Vpn Benefits - Cisco Catalyst 3750 Software Configuration Manual

Chapter 30 Configuring MPLS and EoMPLS
Each VPN is associated with one or more VPN VRF instances. A VRF includes routing and forwarding
tables and rules that define the VPN membership of customer devices attached to the customer edge (CE)
device. A customer site can be a member of multiple VPNs; however, a site can associate with only one
VRF. A VRF has these elements:
•
•
•
•
A customer-site VRF contains all the routes available to the site from the VPNs to which it belongs. VPN
routing information is stored in the IP routing table and the CEF table for each VRF. A separate set of
tables is maintained for each VRF, which prevents information from being forwarded outside a VPN and
prevents packets that are outside a VPN from being forwarded to a router within the VPN. Based on the
routing information stored in the VRF IP routing table and the VRF CEF table, packets are forwarded to
their destinations.
A PE router binds a label to each customer prefix that is learned from a CE device and includes the label
in the network reachability information for the prefix that it advertises to other PE routers. When a PE
router forwards a packet that is received from a CE device across the provider network, it labels the
packet with the label learned from the destination PE router. When the destination PE router receives the
labeled packet, it examines the label and uses it to direct the packet to the correct CE device. A customer
data-packet carries two levels of labels when traversing the backbone:
•
•

VPN Benefits

MPLS VPNs allow service providers to deploy scalable VPNs and build the foundation to deliver
value-added services, including:
•
•
•
•
•
78-15870-01
An IP routing table
A Cisco Express Forwarding (CEF) table
A set of interfaces that use the CEF forwarding table
A set of rules and routing protocol parameters to control the information in the routing tables
The top label directs the packet to the correct PE router.
The second label defines how that PE router should forward the packet to the CE device.
Connectionless service—MPLS VPNs are connectionless, which means that no prior action is
required to establish communication between hosts. A connectionless VPN does not require tunnels
and encryption for network privacy.
Centralized service—MPLS VPNs are seen as private intranets, which allows delivery of targeted
IP services to a group of users represented by a VPN.
Scalability— MPLS-based VPNs use the peer model and Layer 3 connectionless architecture to
leverage a highly scalable solution. The peer model requires a customer site to act as a peer to one
PE router as opposed to all other customer provider-edge or CE devices that are members of the
VPN. The PE routers maintain VPN routes for those VPNs who are members. Routers in the core
network do not maintain any VPN routes.
Security—MPLS VPNs offer the same level of security as connection-oriented VPNs. Packets from
one VPN do not inadvertently go to another VPN. Security provided at the edge of a provider
network ensures that packets received from a customer are placed on the correct VPN; security
provided at the backbone ensures that VPN traffic is kept separate.
Easy to create—Because MPLS VPNs are connectionless, no specific point-to-point connection
maps or topologies are required, and you can add sites to intranets and extranets to form closed user
groups.
Catalyst 3750 Metro Switch Software Configuration Guide
Understanding MPLS VPNs
30-3