MPLS VPN Architecture and Terminology
In the MPLS VPN architecture, the edge routers carry customer routing information, providing optimal routing for traffic belonging to the customer for inter-site traffic. The MPLS-based VPN model also accommodates customers using overlapping address spaces, unlike the traditional peer-to-peer model in which optimal routing of customer traffic required the provider to assign IP addresses to each of its customers (or the customer to implement NAT) to avoid overlapping address spaces. MPLS VPN is an implementation of the peer-to-peer model; the MPLS VPN backbone and customer sites exchange Layer 3 customer routing information, and data is forwarded between customer sites using the MPLS-enabled SP IP backbone.
The MPLS VPN domain, like the traditional VPN, consists of the customer network and the provider network. The MPLS VPN model is very similar to the dedicated PE router model in a peer-to-peer VPN implementation. However, instead of deploying a dedicated PE router per customer, customer traffic is isolated on the same PE router that provides connectivity into the service provider's network for multiple customers. The components of an MPLS VPN shown in Figure 3-3 are highlighted next.
Figure 3-3. MPLS VPN Network Architecture
The main components of MPLS VPN architecture are
- Customer network, which is usually a customer-controlled domain consisting of devices or routers spanning multiple sites belonging to the customer. In Figure 3-3, the customer network for Customer A consists of the routers CE1-A and CE2-A along with devices in the Customer A sites 1 and 2.
- CE routers, which are routers in the customer network that interface with the service provider network. In Figure 3-3, the CE routers for Customer A are CE1-A and CE2-A, and the CE routers for Customer B are CE1-B and CE2-B.
- Provider network, which is the provider-controlled domain consisting of provider edge and provider core routers that connect sites belonging to the customer on a shared infrastructure. The provider network controls the traffic routing between sites belonging to a customer along with customer traffic isolation. In Figure 3-3, the provider network consists of the routers PE1, PE2, P1, P2, P3, and P4.
- PE routers, which are routers in the provider network that interface or connect to the customer edge routers in the customer network. PE1 and PE2 are the provider edge routers in the MPLS VPN domain for customers A and B in Figure 3-3.
- P routers, which are routers in the core of the provider network that interface with either other provider core routers or provider edge routers. Routers P1, P2, P3, and P4 are the provider routers in Figure 3-3.