MPLS VPNs
There are two basic types of VPNs: overlay and peer to peer. In an overlay
VPN, the service provider sets up the connections. Frame Relay permanent
virtual circuits (PVC) are an example of an overlay VPN. The service
provider does not participate in the customer’s routing when using an overlay
VPN. In a peer-to-peer VPN, the service provider transports the customer’s
routes across its network. Only one circuit per customer site is required, but
the service provider is required to have knowledge of each customer’s routes.
Customers may be required to re-IP address their networks, depending on
whether the provider uses a dedicated or a shared PE router. In addition,
there is no separation of customer routes.
MPLS VPNs provide the advantages of both types and minimize their drawbacks.
They provide the following:
■ The service provider participates in customer routing, thus providing
optimum paths through the provider network.
■ Each customer’s routes are kept separate from other customers’ routes.
■ Overlapping IP addresses are permitted, so customers do not have to
renumber.
MPLS VPNs use a two-label stack. In a traditional VPN, the IP header is
hidden by a tunnel IP header. In an MPLS VPN, the label identifying the
interface to the customer router is hidden by a label identifying the PE router
connected to that customer. MPLS switching through the provider network is
based on the top label until it reaches the edge (or egress) router. The top
label is popped, and the egress router reads the second label to learn where
to send that traffic. PHP can be used with MPLS VPNs. If so, the PE router
can use the second label to identify the VPN customer and do a route lookup
based on it. Otherwise, the PE router must do two lookups.