Layer 3 Vpn Application - Cisco Catalyst 3750 Software Configuration Manual
Metro switch
Hide thumbs
Also See for Catalyst 3750:
- Command reference manual (1154 pages) ,
- Hardware installation manual (231 pages) ,
- Message manual (120 pages)
Table of Contents
Advertisement
Chapter 1
Overview
Layer 3 VPN Application
Layer 3 VPN services can use multi-VRF-CE or MPLS VPNs to deploy and administer scalable Layer 3
VPN services to business customers. A Layer 3 VPN is a secure IP-based network that shares resources
on one or more physical networks. It contains geographically dispersed sites that can communicate
securely over a shared backbone.
Figure 1-4
Catalyst 3750 Metro switches or other Layer 3 switches) use a routing protocol, such as RIP, EBGP,
OSPF, IS-IS, or static routing, to forward packets from customer VPNs to the Catalyst 3750 Metro PE
devices at the edge of the MPLS network. The PE device is configured with multiprotocol BGP
(MP-BGP), and a route distinguisher that is associated with the customer's VPN. The PE device converts
this information to a VPN-IPv4 format and adds layer distribution protocol (LDP) labels to establish
VPN routes.
VPN routes are distributed over the MPLS network using MP-BGP, which also distributes the labels
associated with each VPN route. MPLS VPN depends on VPN routing and forwarding (VRF) support to
isolate the routing domains from each other.
When an MPLS-VPN packet is received on a port, the CE switch looks up the labels in the routing table
to determine what to do with the packet. A PE router binds a label to each customer prefix learned from
a CE device and includes the label in the prefix that it advertises to other PE routers. When a PE router
forwards a packet across the provider network, it labels the packet with the label learned from the
destination PE router. When the destination PE router receives the labeled packet, it examines the label
and uses it to direct the packet to the correct CE device.
Only the PE routers at each end of the MPLS network maintain the VPN routes for VPN members.
Provider routers in the core network do not maintain the VPN routes. This ensures the security of
customer VPNs and isolates them from other customer packets that are carried across the
service-provider MPLS network.
Figure 1-4
VPN_A
VPN_B
VPN_A
VPN_B
78-15870-01
illustrates a typical MPLS VPN configuration. The CE devices (which can be
MPLS VPN Configuration
PE-CE routing protocol
static, RIPv2, EBGP, OSPF
CE
PE
CE
CE
PE
CE
CE = Customer edge switch
P = Provider router
PE = Provider edge switch (Catalyst 3750 Metro switch)
VRF
interface
MPLS core
PE
P
P
LDP
PE
P
P
MP-BGP
sessions
Catalyst 3750 Metro Switch Software Configuration Guide
Network Configuration Examples
VPN_A
CE
VPN_A
CE
VPN_B
CE
1-15
Advertisement
Table of Contents
Troubleshooting
