The challenge is that the traditional Layer 2 services that Ethernet services are replacing-and that are, in fact, bread-and-butter offerings for pro-viders-rely on their connection-oriented capability to provide such key features as security, traffic management and ease of billing. To achieve widespread deployment, services based on Ethernet need to find a way to provide that connection-oriented capability.

An additional challenge is in the transport of these Ethernet services over metro networks, where Sonet/SDH is the dominant transport infrastructure. Sonet/SDH provides scalability, reliability, security and quality of service, but it needs to have simpler provisioning systems and improved bandwidth efficiency. Next-generation Sonet/SDH equipment is addressing those issues.

An elegant solution to such problems is to use multiprotocol label switching (MPLS) to combine the advantages of both optical Ethernet and Sonet/SDH in metropolitan networks. Although it was initially designed for traffic engineering and Layer 3 virtual private networks (VPNs) in core router networks and later enjoyed success in core optical networks as an intelligent control plane, MPLS can provide connection-oriented capabilities and simplified provisioning for Ethernet services in emerging optical networks.

Optical Ethernet VPNs provide a good example of how MPLS can be implemented with Ethernet to deliver these capabilities. An Optical Ethernet VPN is a Layer 2 bridge service, which provides point-to-point or multipoint-to-multipoint data connectivity. Parts of the service provider network involved in delivering Ethernet VPN service will emulate a multipoint Ethernet LAN to create a VPN.

To set up a point-to-point Ethernet service between two customer sites, several operations need to be performed. First, a Sonet path connecting the access nodes at two customer sites needs to be provisioned. This procedure is performed only once and is not repeated for other customers on the same access node. All customers share this path to tunnel their traffic through the metro optical network, and statistical multiplexing of multiple Ethernet services over this tunnel yields superior bandwidth utilization. The addressing scheme used to send the traffic between the end points is called the "tunnel label." The tunnel label in this case is a Sonet header.

The access node initiates the connection setup via signaling protocols-either generalized MPLS (GMPLS) or the user-to-network interface (UNI) standardized by the Optical Internetworking Forum.

The access nodes at the two ends need to discover the VPN members. As well, they need to learn the labels or addressing information being used to send traffic between the sites. The discovery and learning process is done automatically via label distribution protocol (LDP) signaling as being defined by the Internet Engineering Task Force. This signaling will be done over the Sonet path between the end points, but the metro core nodes are not aware of it. The process yields one or more MPLS labels called "VPN labels." With these labels, the access node learns information about the VPN member, including the node address, port number, etc.

The marriage of MPLS and optical Ethernet enables service providers to offer connection-oriented offerings such as virtual leased lines and transparent LAN services without the complexity inherent in private-line, ATM or frame-relay networks. It also allows service providers to leverage their existing Sonet infrastructures to provide a virtual private network connecting the geographically dispersed sites. The combination of both the technologies can provide benefits including quality of service, traffic engineering, reliability, traffic separation between multiple users, improved use of bandwidth and simpler provisioning.