Internal

MPLS L3 VPN Principle

www.huawei.com

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved

 This slides will introduce
MPLS L3 VPN system
structure, label distribution,
data forwarding and typical
application.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 2

 Chapter 1 VPN Classification

Chapter 2 MPLS L3 VPN Principle

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 3

VPN Classification
VPN is a virtual private communication network
built over public networks
By operation mode

VPN
Users need to build, manage
and maintain VPNs. ie:IPSec, ISPs build, manage and
IP-VPN
GRE, L2TP and PPTP maintain VPNs

CPE-Based VPN Network-Based VPN

VLL VPRN VPDN VPLS

MPLS/BGP VPN VR-VPN

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 4

VPN PRINCIPLE
The principle of VPN is to encapsulate data with certain
kinds of tunneling protocol and use the existing public
networks (Internet, PSTN or ISDN) to establish a specific
data transmission channel. Then, data can be transported
transparently.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 5

 Chapter 1 VPN Classification

Chapter 2 MPLS L3 VPN Principle

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 6

MPLS VPN Network Structure

VPN_A iBGP sessions VPN_A

10.2.0.0 11.5.0.0
CE
CE
VPN_B VPN_A
10.2.0.0 P P PE CE 10.1.0.0
CE PE
VPN_A
11.6.0.0 P P
CE VPN_B
PE CE 10.3.0.0
PE
VPN_B
10.1.0.0 CE

CE (Custom Edge Router): The user equipment directly connected with the
service provider.
PE (Provider Edge Router): The edge router on the backbone network,
connected with CE and mainly responsible for access of the VPN service.
P (Provider Router): The core router on the backbone network, mainly
responsible for the routing and fast forwarding functions.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 7
Relationship Between PE and CE
C
CE

VPNA Site - 1
PE

VRF for VPNA

EBGP, RIP, Static
CE
Global route
VRF for VPNB
VPNB Site - 2

PE and CE routers exchange information via the EBGP, RIP or static

route. CE runs the standard routing protocol.
PE maintains separate routing tables of the public network and
private network.
Routing table of public network, including the routes of all PE and P
routers, generated by the backbone network IGP of VPN.
VRF (VPN routing & forwarding), including tables of routing &
forwarding to one or multiple directly connected CEs.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 8
VRF Detail
VRF can be regarded as a virtual router

PE maintains a separate forwarding table for each site.

Each site has a unique VRF.

If (and only if) two sites have identical forwarding table,

they share a VRF.

The interface connected with CE is mapped to VRF.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 9

Route Distinguisher & Route Target

*ROUTE DISTINGUISHER

RD just used to uniquely identify the IP routing information

when transmitting the routing information through the public
network.

*ROUTE TARGET

RT is used to separate VPN routing information advertisement

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 10

VPNv4 and IPv4 Address Families
VPNV4 address structure:

Route Distinguisher (8 bytes) IPv4 address

To enable different VPNs to use the same address space, a new

address family.

RD is unique among different VPNs.

If two VPNs use the same IP address, PE router will add different
RDs for them and convert the address into a unique VPN-v4
address without causing conflict of the address space.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 11

VPNv4 and IPv4 Address Families
VPNV4 address structure:

Route Distinguisher (8 bytes) IPv4 address

RD format: there have two types.

16-bit Autonomous System Number (ASN): 32-bit user-defined number,

100:1

32-bit IP address: 16-bit customized number,

172.1.1.1:1

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 12

WHY BGP?

Different from the Interior Gateway Protocol (IGP),

BGP focuses on controlling route transmission and
selecting the optimal routes instead of discovering and
calculating routes.

BGP uses TCP with the port number 179 as the

transport-layer protocol. The reliability of BGP is thus
enhanced.

VPN routes can be directly exchanged between two

non-directly connected PEs.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 13

MBGP

PE and PE set up IBGP session and exchange routing

information by BGP, by adding RD prefix , now the
VPN’s address is VPNv4 address family, BGP-4 only
supports IPv4 ,BGP can’t recognise such routing
information, how to solve it?

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 14

MBGP

MBGP (Multiprotocol Extensions for BGP-4 )

BGP-4 only supports IPv4, and is extended to
MBGP to transfer the route information of more
protocols (IPv6, IPX,etc.).
To maintain compatibility, only two BGP attributes
are added for MBGP: MP_REACH_NLRI and
MP_UNREACH_NLRI.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 15

 MPLS L3 VPN Configuration Steps
IP address, IGP, make
sure that PE-PE IP
reachable
Basic Configuration
Enable MPLS with
system and interface
MPLS Function

Enable LDP with

LDP Function system and interface

VPN name and RD，

Define VPN RT, bind to interface

BGP Peer, Active

PE-PE MP-BGP Function remote PE and route
import

Static, EBGP, OSPF, or

PE-CE Routing Protocol RIP

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 16

Thank You
www.huawei.com