The MEF has a set of specs for this. http://metroethernetforum.org/ In general, it's built as a "dumb pipe" virtual circuit, IE your client BPDUs and other IEEE 802.* signaling are ignored, as they are encapsulated, and forwarded explicitly to a given port. What you do on the switch that gets the deencapsualted traffic is your business. -----Original Message----- From: Endresen Even [mailto:Even.Endresen@bkk.no] Sent: Thursday, December 31, 2009 12:41 AM To: nanog@nanog.org Subject: Restrictions on Ethernet L2 circuits? Hello, Anyone with opinions on what restrictions a service provider should and should not impose on Ethernet L2 circuits provided to business customers wanting to connect several offices? The service provider's MPLS core network doesn't mind what traffic flows through the EoMPLS tunnel, but the L2 access network do mind and can be vulnerable to several layer 2 issues. Broadcast storm control and BPDU filter will protect the access network to a certain degree, but there are still potential layer 2 problems that can affect the switches, for example MAC address spoofing/flooding. Not to mention potentially difficult troubleshooting if a business customer connects two large LANs through the ISP's Ethernet layer 2 circuit, and then experience some occult layer 2 problem. Should business customers expect to be able to connect several LANs through an Ethernet L2 ciruit and build a layer 2 network spanning several locations? Or should the service provider implement port security and limit the number of MAC addresses on the access ports, forcing the customer to connect a router in both ends and segment their network? Also, do you see a demand for multi-point layer 2 networks (requiring VPLS), or are point-to-point layer 2 circuits sufficient to meet market demand? The most important argument for customers that choose Ethernet L2 over MPLS IP-VPN is that they want full control over their routing, they don't want the involvement from the service provider. Some customers also argue that a flat layer 2 network spanning several locations is a simpler and better design for them, and they don't want the "hassle" with routers and network segmentation. But IMO the customer (and the service provider) is far better off by segmenting their network in the vast majority of cases. What do you think? Regards, Even ___________________________________________________ This message and any attachment is intended for the person(s) named above only. It may contain information that is confidential or legally privileged. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately. Thank You. This footnote confirms that the email and attachment(s) has been swept by our anti-virus solution for the presence of known computer viruses.