Mpls L3Vpn Concepts - HP 6125XLG Configuration Manual

After a CE establishes an adjacency with a directly connected PE, it advertises its VPN routes to the PE
and learns remote VPN routes from the PE. A CE and a PE can use BGP, an IGP, or static routing to
exchange routing information.
After a PE learns VPN routing information from a CE, it uses BGP to advertise the VPN routing information
to other PEs. A PE maintains routing information for only directly connected VPNs, rather than all VPNs
on the provider network.
A P router maintains only routes to PEs and does not deal with VPN routing information.
When VPN traffic travels over the MPLS backbone, the ingress PE functions as the ingress Label Switching
Router (LSR), the egress PE functions as the egress LSR, and P routers function as the transit LSRs.

MPLS L3VPN concepts

Site
A site has the following features:
• A site is a group of IP systems with IP connectivity that does not rely on any service provider network.
The classification of a site depends on the topology relationship of the devices, rather than the
•
geographical positions, though the devices at a site are, in most cases, adjacent to each other
geographically.
The devices at a site can belong to multiple VPNs, which means a site can belong to multiple VPNs.
•
• A site is connected to a provider network through one or more CEs. A site can contain many CEs,
but a CE can belong to only one site.
Sites connected to the same provider network can be classified into different sets by policies. Only the
sites in the same set can access each other through the provider network. Such a set is called a VPN.
Address space overlapping
Each VPN independently manages its address space.
The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses on
subnet 10.1 10.10.0/24, address space overlapping occurs.
VPN instance
In MPLS VPN, routes of different VPNs are identified by VPN instance.
A PE creates and maintains a separate VPN instance for each directly connected site. Each VPN instance
contains the VPN membership and routing rules of the corresponding site. If a user at a site belongs to
multiple VPNs at the same time, the VPN instance of the site contains information about all the VPNs.
For independence and security of VPN data, each VPN instance on a PE maintains a routing table and
a label forwarding information base (LFIB). VPN instance information contains the following items: the
LFIB, IP routing table, interfaces bound to the VPN instance, and administration information for the VPN
instance. The administration information for the VPN instance includes the route distinguisher (RD), route
filtering policy, and member interface list.
RD
MPLS L3VPN adds an RD field before an IPv4 address to change the IPv4 address to a VPN-IPv4 address.
PEs use MP-BGP to advertise VPN routes with VPN-IPv4 addresses.
A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a four-byte
IPv4 address prefix.
2