Introduction to VPN instances
VPNs must be isolated from one another and from the public network. As shown in
VPN B separately access the public network through PE devices.
Figure 10 VPN networking diagram
VPN A
Site 1
VPN B
Site 2
The provider (P) device belongs to the public network. The customer edge (CE) devices belong to
•
their respective VPNs. Each P device and CE device serves its own VPN and maintains only one set
of forwarding mechanisms.
The multi-VPN-instance customer edge (MCE) device connects to the VPNs and PE devices and
•
serves multiple VPNs. Different VPN instances for VPNs can be created on the MCE device to
separately maintain their forwarding tables.
The provider edge (PE) devices connect to the public network and the VPNs and serve multiple
•
networks. Multiple instances can exist on the same PE device. On a PE device, the instance for the
public network is called the public network instance, and those for VPNs are called VPN instances.
NOTE:
The S5500-EI switches can acts as MCE or CE devices.
Multicast application in VPNs
A PE or MCE device that supports multicast for VPNs does the following operations:
Maintains an independent set of multicast forwarding mechanisms for each VPN, including the
•
multicast protocols, PIM neighbor information, and multicast routing table. In a VPN, the device
forwards multicast data based on the forwarding table or routing table for that VPN.
Implements the isolation between different VPNs.
•
MCE
PE1
P1
PE2
P2
PE3
14
Figure
10, VPN A and
VPN B
Site 1
CE 1
CE 2
VPN A
Site 2