CH A P T E R
2
Overview
End-to-end virtualization of an enterprise network infrastructure relies upon the following primary
components:
•
Virtual routing instances in edge routers, delivering service to each group that uses a virtualized
infrastructure instance
•
Route-distinguishers, added to IPv4 addresses to support overlapping address spaces in the virtual
infrastructure
•
Label-based forwarding in the network core so that forwarding does not rely on IP addresses in a
virtual network, which can overlap with other virtual networks
Figure 2-1 summarizes the three most common options used to virtualize enterprise Layer 3 (L3) WANs.
Figure 2-1
Transport Options for L3 WAN Virtualization
1 Self Deployed IP/MPLS Backbone
Customer Managed Backbone
CE
Site 1
Site 3
PE
P
Site 2
CE
CE
P
P
PE
Customer-deployed Backbone
(IP and/or MPLS)
2 SP Managed “Ethernet” Service
Customer Managed
Backbone
Customer Managed
Backbone
SP Managed Domain
CE
Provider
Ethernet
Service
Site 1
CE
Site 3
PE
PE
Site 2
CE
3 SP Managed “IP VPN” Service
Customer Managed
Backbone
Customer Managed
Backbone
SP Managed Domain
CE
Site 1
CE
Provider
MPLS VPN
Service
Site 3
PE
PE
Site 2
VRFs
IP Routing Peer (BGP, Static, IGP)
297258
CE
Cisco ASR 9000 Enterprise L3VPN
Design and Implementation Guide
2-1
Chapter 2
Overview
Terminology
This guide focuses on Option 1 in Figure 2-1, the enterprise-owned and operated Multiprotocol Label
Switching (MPLS) L3VPN model.
Terminology
The following terminology is used in the MPLS L3VPN architecture:
•
Virtual routing and forwarding instance (VRF)—This entity in a physical router enables the
implementation of separate routing and control planes for each client network in the physical
infrastructure.
•
Label Distribution Protocol (LDP)—This protocol is used on each link in the MPLS L3VPN
network to distribute labels associated with prefixes; labels are locally significant to each link.
•
Multiprotocol BGP (MP-BGP)—This protocol is used to append route distinguisher values to
ensure unique addressing in the virtualized infrastructure, and imports and exports routes to each
VRF based on route target community value.
•
P (provider) router—This type of router, also called a Label Switching Router (LSR), runs an
Interior Gateway Protocol (IGP) and LDP.
•
PE (provider edge) router—This type of router, also called an edge router, imposes and removes
MPLS labels and runs IGP, LDP, and MP-BGP.
•
CE (customer edge) router—This type of router is the demarcation device in a provider-managed
VPN service. It is possible to connect a LAN to the PE directly. However, if multiple networks exist
at a customer location, a CE router simplifies the task of connecting the networks to an L3VPN
instance.
The PE router must import all client routes served by the associated CE router into the VRF of the PE
router associated with that virtual network instance. This enables the MPLS L3VPN to distribute route
information to enable route connectivity among branch, data center, and campus locations.
Figure 2-2 shows how the components combine to create an MPLS L3VPN service and support multiple
L3VPNs on the physical infrastructure. In the figure, a P router connects two PE routers. The packet flow
is from left to right.
Figure 2-2
Figure 2 Major MPLS L3VPN Components and Packet Flow
PE
P
P
PE
PE
P
PE
VPN
l
Labe
Data
4 Byte
4 Byte
IGP Label VPN Label
Original Packet
297259
IGP
l
Labe
The PE on the left has three groups, each using its own virtual network. Each PE has three VRFs (red,
green and blue); each VRF is for the exclusive use of one group using a virtual infrastructure.
Cisco ASR 9000 Enterprise L3VPN
Design and Implementation Guide
2-2
Chapter 2
Overview
Terminology
When an IP packet comes to the PE router on the left, the PE appends two labels to the packet. BGP
appends the inner (VPN) label and its value is constant as the packet traverses the network. The inner
label value identifies the interface on the egress PE out of which the IP packet will be sent. LDP assigns
the outer (IGP) label; its value changes as the packet traverses the network to the destination PE.
For more information about MPLS VPN configuration and operation, refer to “Configuring a Basic
MPLS VPN” at:
•
http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/13733-mpls-vp
n-basic.html
Cisco ASR 9000 Enterprise L3VPN
2-3
Design and Implementation Guide
0
