beautypg.com

Bgp/mpls vpn packet forwarding, Applications of bgp/mpls vpn – HP Intelligent Management Center Licenses User Manual

Page 37

background image

BGP/MPLS VPN Packet Forwarding

For basic BGP/MPLS VPN applications in a single AS, VPN packets are forwarded with two layers
of labels: Layer 1 labels: Outer labels, used for label switching inside the backbone. They indicate
Label Switch Path (LSPs) from the local PEs to the remote PEs. Based on layer 1 labels, VPN packets
can be label switched along the LSPs to the remote PEs. Layer 2 labels: Inner labels, used for
forwarding packets from the remote PEs to the CEs. An inner label indicates to which site, or more
precisely, to which CE the packet should be sent. A PE finds the interface for forwarding a packet
according to the inner label. The following figure is an example to illustrate the VPN packet
forwarding procedure.

BGP/MPLS VPN packet is forwarded in the following steps:

1.

Site 1 sends an IP packet with the destination address of 1.1.1.2. CE 1 transmits the packet
to PE 1.

2.

PE 1 searches VPN instance entries based on the inbound interface and destination address
of the packet. Once finding a matching entry, PE 1 labels the packet with both inner and outer
labels and forwards the packet out.

3.

The MPLS backbone transmits the packet to PE 2 by outer label. Note that the outer label is
removed from the packet at the penultimate hop.

4.

PE 2 searches VPN instance entries according to the inner label and destination address of
the packet to determine the outbound interface and then forwards the packet out the interface
to CE 2.

5.

CE 2 transmits the packet to the destination by IP forwarding.

Applications of BGP/MPLS VPN

In MPLS L3VPNs, VPN target attributes are used to control the advertisement and reception of VPN
routes between sites. They work independently and can be configured with multiple values to
support flexible VPN access control and implement multiple types of VPN networking schemes.

Any service of a user can correspond to a networking scheme, no matter how complicated the
networking scheme is. BGP/MPLS VPN takes two types of networking schemes, and you can
combine these two types of VPNs. There is no limit on the number of VPNs for a service, but you
are recommended to configure different Targets for each VPN. In this way, when you add or delete
a site, you need only to add or delete the corresponding VPN Target, thus minimizing modifications
to network configurations with the modified configuration consistent with the above definitions.
The following are the two types of VPN networking schemes: Full-Mesh VPN or Simple VPN In the

MPLS Overview

37