3com 8807 Guia Do Utilizador
530
C
HAPTER
49: BGP/MPLS VPN C
ONFIGURATION
BGP/MPLS VPN Model
BGP/MPLS VPN model
Figure 127 MPLS VPN model
As shown in Figure 127, MPLS VPN model contains three parts: CE, PE and P.
■
CE (Customer Edge) device: It is a composing part of the customer network,
which is usually connected with the service provider directly through an
interface. It may be a router or a switch which cannot sense the existence of
VPN.
which is usually connected with the service provider directly through an
interface. It may be a router or a switch which cannot sense the existence of
VPN.
■
PE (Provider Edge) router: It is the Provider Edge router, namely the edge device
of the provider network, which connects with your CE directly. In MPLS
network, PE router processes all the operations for VPN.PE needs to possess
MPLS basic forwarding capability.
of the provider network, which connects with your CE directly. In MPLS
network, PE router processes all the operations for VPN.PE needs to possess
MPLS basic forwarding capability.
■
P (Provider) router: It is the backbone router in the provider network, which is
not connected with CE directly. P router needs to possess MPLS basic
forwarding capability.
not connected with CE directly. P router needs to possess MPLS basic
forwarding capability.
The classification of CE and PE mainly depends on the range for the management
of the provider and the customer, and CE and PE are the edges of the
management ranges.
of the provider and the customer, and CE and PE are the edges of the
management ranges.
Nested BGP/MPLS VPN model
In a basic BGP/MPLS VPN model, the PEs are in the network of the service provider
and are managed by the service provider.
and are managed by the service provider.
When a VPN user wants to subdivide the VPN into multiple VPNs, the traditional
solution is to configure these VPNs directly on the PEs of the service provider. This
solution is easy to implement, but has the following disadvantages: the number of
the VPNs carried on PEs may increase rapidly; the operator may have to perform
more operations when required by a user to adjust the relation between the user’s
internal VPNs. These disadvantages not only increase the network operating cost,
but also bring relevant management and security issues.
solution is to configure these VPNs directly on the PEs of the service provider. This
solution is easy to implement, but has the following disadvantages: the number of
the VPNs carried on PEs may increase rapidly; the operator may have to perform
more operations when required by a user to adjust the relation between the user’s
internal VPNs. These disadvantages not only increase the network operating cost,
but also bring relevant management and security issues.
The nested VPN is a better solution. Its main idea is to transfer VPNv4 route
between PE and CE of common BGP MPLS/VPN such that user themselves can
between PE and CE of common BGP MPLS/VPN such that user themselves can
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
CE
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
CE
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
Backbone network of
the service provider
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
CE
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
CE
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
CE
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
Backbone network of
the service provider
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2