Avaya 8800 Planning And Engineering, Network Design page 239

Operation of MPLS IP VPN
Within a VPN, there can be no overlapping addresses. However, if two VPNs have no common
sites, then they may have overlapping address spaces. To support this capability, the PE router
must maintain separate forwarding routing tables. To provide multiple independent IPv4 routing and
forwarding tables, the Ethernet Routing Switch 8800/8600 supports a default routing instance
(VRF0) and up to 255 Virtual Routing and Forwarding (VRF) instances (VRF1 to VRF255).
The PE router maintains separate route tables for each VRF and isolates the traffic into distinct
VPNs. Each VRF is associated with one customer, connecting to one or more CE devices but all
belonging to the same customer. As shown in the following figure, if the CE is a Layer 3 device, the
VRFs exchange routes with the locally connected device using any suitable routing protocol (eBGP,
OSPF, RIP, Static Routes). If the CE is a Layer 2 switch, then the customer routes are local (direct)
routes configured directly on the relevant VRF of the PE node.
Figure 117: CE to PE connectivity
The PE nodes must exchange local VRF customer IPv4 routes with other remote PE nodes that are
also configured with a VRF for the same customer (that is, the same IP VPN) while still ensuring that
routes from different customers and IP VPNs are kept separate and any identical IPv4 routes
originating from two different customers can both be advertised and kept separate. This is achieved
through the use of iBGP peering between the PE nodes. These iBGP sessions are terminated on a
single circuitless IP (CLIP) interface (belonging to the Backbone Global Routing Table (GRT) on the
PE nodes. Because BGP runs over TCP, it can be run directly between the PE nodes across the
backbone (there is no BGP requirement on the P nodes).
A full iBGP peering mesh is required between all PEs. In order to scale to a large number of PE
devices, BGP Route reflectors are recommended.
Upon receiving traffic from a CE router, the PE router performs a route lookup in the corresponding
VRF route table. If there is a match in the VRF route table with a BGP nexthop entry, the PE router
adds the IP packet into an MPLS label stack consisting of an inner and outer label. The inner VPN
label is associated with the customer VPN. The BGP next-hop is the circuitless IP (CLIP) address of
the upstream PE router. The outer LDP tunnel label is used by the P routers to label switch the
packet through the network to the appropriate upstream PE router. The P routers are unaware of the
inner label.
As shown in the following figure, upon receiving the packet, the upstream PE router removes the top
LDP label and performs a lookup based on the VPN label to determine the outgoing interface
associated with the corresponding VRF. The VPN label is removed and the packet is forwarded to
the CE router.
June 2016 Planning and Engineering — Network Design 239
Comments on this document? infodev@avaya.com