MPLS VPN Terminology version 1.

MPLS VPN provides end-to-end layer-3 VPN transport over a shared IP infrastructure. It’s address-agnostic (customers can use their own
IP address space) and routing-protocol-agnostic (the customers can use most routing protocols supported by Cisco IOS). In a typical MPLS
VPN solution, a large number of customer sites connect to a common Service Provider network.
P-network
Multi-homed customer site
CE-C
Simple
CE-A PE-A PE-C
P-1 customer site

C C-network
P-2
CE-B PE-B PE-D

CE-D
C-network

Backdoor link Extended BGP community

A backup link between two customer sites that should be used only 64-bit BGP communities defined in RFC 4360. The first 16 bits
if the MPLS VPN network fails. From the MPLS VPN perspective, a define the meaning of the community. The low-order 48 bits
backdoor link converts two separate customer sites into a single contain a globally-unique identifier (for example, 16-bit AS number
multihomed site. Special precautions (see sham link) usually have or 32-bit global IP address) and a locally-significant part defined by
to be taken to ensure that the traffic flows over the MPLS VPN the MPLS VPN provider. Extended BGP communities are used to
network and not over the backdoor link. indicate route import/export policies, customer site identifier or
OSPF/EIGRP attributes transported across the MP-BGP.
BGP community
Extranet VPN
Attribute attached to BGP (or MP-BGP) route. BGP communities
might be used to signal routing policies, tag routes or transport See overlapping VPN.
extra attributes not defined in BGP across BGP network. BGP
community is a 32-bit value. High-order 16 bits should contain the
Hub-and-spoke VPN
AS number of the organization defining the community and the A VPN topology that emulates hub-and-spoke Frame Relay (or
low-order 16 bits have local significance. ATM) networks. The traffic between spoke sites in a hub-and-spoke
VPN always traverses one of the hub sites. Hub-and-spoke VPNs
You must use the ip bgp-community new-format global
are commonly used in security-conscious environments where the
configuration command to display BGP communities on a
traffic between spoke sites has to be filtered or inspected by the
Cisco router in the format conforming to RFC 1997.
hub site(s). A customer might also require hub-and-spoke VPN to
C-network retain the network model and traffic flow from the Frame Relay
environment.
Customer network(s). In a typical scenario, numerous customer
networks connect to the same provider network (see P-network). LDP
CE-router Label Distribution Protocol. The protocol used between routers in
the provider network to establish end-to-end MPLS label switched
Customer edge router. A router in the customer network connected paths across the provider network.
to the provider network.
MP-BGP
Customer site
Multi-protocol Border Gateway Protocol (BGP). Extensions (defined
A contiguous part of a customer network. in RFC 2283) to the core BGP protocol (RFC 1771) that allow BGP to
Whenever two IP subnets can exchange traffic solely transport multiple address families, including IP Multicast, IPv6,
through routers and links belonging to the C-network, they VPNv4 and VPNv6
belong to the same site, even though that might not have
been the customer’s intention (see also backdoor link).

MPLS VPN resources MPLS VPN books

MPLS VPN training http://www.nil.com/ls/mpls MPLS and VPN Architectures
MPLS VPN remote labs http://www.nil.com/go/remote+labs MPLS and VPN Architectures, Volume II
MPLS VPN articles http://wiki.nil.com/Category:MPLS_VPN Definitive MPLS Network Designs
MPLS VPN tips & tricks http://blog.ioshints.info/search/label/MPLS%20VPN MPLS Fundamentals

by Ivan Pepelnjak www.NIL.com · www.NIL.com/go/community · blog.ioshints.info

MPLS RFC2547bis
Multi-protocol label switching. A layer 2½ technology that is used The name of the RFC draft that documented the actual
by MPLS VPN technology to transport customer IP datagrams implementation of MPLS VPN technology. Now published as RFC
across the P-network. 4364.
MPLS L2 VPN RT
Layer-2 VPN technologies (for example, Any Transport over MPLS; Extended BGP community attached to VPNv4 MP-BGP routes. The
AToM) using MPLS as the underlying transport mechanism. The route targets are used to indicate import/export policies of MPLS
term MPLS VPN is usually reserved for layer-3 (IP) VPN VPN topologies. In the simple VPN case, a single RT identical to RD
implementation. is attached to the VPNv4 routes and all VRFs in the VPN import the
routes tagged with RT.
Multihomed site
Sham link
A customer site connected to the P-network with more than one
PE-CE link. A virtual OSPF link created between two PE-routers in the context
of customer’s OSPF routing process. The sham link is used to
Multi-VRF establish a lower-cost path (over MPLS VPN network) between two
A solution (formerly known as VRF-Lite) where multiple VRFs are customers sites connected with a backdoor link.
configured on a CE-router to connect multiple customers to the
Simple VPN
same router without deploying the PE-functionality. The CE-router
does not need MPLS VPN functionality, MPLS-enabled interfaces or A VPN providing any-to-any connectivity to multiple customer sites.
MP-BGP. A CE-router using VRF-lite needs multiple uplinks to PE- The traffic flow in a simple VPN is optimal; the customer IP
router, one for each VRF. These uplinks could be implemented with datagrams are transported on the shortest path between the
subinterfaces, VLANs or GRE tunnels. ingress and egress PE-router.
Overlapping VPN SOO
A solution where a single customer site belongs to multiple VPNs. Site-of-origin. An extended BGP community indicating the
Overlapping VPNs might be used to connect central sites of several customer site from which an IPv4 route (translated into a VPNv4
organizations into an extranet. This topology is called Extranet VPN route) has been received. SOO is applicable to all non-link-state PE-
in some documentation. CE routing protocols (EIGRP, BGP, RIP) and can be used to detect
redistribution loops in multihomed scenarios (see multihomed
P-network site).
The Service Provider network providing edge-to-edge layer-3
TDP
transport.
Tag Distribution Protocol. A Cisco proprietary LDP-like protocol that
P-router predates LDP.
A core router in the provider network that is not connected to any
VPNv4
customer site.
96-bit address used in MPLS VPN networks to make customer IPv4
PE-CE link addresses globally unique. It’s composed of a 64-bit RD and 32-bit
A link between a PE-router and a CE-router. customer’s IP address.

PE-router VPNv6
An edge router in the provider network, connected to other P- or 192-bit address (defined in RFC 4659) used in MPLS VPN networks
PE-routers as well as at least one CE-router. to make customer IPv6 addresses globally unique. It begins with
64-bit RD and ends with 128-bit IPv6 address.
RD
VRF
Route distinguisher. A 64-bit quantity prepended to customer’s
IPv4 or IPv6 addresses to make them globally unique. Virtual Routing and Forwarding table. A virtual routing table in the
PE-router used to forward customer’s packets. Using a unique VRF
RFC2547 per customer allows the Service Provider to offer VPN services over
The original RFC describing MPLS VPN functionality. The actual MPLS VPN infrastructure. Multiple VRFs might be used for the same
implementation of MPLS VPN in Cisco’s and Juniper’s routers customer to implement complex topologies (see hub-and-spoke
departed from the RFC (see RFC2547bis). topology). A VRF contains IP routing table, Cisco Express
Forwarding (CEF) table, a set of routing protocols (including static
routes) and a set of PE-CE interfaces.

MPLS VPN resources MPLS VPN books

MPLS VPN training http://www.nil.com/ls/mpls MPLS and VPN Architectures
MPLS VPN remote labs http://www.nil.com/go/remote+labs MPLS and VPN Architectures, Volume II
MPLS VPN articles http://wiki.nil.com/Category:MPLS_VPN Definitive MPLS Network Designs
MPLS VPN tips & tricks http://blog.ioshints.info/search/label/MPLS%20VPN MPLS Fundamentals

by Ivan Pepelnjak www.NIL.com · www.NIL.com/go/community · blog.ioshints.info