The Solution: MPLS VPNs
The protocols and standards authentic by MPLS VPNs break the problems apparent in Amount 19-11
and accommodate a abundant beyond set of features. In particular, the MPLS VPN RFCs ascertain the concept
of application assorted acquisition tables, alleged Virtual Acquisition and Forwarding (VRF) tables, which
separate chump routes to abstain the alike abode ambit issue. This area defines some key
terminology and introduces the basics of MPLS VPN mechanics.
MPLS uses three agreement to call the role of a router back architecture MPLS VPNs. Note that the
names acclimated for the routers in best of the abstracts in this affiliate accept followed the assemblage of
identifying the blazon of router as CE, PE, or P, as listed here.
■ Chump bend (CE)—A router that has no ability of MPLS protocols and does not send
any labeled packets but is anon affiliated to an LSR (PE) in the MPLS VPN.
■ Provider bend (PE)—An LSR that shares a articulation with at atomic one CE router, thereby
providing activity accurate to the bend of the MPLS VPN, including IBGP and VRF tables
■ Provider (P)—An LSR that does not accept a absolute articulation to a CE router, which allows the router
to aloof advanced labeled packets, and allows the LSR to avoid chump VPNs’ routes
The key to compassionate the accepted abstraction of how MPLS VPNs assignment is to focus on the control
plane distinctions amid PE routers and P routers. Both P and PE routers run LDP and an IGP
to abutment unicast IP routing—just as was declared in the aboriginal bisected of this chapter. However, the
IGP advertises routes alone for subnets central the MPLS network, with no chump routes
included. As a result, the P and PE routers can calm characterization about-face packets from the admission PE
to the departure PE.
PEs accept several added duties as well, all geared against the affair of acquirements chump routes and
keeping clue of which routes accord to which customers. PEs barter routes with the connected
CE routers from assorted customers, application either EBGP, RIP-2, OSPF, or EIGRP, acquainted which
routes are abstruse from which customers. To accumulate clue of the possibly overlapping prefixes, PE
routers do not put the routes in the accustomed IP acquisition table—instead, PEs abundance those routes in
separate per-customer acquisition tables, alleged VRFs. Then the PEs use IBGP to barter these
MPLS VPNs 717
customer routes with added PEs—never announcement the routes to the P routers. Amount 19-12 shows
the ascendancy even concepts.
Figure 19-12 Overview of the MPLS VPN Ascendancy Plane
The MPLS VPN abstracts even additionally requires added assignment and anticipation by the PE routers. The PE routers
do not accept any added assignment to do, with one baby exception, as compared with simple unicast
IP routing. The added assignment for the PE relates to the actuality that the MPLS VPN abstracts even causes the
ingress PE to abode two labels on the packet, as follows:
■ An alien MPLS attack (S-bit = 0), with a characterization amount that causes the packet to be label
switched to the departure PE
■ An close MPLS attack (S-bit = 1), with a characterization that identifies the departure VRF on which to base
the forwarding decision
Figure 19-13 shows a accepted conceptual appearance of the two labels and the forwarding process. The
figure shows a subset of Amount 19-12, with genitalia removed to abate clutter. In this case, a host in
customer A on the larboard ancillary of the amount sends a packet to host 10.3.3.3, amid on the appropriate side
of the figure.
NOTE The appellation all-around acquisition table is acclimated to accredit to the IP acquisition table commonly acclimated for
forwarding packets, as compared with the VRF acquisition tables.
CE-A1
CE-A4
CE-B1
CE-C1
Customer A
Customer B
Customer C
CE-C2
Customer C
Subnet
10.3.3.0/24
PE4
P1
SP Network
P2
IGP or
EBGP
IGP or
EBGP
LDP/
IGP
LDP/
IGP
LDP/
IGP
LDP/
IGP LDP/
IGP
LDP/
IGP
IBGP
IBGP
IBGP
IGP or
EBGP
IGP or
EBGP
IGP or
EBGP
CE-A2
Customer A
Subnet
10.3.3.0/24
CE-B2
Customer B
Subnet
10.3.3.0/24
PE1 PE2
718 Affiliate 19: Multiprotocol Characterization Switching
Figure 19-13 Overview of the MPLS VPN Abstracts Plane
The amount shows the afterward steps:
1. CE1 assiduously an unlabeled packet to PE1.
2. PE1, accepting accustomed the packet in an interface assigned to VRF-A, compares the packet’s
destination (10.3.3.3) to the VRF-A CEF FIB, which is based on VRF-A’s acquisition table. PE1
adds two labels based on the FIB and assiduously the labeled packet.
3. P1, acting aloof the aforementioned as with unicast IP routing, processes the accustomed labeled packet using
its LFIB, which artlessly causes a characterization swap. P1 assiduously the packet to PE2.
4. PE2’s LFIB access for characterization 2222 lists a pop action, causing PE2 to abolish the alien label.
PE2’s LFIB access for characterization 3333, busy based on the VRF for chump A’s VPN, additionally lists
a pop activity and the approachable interface. As a result, PE2 assiduously the unlabeled packet to
CE2.
The ascendancy even and abstracts even processes declared about Abstracts 19-12 and 19-13 outline the
basics of how MPLS VPNs work. Next, the affiliate takes the explanations a little added with a
closer attending at the new abstracts structures and ascendancy even processes that abutment MPLS VPNs.
NOTE In absolute practice, Steps 3 and 4 alter hardly from the descriptions listed here, due to
a affection alleged penultimate hop bustling (PHP). This archetype is meant to appearance the core
concepts. Amount 19-23, against the end of this chapter, refines this argumentation back the router uses the
PHP feature, which is on by absence in MPLS VPNs.
PE1 P1 PE2
CE1 CE2
Inner: IP
3333
IP
IP
Inner: IP
3333
Outer:
1111
Outer:
1111
Int. In
VRF-A
Int. In
VRF-A
1
2 3
4
Incoming interface in
VRF-A, which lists
10.3.3.0/24 with labels
1111 and 3333.
LFIB lists swap
action, in label
1111, out characterization 2222.
LFIB says to pop
both labels and
forward to CE2.