MPLS L3VPN is a type of PE-based L3VPN technology for service provider VPN solutions. It uses BGP to advertise VPN routes and uses MPLS to forward VPN packets across service provider backbones.
MPLS L3VPN provides flexible networking modes, excellent scalability, and convenient support for MPLS QoS and MPLS TE.
The MPLS L3VPN model consists of the following types of devices:
- Customer edge (CE) device—A CE resides on a customer network and has one or more interfaces directly connected with service provider networks. It can be a router, a switch, or a host. It can neither “sense” the existence of any VPN nor does it need to support MPLS.
- Provider edge (PE) device—A PE resides on a service provider network and connects one or more CEs to the network. On an MPLS network, all VPN processing occurs on the PEs.
- Provider (P) device—A P device is a core device on a service provider network. It is not directly connected with any CE. It only needs to be equipped with basic MPLS forwarding capability.
Figure 127: Network diagram for MPLS L3VPN model
CEs and PEs mark the boundary between the service providers and the customers.
After a CE establishes adjacency with a directly connected PE, it advertises its VPN routes to the PE and learns remote VPN routes from the PE. A CE and a PE use BGP/IGP to exchange routing information. You can also configure static routes between them.
After a PE learns the VPN routing information of a CE, it uses BGP to exchange VPN routing information with other PEs. A PE maintains routing information about only VPNs that are directly connected, rather than all VPN routing information on the provider network.
A P router maintains only routes to PEs and does not deal with VPN routing information.
When VPN traffic travels over the MPLS backbone, the ingress PE functions as the ingress Label Switching Router (LSR), the egress PE functions as the egress LSR, and P routers function as the transit LSRs.