Layer 2 (synonymously called Data Link Layer (DLL)) is the second layer of the seven-layer OSI model of computer networking. The DLL is the protocol layer which transfers data between adjacent network nodes in a Wide Area Network (WAN) or between nodes on the same Local Area Network (LAN) segment. WANs are used to connect LANs and other types of networks together, so that users and computers in one location can communicate with users and computers in other locations. A network segment is a portion of a computer network, wherein every device communicates using the same Physical Layer (the Physical Layer is the first and lowest layer in the seven-layer OSI-model of computer networking).
The DLL provides the functional and procedural means to transfer data between network entities and might provide the means to detect and possibly correct errors that may occur in the Physical Layer. Delivery of frames by Layer 2 devices is affected through the use of unambiguous hardware (physical) addresses. A frame's header contains source and destination addresses that indicate which device originated the frame and which device is expected to receive and process it. In computer networking the term physical address is often used as a synonym of Media Access Control (MAC) address. This address is used on a network's DLL for identifying the source and destination.
The DLL is concerned with local delivery of frames between devices on the same LAN. These DLL frames do not cross the boundaries of a local network, e.g. a LAN.
However, with increasing importance of mobile communications, scenarios become increasingly important in which a user of a mobile communication terminal leaves his home local network and moves to another foreign local network. For instance, a user could start from fixed Ethernet in the office and then disconnect his laptop or mobile phone and move to the office's Wireless LAN (WLAN). When the user leaves the office, the laptop or mobile phone could start using 2G or 3G mobile data networks (e.g., Enhanced Data Rates for GSM Evolution (EDGE), High Speed Packet Access (HSPA), Wideband Code Division Multiple Access (WCDMA), Universal Mobile Telecommunications System (UMTS), High Speed Downlink Packet Access (HSDPA) or the like). When the user arrives home, the laptop could switch to the home WLAN.
For this scenario, it is desirable that the user's mobile communication terminal maintains connectivity when moving from one local network to the other.
One approach has been to extend the local network. So far, Layer 2 Virtual Private Network (VPN) technologies are used extensively to extend a Layer 2 network beyond its physical boundaries. Multiple tunnelling or marking mechanisms are available to create a larger logical Layer 2 network over an existing Layer 2 or Layer 3 (also called Network Layer, which is the third layer of the seven-layer OSI-model of computer networking) infrastructure. Such mechanisms include Virtual Local Area Network (VLAN) mechanisms over Layer 2 networks (802.1ad), or tunnelling of Layer 2 frames over an Internet Protocol (IP) network using e.g., Layer 2 Tunnelling Protocol version 3 (L2TPv3), Secure Sockets Layer (SSL) or other protocols.
Layer 2 VPN solutions have an advantage over layer 3 VPN solutions in that they automatically support all Layer 3 protocols, implying that not only IP but also other Layer 3 protocols can run smoothly. Even though it is usually possible to rely on IP for most networking applications, configuring and managing a routed IP network may take longer and be more costly. Besides, using Layer 2 VPN solutions can make it easier to support broadcast/multicast as well. It must be noted though that the use of Layer 2 VPN also comes with an overhead because the tunnelled packets are longer due to the need to transfer Layer 2 frames (DLL frames). This overhead can be mitigated via the use of header compression.
Although there are several techniques of tunnelling Layer 2 frames over an IP network, e.g. L2TPv3 or other tunnelling methods, existing mechanisms do not provide an efficient way to support mobility for the end user when his IP address changes while maintaining Layer 2 VPN connectivity.
MOBIKE is a protocol defined at the IP layer to enable mobility for Internet Protocol security (IPsec) tunnelling which can also be used to carry Layer 2 frames (in combination with L2TPv3). MOBIKE can support mobility (including change of interface) for an end host while maintaining VPN connectivity. MOBIKE achieves this by automatically re-negotiating the security association for the IPsec tunnel to use another pair of endpoints. This can be used by an end host as it moves while being away from the home network that it connects. There is, however, a limitation of MOBIKE. That is, when the user physically connects to its home network, the IPsec tunnelling is still maintained. This means that all traffic must pass through the VPN server even when it would not be otherwise necessary since the user stays at his home network.
Tunnelling all local traffic through an IPsec tunnel via the local VPN server might be useable in certain deployments, but in general such an approach gives inferior performance and incurs additional costs due to the high load that this would cause on the VPN server. In a residential or corporate scenario, many users are stationary most of the time (connected to his/her home/corporate network), and only rarely move away (to another network). Hence, it is hard to justify tunnelling all of the traffic through the VPN server (independent of whether the user connects its mobile device to the home/corporate network or to another/foreign network) just because some users may sometimes move.