Nokia service models — EPipe, VPLS, VPRN, IES
14 min
Nokia SR OS has a well-defined taxonomy for the services an operator delivers over an MPLS core. The same four-letter names appear in every customer-facing document, every Site Manager / NSP form, and every interview question. Learn them once and they unlock all the operator MPLS work.
The four models at a glance
| Service | Layer | Pseudo-name | Use | |---|---|---|---| | EPipe | L2 point-to-point | E-Line (MEF), VPWS, pseudowire | "Hand me an Ethernet wire between two sites" | | VPLS | L2 multipoint | E-LAN, MAC-based L2VPN | "Give my N sites one shared bridged LAN over the WAN" | | VPRN | L3 multipoint | L3VPN, MPLS-VPN, RFC 4364 | "Give my N sites routed IP connectivity, isolated from other customers" | | IES | L3 single-customer (not VPN) | Internet Enhanced Service | "Give me native IP — usually for internet uplinks or transit" |
Every service has its own configuration block with a unique service-id; customer-facing access ports are SAPs (Service Access Points); core-facing connections to remote peers are SDPs (Service Distribution Points) carrying the inner VPN label.
EPipe — virtual Ethernet wire
A point-to-point L2 service. Two SAPs on two PE routers, glued together by an MPLS pseudowire. From the customer's perspective they have a transparent Ethernet cable between two sites — VLAN tags, MAC addresses, frames just pass through.
Customer A.1 ──[SAP] PE-1 ───[MPLS PW]─── PE-2 [SAP]── Customer A.2
Configuration sketch (SR OS):
[object Object]Common uses: connecting two campus LANs, point-to-point legacy industrial links over a modern MPLS WAN, "transparent ethernet" services billed per circuit.
VPLS — virtual private LAN service
A multipoint L2 service: 3, 5, 20 sites all share one logical bridged LAN. The PE learns MACs from each SAP and from incoming pseudowires; floods unknowns; forwards known unicasts directly. The customer sees one big switch spanning all their sites.
VPLS uses a full mesh of pseudowires between PEs (logical, not physical) so that any MAC can reach any other.
A.1 ──[SAP] PE-1 ───┐
├── shared L2 broadcast domain over MPLS
A.2 ──[SAP] PE-2 ───┤
│
A.3 ──[SAP] PE-3 ───┘
Modern variant: EVPN-VPWS / EVPN-VPLS — same service idea, but control plane uses BGP EVPN rather than LDP signaling. Better scaling and fewer dataplane hacks. Default for new deployments on most vendors.
VPRN — virtual private routed network (L3VPN)
The big one. Each customer gets their own VRF (Virtual Routing and Forwarding instance) on every PE that serves them. PEs run a routing protocol — usually BGP — to exchange the customer's routes between sites, all stamped with a per-customer Route Target. Per-customer routes never leak into other customers' VRFs.
The data plane uses two labels: an outer label gets the packet across the MPLS core to the egress PE, an inner label tells the egress PE which VRF to look up the destination in.
A.1 (10.0.1.0/24) ──[SAP] PE-1 ──[MPLS+labels]── PE-2 [SAP]── A.2 (10.0.2.0/24)
B.1 (10.0.1.0/24) ──[SAP] PE-1 ──[MPLS+labels]── PE-3 [SAP]── B.2 (10.0.99.0/24)
Two completely separate customers can use overlapping IP space (both have 10.0.1.0/24); the VRF isolates them. This is how every operator's MPLS VPN service works.
[object Object]IES — Internet Enhanced Service
A "non-VPN" L3 service: just routed IP, in the global routing table. Used for internet uplinks, peering, and transit services where you don't need (or want) VRF isolation.
configure
service
ies 300 customer 1 create
interface "uplink" create
address 203.0.113.1/30
sap 1/1/5:0 create
exit
exit
no shutdown
exit
exit
In modern designs, IES is often replaced by simply binding interfaces to the global routing instance directly. Different vendors have slightly different idioms.
Picking the right service
| Customer says | You give them | |---|---| | "I want my two offices joined as one Ethernet link" | EPipe | | "I want 12 sites bridged into one LAN" | VPLS | | "I want 12 sites routing IP, isolated from other customers" | VPRN | | "I just want internet" | IES (or just bind to global) |
What to remember
- EPipe = L2 point-to-point pseudowire.
- VPLS = L2 multipoint shared LAN.
- VPRN = L3 VPN with per-customer VRF; the operator workhorse.
- IES = L3 in the global table; internet / transit.
- SAPs face the customer; SDPs face the core. Two-label data plane: outer for transport, inner for service.
- EVPN is the modern control plane increasingly replacing LDP-signaled VPLS / pseudowires.