Provisioning a VPN using a layer-2 solution is simpler, and more straight forward. Each PE router carrying the VPN needs to know the other PEs to establish VCs with in order to form the desired VPN. Then the PE ports connected to the customer sites are mapped to the VPN. Note that the use of auto-discovery eliminates the need to explicitly configure peer PEs that carry the same VPN. Currently, there are several ideas within the IETF for performing auto-discovery. When standardized, service provisioning using a layer-2 solution would be even simpler. 1 Other variants of the VPLS approach described here utilize BGP for VPN signaling. IP/MPLS-Based VPNs Layer-3 vs. Layer-2 Page 15 of 16 FOUNDRY NETWORKS WHITE PAPERManagement and Maintenance When managing a layer-3 solution, doing configuration changes, or troubleshooting problems, the service provider engineers would mainly be dealing with BGP peering sessions, BGP routes with different extended communities, their propagation, and selection by the PE, peering with customer CE routers, etc. As in many large scale IP networks, route reflection clusters or a confederation with multiple member-ASes might be in use which could contribute to the complexity of the task at hand. Also, dealing with a large number of routes belonging to multiple routing and forwarding table in addition to the global table is certainly more demanding than dealing with a single table. Finally, configuration files on the PE routers could grow so large which makes it harder to spot a misconfigured statement.