Hi,
Below are quick brief points, you can review MPLS Fundamentals (Luc De Ghein) or MPLS and VPN architectures for more details:
Benifits of Overlay VPN:
. The best isolation and security for both the customer and the provider
. Well-known and easy implemented
. Service provider doesn't participate in the customer routing (This can be considered as a benifit or a drawback according to the case)
Benifits of Peer-to-Peer VPN:
. Scalable and easy provisioned
. Guarantees the optimum routing for the customer
Drawbacks of Overlay VPN:
. Implementing optimum routing requires full mesh between customer sites (The PVCs are point-to-point)
. The whole virtual circuits needs to be provisioned manually (administrative and maintenance headache for the provider)
Drawbacks of Peer-to-Peer VPN:
. The provider is responsible for the routing information and convergence
. The provider suffers from the customer isolation issue (high maintenance cost for packet filters) + low performance due to filtering
. All customers share the same IP space (in both models, Paket Filtering (shared-router approach) and Controlled Route Distribution (dedicated-router approach) no support for IP space overlapping)
. The Controlled Route Distribution solution requires a PE per cusomter which is not scalable
MPLS VPNs combines the best features of Overlay and Peer-to-peer VPN: (MPLS is considered an advanced form of Peer-to-Peer VPN)
. PE routers participate in customer routing and guarantee optimum routing between sites
. Easy provisioning and adding new sites
. PE isolates the customer routes in an easy and effective way as if dedicated PE for each customer (via VRFs)
. Customers can use overlapping addresses due to the perfect isolation via the VRFs
BR,
Mohammed Mahmoud.