You use VPNs to keep traffic separate from one another. So lets says a SP (Service Provider) has an MPLS network and they have multiple customers connecting to that network. They must have a way of keeping the traffic separate so that the customer only sees their traffic and not any other traffic. In addition multiple customers could be using the same address ranges within their networks so you cannot simply use the IP addressing to distinguish between customers.
The way this is done with MPLS is to use VPN labels. When a customers traffic is received by the SP at the edge of the MPLS network the ingress PE router adds a VPN label to the packets that is specific to that customer. The traffic can then traverse the MPLS network via the P routers to other PE routers where the customer also has connectivity. When the egress PE router receives the packet it must have a way to tell which customer that packet is to be sent to because the PE router could have many customers connecting to it. The VPN label is what tells the PE which customer to send the traffic to.
MP-BGP is used to exchange VPN information between the PE routers.
Dear you mean , it make VPN tunnel between Customers that has connectivity ?
but what about VRF ,because when Ingrees PE router recieve packet from customer A , the router send it to VRF of Customer A and assign Route Target to this route , and in the another side ( Egrees PE router ) that customer A has connectivity with recognize this route from Route Target and send out to that VRF Customer A ,,
in the above cs1 is the customer and has 2 sites A and B. So cs1/A sends a packet cs1/B. CE1 forwards the packet to PE1.
PE1 then looks at the destinstion IP and sees that it is reachable via PE2.
The interface PE1 received packet is in vrf cs1. So it's adds a VPN label of cs1.
PE1 then does another lookup to see how to get to PE2 (here the lookup is done by consulting the label table). To get to PE2 it needs to send the packet to P1.
PE1 adds another label to the header and sends it to P1.
P1 only looks at the top label. It never needs to look at the VPN label because only PE routers understand the VPN label.
P1 consults it's label table and adds the correct label to get to P2.
P2 does the same but because the next hop is a PE router it does not add another label, it just sends the packet as is ie. only the VPN label is left. ( this is known as Penultimate Hop Popping ie. if the next hop is a PE router don't botther adding another label)
PE2 receives the packet, examines the VPN label, sees it is for cs1/B, removes the label and sends it via the interface in vrf cs1 which is the interface connected to CE2.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...