Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

MPLS VPN vs IPSEC VPN on 802.1Q tunneling


I'm new in MPLS Field (seing that I work on Enterprise Campuses)...and it will be good to me having some feedback on a design from people who master MPLS and MPLS-VPN...

In an MAN network topology composed by 6 Core devices that will in near future offer IP services to end-customer we need to use IPSEC VPN Site-to-Site to avoid security issues...

The problem is which kind of technology using on the Core ...MPLS ? What about IEEE 802.1Q Tunneling to separate logically end-customers VLANs???...

If using MPLS...I've noticed that there are 2 alternatives for security:

- MPLS-VPN (IPSEC to Core VPN Mapping IPSEC to MPLS) or

- IPSEC-VPN using MPLS only as transport (IPSEC over Core VPN)

Which of the two will be the best ???


New Member

Re: MPLS VPN vs IPSEC VPN on 802.1Q tunneling


MPLS solves some difficult problem in IP world. VPN is very easy on MPLS. If your core is router based , MPLS will give you very powerful tool to configure VPN easyly. Moreover , MPLS gives you Traffic Engineering tool. If you use it you can use your all core bandwitdh very efficiently.

When you start such a project , I think scalibility should be concerned. You can carry customer traffic in different VLANs using 802.1q. But be carefull of Spanning tree. It deas not scale as MPLS.

Your IPSEC questions depends. If you need end-to-end encryption CE-CE IPSec is suitable. Also today IPSEC is not aware of MPLS. So there should be some tricks & additional router if you apply CE-PE IPSEC encryption.


CreatePlease to create content