In MPLS VPN, the backbone network of the service provider is composed of edge and core label switching routers (LSR). The edge router is connected to the user-side router. The user-side router runs standard routing software. The two devices use IP to communicate with each other. Routers use External Border Gateway Protocol (EBGP), Routing Information Protocol version 2 (RIPv2) and static routing to exchange routing information. In addition, Cisco devices that support MPLS will soon be able to support the Open Shortest Path First (OSPF) protocol.
In the service provider's network, edge routers use MPLS and the Multi-Protocol Interior Gateway Protocol (MP-IBGP) to communicate with each other and spread VPN information. The core routers and edge routers in the MPLS network of the service provider both use the common interior gateway protocol (IGP), but the core routers do not run BGP, nor do they distinguish between different VPNs. Since the core router does not need to perform VPN addressing, the service provider's network can continue to expand to support more and larger VPNs.
The edge routers of service providers maintain corresponding routing tables for global and VPN routing respectively. The global routing table includes all edge and core routes, which are provided by the IGP running on the backbone network. Each VPN has a VPN routing and forwarding (VRF) table, which includes information about one or more directly connected user locations. The IP VPN addressing scheme ensures that even if the IP addresses overlap, the global IP address is still unique. Edge routers can isolate routing information of different VPNs, thereby supporting multiple user VPNs
The composition of MPLS VPN
The MPLS VPN mode supports fully interconnected communication between all locations in the network. When multiple users share the same IP backbone network, the community-of-interest attribute of BGP can be used to specify routers belonging to the same VPN. Service providers can set policies to stipulate that the propagation of routing information in the VPN network is limited to the routers in the network.
The user-side router is only connected to the local POP router of the service provider, not to every other location of the VPN. The router connected to the POP only receives and maintains the routing information of the VPN directly connected to it. Therefore, users will find that the routing configuration is very simple when using the MPLS mode when managing their own VPNs. They can use the service provider's backbone network as the default route to all of their locations, without having to deal with very complex networks that include a large number of Layer 2 PVCs or Layer 3 routing tables.
Addressing considerations
Many users are willing to use a dedicated IP addressing scheme instead of a global IP addressing scheme, so service providers need to effectively deal with the problem of not unique addresses overlapping each other. Cisco's solution is to add a routing distinction code (RD) to each user's IP address.
Service providers can independently allocate RDs, but they need to use their dedicated autonomous system (AS) numbers as part of the RDs to ensure the global uniqueness of each RD. With this method, users do not need to renumber their nodes, and service providers do not have to use address translation.
Group lifetime
In MPLS VPN, when the router at the user site receives a packet, it will look up the table locally. If it cannot find a match, it will forward the packet to the only router it can see: service provisioning The router of the local POP of the merchant. Users do not need to run MPLS software.
This packet is transmitted to the service provider's network through the local connection, and is terminated on the access router interface. The RD configured for this interface is used to identify the user-specific VPN and the related VRF table.
There are two tags related to the VPN IP address: the internal tag is used to identify the VPN and the external tag indicates which appropriate IGP route in the service provider's core network should be followed by the next hop. In the core network, all packet forwarding uses hop-to-hop MPLS, which is similar to ordinary hop-to-hop IP forwarding, but the lookup table is based on tags instead of IP addresses. . Therefore, any type of router or ATM switch that supports Label Distribution Protocol (LDP) can be used.
When the access router receives a packet, it forwards it to another access router using the external tag. When the packet arrives at the egress router, the router removes the external label and uses the internal label to determine which output interface (that is, which VPN) the packet should be sent to.
The use of two-level labeling improves the scalability of MPLS VPN. The internal tag only carries IGP routes, not VPN routes. Only the edge routers carry VPN routes, and they only carry the VPN routes to which they belong.
Connect to the Internet
Users may wish to connect their VPN to the public Internet. In MPLS VPN , the Internet routing table is processed separately. Internet routing is maintained in the global routing table of the edge router of the service provider, and external routing is not assigned a tag.
The default route pointing to a certain Internet gateway is installed in the VRF table of a certain place. This default route is not part of any VPN. Packets forwarded according to this default route use a separate label, that is, the route corresponding to the Internet gateway IP address found by IGP.
The global routing table does not understand user routes, nor does it understand edge routers or user routers, but the global table contains static routes pointing to the interface. This route is re-propagated to the BGP4 global table and the Internet gateway is notified of this route. The Internet gateway designated by the default route does not need to be directly connected to the router, and different VRF tables can correspond to different Internet gateways.
The user site can use a dedicated EBGP session on another interface to receive or notify routes from the Internet. The edge router of the service provider imports the route of the user's location into the global routing table and reports it to the Internet. It also informs the user-side router of the default route or Internet route.
Reliable network for the future
With the growth of enterprise demand for VPN connections, both enterprise network managers and service providers will seek simpler and more economical ways to cope with the growth of the network. Cisco's MPLS VPN solution is composed of software components that have or will become standard.
The uniqueness of these solutions lies in how these components work together to create a large-scale VPN that provides QoS.
Provide confidentiality: MPLS restricts the propagation of routing information between routers belonging to the same VPN, thereby combining the confidentiality of the second-layer virtual circuit with the full interconnection of the third-layer network.