MPLS VPN
Traditional VPNs transmit private network data over the public network using tunneling protocols, such as the Generic Routing Encapsulation (GRE), Layer 2 Tunneling Protocol (L2TP), and Point to Point Tunneling Protocol (PPTP). MPLS LSPs are set up by swapping labels, and data packets are not encapsulated or encrypted. Therefore, MPLS is an appropriate technology for VPN implementation.
MPLS VPN can build a private network with security similar to a Frame Relay (FR) network. On MPLS VPN networks, customer devices do not need to set up tunnels such as GRE and L2TP tunnels, so the network delay is minimized.
As shown in Figure 1, the MPLS VPN connects private network branches through LSPs to form a unified network. The MPLS VPN also controls the interconnection between VPNs. Figure 1 shows the devices on an MPLS VPN network.
A customer edge (CE) is deployed on the edge of a customer network. It can be a router, a switch, or a host.
A provider edge (PE) is deployed on the edge of an IP/MPLS backbone network.
A provider (P) device on an IP/MPLS backbone network is not directly connected to CEs. The provider device only needs to provide basic MPLS forwarding capabilities and does not maintain VPN information.
An MPLS VPN has the following characteristics:
PEs manage VPN users, set up LSPs between PEs, and advertise routing information between users in a VPN.
PEs use MP-BGP to advertise VPN routing information.
The MPLS-based VPN supports IP address multiplexing between sites as well as the interconnection of different VPNs.