Previous Page Next Page

Layer 3 VPN (L3VPN)

Layer 3 VPN (L3VPN) over MPLS is one of the most widely deployed MPLS applications in service provider and large-scale enterprise networks.

Cisco IOS Software supports L3VPN architecture that uses the RFC 2547 standard implementation to provide a secure and robust VPN solution offering any-to-any connectivity that can be implemented over MPLS or IP network infrastructure.

L3VPN architecture leverages Multiprotocol Border Gateway Protocol (MP-BGP) and Virtual Routing and Forwarding (VRF) instances to constitute a peer-to-peer VPN framework via the IP/MPLS core network. This model allows enterprise networks to outsource routing table information to service providers.

L3VPN allows service providers to offer additional value-add services to the customers, such as QoS, Traffic Engineering (TE), and Fast Reroute services, thereby reducing operational costs and complexity, and increasing network performance and convergence.

Components of L3VPN

There are three major components in an L3VPN network:

As mentioned earlier, MPLS VPN is a connection-less technology; hence, it does not require a one-to-one relationship between customer sites and VPNs. A given customer site can be a member of multiple VPNs. However, each site can associate with only one VRF. VRF ensures a customer site gets all the routes pertaining to the site from the VPNs of which it is a member.

How L3VPN Implementation Works

L3VPN is implemented at the edge of an MPLS core network on the PE (provider's edge) router. The PE router is responsible for the following:

How VRF Tables Work

Virtual Routing and Forwarding (VRF) constitutes the VPN membership of a customer site that is attached to a PE router. Each VPN can be associated with one or more VRF instances. A VRF consists of the following components:

VRF tables are used to forward packets within a VPN. Each VRF instance maintains a separate set of routing and CEF tables. This segregation prevents leaking of routes outside a VPN and ensures that packets outside a VPN are not forwarded to any router within the VPN.

VPN routing information is distributed through the MPLS core using VPN route target communities that are implemented by MP-BGP extended communities.

Previous Page Next Page