PE1

Leased Line

L2 Clouds
L2 Clouds

CPE Router CPE Router

With Cisco AToM solution, service providers can build virtual leased-line services and provide connectivity regardless
of physical connections at each site. For example, a customer can connect with Frame Relay on one site and connect
with Ethernet on the other. If this customer also wants to trunk their Interior Gateway Protocol (IGP) across the
provider cloud, the provider can trunk the traffic and provide bandwidth guarantees by using a common
encapsulation such as Point-to-Point Protocol (PPP) at both ends. By using PPP over MPLS in the provider network,
the provider can easily connect two disparate media and bind them using a common layer 2 mechanism. Cisco IOS
MPLS provides the ability to perform traffic engineering on the label switched paths (LSPs) and combine them with
QoS to provide services beyond the offering of traditional packet networks.

Layer 2 VPN Services

Another important emerging market opportunity for service providers focused on corporate customers derives from
the requirement for Ethernet to migrate from local-area networks (LANs) to metropolitan-area networks (MANs)
because of its simplicity, flexibility, low cost, and quick time to service. However, Ethernet lacks several key
service-level agreement (SLA) capabilities such as QoS, traffic engineering, reliability, and scalability. This
scenario prevents pure Ethernet-based metropolitan service providers (MSPs) from providing premium traditional
value-added services such as Layer 2 VPN to their end users and achieving competitive advantages. MPLS adds
connection-oriented, path-switching capabilities and provides premium service-level capabilities such as scalability,
reliability, QoS, and traffic engineering.

The Layer 2 media support and MPLS capabilities combined with the Cisco AToM solution improve economics for
Layer 2-based large service deployment and provide an optimal Layer 2 VPN solution in the metropolitan area.

Cisco Systems, Inc.

All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 6 of 8
 MPLS-based Layer 2 VPNs provide a flexible, high-speed service that removes the complexity associated with the
wide-area network (WAN) from the end users. With Layer 2 VPN, a service provider interconnects an enterprise
LAN, regardless of its physical location, in such a way that the WAN services supporting the network are not
apparent to the customer.

One of the primary ways the Cisco AToM solution provides Layer 2 VPN is by using EoMPLS as the LAN transport
technology. EoMPLS takes advantage of an existing MPLS backbone network to deliver Layer 2 VPN connectivity
to two or more customer sites. For instance, in the EoMPLS-based Layer 2 VPN implementation, each customer’s
traffic from a given site is mapped onto an MPLS LSP that extends across the MAN or WAN.

These LSPs are point to point in nature, and must be established between sites that have Layer 2 traffic transport
needs. Each LSP can enjoy reserved bandwidth across the MPLS cloud, as well as other QoS guarantees. This MPLS
implementation allows the service provider to provide service-level guarantees critical to offering premium SLAs.

This implementation also provides the ability to scale the customer VLANs, because an incoming customer’s VLAN
traffic on the ingress Cisco provider-edge device can be configured to map onto either the same or a different VLAN
at the egress Cisco provider-edge device.

The Cisco AToM implementation is compliant with and supports the following two IETF drafts:
• Transport of Layer 2 Frames over MPLS (draft-martini-l2circuit-trans-mpls-07.txt)
• Encapsulation Methods for Transport of Layer 2 Frames over MPLS (draft-martini-l2circuit-encap-mpls-03.txt)

Ethernet ports or IEEE VLANs are dedicated to customers on PE routers acting as label edge routers (LERs).
Customer traffic is mapped to a specific MPLS Layer 2 VPN by configuring Layer 2 FECs based upon the input port
or VLAN. Further, Cisco AToM solution utilizes LDP sessions between two Layer 2 PEs, as well as two-level labeling,
and a virtual circuit (VC), as described in the IETF drafts mentioned above. In addition, Cisco AToM implementation
relies on industry-standard implementation of LDP as specified by RFC 3036.

Figure 3 shows a typical AToM topology with Cisco PE (shown as PE1 and PE2) as LERs. It also shows a typical
frame as it traverses from customer edge 1 (CE1) through the MPLS backbone to CE2.

Figure 3
AToM Logical Topology and Packet Frame

CE1 CE2

MPLS Backbone

PE1 PE2
(LER) (LER)

Layer 2 Tunnel VC Label Original Ethernet Frame

Cisco Systems, Inc.

All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 7 of 8
Cisco AToM solution and Quality of Service

To differentiate their offerings and attract more customers, service providers must provide tiered services. Cisco AToM solution enables ISPs
and MSPs to differentiate service tiers with the ability to support end-to-end QoS.

Cisco AToM solution maps Layer 2 class marking bits to the MPLS experimental bits (EXP) at the entry point, the ingress of the network.
The EXP is a 3-bit field as part of the MPLS header, which was created by the IETF on an experimental basis, but later became part of the
standard MPLS header. The EXP bits in the MPLS header carry the packet priority. Each label switch router along the path honors the packet
priority by queuing the packet into the proper queue and servicing the packet accordingly. Therefore, service providers can deliver the IP
services that businesses demand, across either switched or routed networks.

Figure 4 shows an example of how the end-to-end VLAN 802.1P priority classification is retained and supported by the Cisco AToM-based
network. At the ingress PE, the class marking bits at Layer 2 are copied into the EXP bits in the MPLS header. At the egress PE, the same is
remapped back into 802.1P Layer 2 bits.

Figure 4
Cisco AToM QoS to MPLS Mapping

Ethernet Frame MPLS Header Ethernet Frame

802.1P Priority 802.1P Priority 802.1P Priority

Non-MPLS Domain MPLS Domain

Reference Documents

[1] draft-martini-l2circuit-trans-mpls-07.txt

[2] draft-martini-l2circuit-encap-mpls-03.txt

[3] RFC 3031, Multiprotocol Label Switching Architecture

[4] RFC 3036, LDP Specification

Corporate Headquarters European Headquarters Americas Headquarters Asia Pacific Headquarters

Cisco Systems, Inc. Cisco Systems Europe Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 11 Rue Camille Desmoulins 170 West Tasman Drive Capital Tower
San Jose, CA 95134-1706 92782 Issy-les-Moulineaux San Jose, CA 95134-1706 168 Robinson Road
USA Cedex 9 USA #22-01 to #29-01
www.cisco.com France www.cisco.com Singapore 068912
Tel: 408 526-4000 www-europe.cisco.com Tel: 408 526-7660 www.cisco.com
800 553-NETS (6387) Tel: 33 1 58 04 60 00 Fax: 408 527-0883 Tel: +65 317 7777
Fax: 408 526-4100 Fax: 33 1 58 04 61 00 Fax: +65 317 7799

Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the
Cisco Web site at www.cisco.com/go/offices
Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica • Croatia
Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland
Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland
Portugal • Puerto Rico • Romania • Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden
S w i t z e r l a n d • Ta i w a n • T h a i l a n d • Tu r k e y • U k r a i n e • U n i t e d K i n g d o m • U n i t e d S t a t e s • Ve n e z u e l a • Vi e t n a m • Z i m b a b w e

All contents are Copyright © 1992–2002, Cisco Systems, Inc. All rights reserved. CCIP, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Fast Step, Follow Me Browsing, FormShare, Internet
Quotient, iQ Breakthrough, iQ Expertise, iQ FastTrack, the iQ logo, iQ Net Readiness Scorecard, Networking Academy, ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.;
Changing the Way We Work, Live, Play, and Learn, Discover All That’s Possible, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX,
Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering
the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, GigaStack, IOS, IP/TV, LightStream, MGX, MICA, the Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX,
Registrar, SlideCast, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
(0201R) 202777/ETMG 03/02