Encapsulation and Decapsulation of VPN Multicast Packets

Encapsulation and Decapsulation Process

VPN packets, including protocol packets and data packets, are encapsulated into public network data packets using GRE. When a PE device receives VPN packets from a CE device, it encapsulates these packets into public network data packets using the BGP interface address as the source address and the Share-Group address as the group address, and then delivers the encapsulated packets to the public instance. All PE devices bound to the same VPN instance receive the public network data packets and decapsulate these packets. If a PE device is connected to a site with group members, it forwards the packets. If not, the PE discards the packets.

Figure 1 shows the process of encapsulating and decapsulating VPN data packets.

Figure 1 Encapsulation and decapsulation of VPN multicast packets

As shown in Figure 1, a VPN data packet encapsulation and decapsulation process follows these steps:

1. CE1 sends a VPN data packet (192.168.1.1, 225.1.1.1).
2. When PE1 receives the packet, it uses GRE to encapsulate the packet, with 10.1.1.1 as the source address and 239.1.1.1 as the group address. The packet then becomes a public network data packet (10.1.1.1, 239.1.1.1) and is forwarded on the public network.
3. Upon receiving the packet, PE2 and PE3 decapsulate the packet into a VPN packet (192.168.1.1, 225.1.1.1).
4. PE2 finds receivers at the VPN site connected to it and forwards the packet to CE2.
5. The site connected to PE3 has no receivers, so PE3 drops the packet.

VPN protocol packets (such as Join messages) from CE2 are also encapsulated into public network data packets and transmitted on the public network.