...
The service is delivered to end-users over a point called Service Demarcation Point (SDP) at the edge of the NRENs or Regional Networks. In practice, the way the service is delivered to the end-users depends on NRENs but a widespread practice is:
- For L3VPN in IP packets form
- For point to point layer 2 circuit (i.e. Point-to-Point L2VPN) and Multipoint L2VPN (VPLS) in 802.1q packets form over dedicated VLANs or in a dedicated port;
Figure 1: MD-VPN infrastructure
This infrastructure allows the end-users (scientist, etc) of the IPv4/IPv6 or Layer2 networks to work as if their networks where coupled together directly (the intermediate networks are transparent for end-users). A typical scenario would be an international collaboration where a project wants to connect a number of sites from different physical locations to create a collaborative infrastructure as if they were in the same physical location; so the organization can access to the same level of security as all their sites would be in the same location. This security improvement allows very performance achievement by avoiding the usage of firewall deep inspection like with standard IP. Distributed infrastructures like Grid, cloud or HPC can typically take benefit of MD-VPN.
The MD-VPN service also provides privacy amongst different instances (VPNs) of the service i.e. the content being sent back and forth between the different sites is kept in the private entity that owns the data. This is achieved because the data flows of the MD-VPN customer are isolated from any other traffic, standard IP traffic and traffic of other the MD-VPN customers.