Bgp/mpls vpn concepts, Site – H3C Technologies H3C S7500E Series Switches User Manual

1-2

Figure 1-1

A BGP/MPLS VPN implementation

CEs and PEs mark the boundary between the service providers and the customers.

A CE is usually a router. After a CE establishes adjacency with a directly connected PE, it
redistributes its VPN routes to the PE and learns remote VPN routes from the PE. A CE and a PE
use BGP/IGP to exchange routing information. You can also configure static routes between them.

After a PE learns the VPN routing information of a CE, it uses BGP to exchange VPN routing
information with other PEs. A PE maintains routing information about only VPNs that are directly
connected, rather than all VPN routing information on the provider network.

A P router maintains only routes to PEs. It does not need to know anything about VPN routing
information.

When VPN traffic travels over the MPLS backbone, the ingress PE functions as the ingress LSR,
the egress PE functions as the egress LSR, while P routers function as the transit LSRs.

You can use H3C S7500E series switches as the CEs in a BGP/MPLS VPN implementation.

BGP/MPLS VPN Concepts

Site

Site is often mentioned in the VPN, whose meanings are described as follows:

z

A site is a group of IP systems with IP connectivity that does not rely on any service provider
network to implement.

z

The classification of a site depends on the topology relationship of the devices, rather than the
geographical positions, though the devices at a site are adjacent to each other geographically
in most cases.

z

The devices at a site can belong to multiple VPNs, namely, a site can belong to multiple VPNs.

z

A site is connected to a provider network through one or more CEs. A site can contain many
CEs, but a CE can belong to only one site.

Sites connected to the same provider network can be classified into different sets by policies. Only
the sites in the same set can access each other through the provider network. Such a set is called a
VPN.