VPN Cl%ssi'ic%tin
VPN) Virt!%l Pri,%te Netwr-VPN) Virt!%l Pri,%te Netwr-
CPE-Based VPN Network-Based VPN
MPLS!B"P VPN
VPN T!nnel
T!nnel) It is % technl(" th%t !ses % t"pe ' prtcl t tr%ns#it %nther
t"pe
' prtcl. M%inl" the t!nnel prtcl ser,es t i#ple#ent this '!nctin.
The
t!nnel technl(" in,l,es three t"pes ' prtcls) t!nnelin( prtcl$
&e%rer
prtcl !nder the t!nnel prtcl$ %nd the prtcl &rne n the
t!nnel
prtcl.
VPN T"pe 1/
Virt!%l Le%sed Line VLL/) It pr,ides pinttpint cnnectin
ser,ice
&etween tw pieces ' CPE e!ip#ent 'r the !ser ,i% the ed(e nde '
the
per%tr.
Virt!%l Pri,%te Di%l Netwr- VPDN/) The re#te !ser di%ls t the
p!&lic IP
netwr- ,i% PSTN2ISDN$ %nd the d%t% p%c-et p%sses thr!(h the
p!&lic
VPN T"pe /
Virt!%l Pri,%te L+N Se(#ents VPLS/) VPLS is % ,irt!%l5
#ethd t est%&lish L+N ,i% the p!&lic IP res!rces. The
netwr-in( is &%sed n the M+C l%"er 'rw%rdin($ %nd it is
c#pletel" tr%nsp%rent t the netwr- l%"er prtcl. It is % L
VPN.
Virt!%l Pri,%te 6!ted Netwr- VP6N/) VP6N is de'ined %s %
-ind ' e#!l%tin 'r #!ltisite wide %re% r!te netwr-
ser,ices ,i% the p!&lic IP netwr-$ %nd the d%t% p%c-et '
VPN
is 'rw%rded %t the netwr- l%"er.
HUAWEI TECHNOLOGIES CO., LTD. Page 9All rights reserved
E7%#ple) Cnstr!ctin( VPN ,i% 86E T!nnel
T cnstr!ct s!ch % netwr-$ 9!st #%-e cn'i(!r%tin n the %ccess r!ter
'
e%ch netwr-.
It is !nnecess%r" 'r the per%tr netwr- t -nw the intern%l r!te '
VPN.
Di''erent VPNs c%n e#pl" the s%#e %ddress sp%ce.
The 'rw%rdin( e''icienc" is lw.
1$%$%1%1!2& 1$%$%$%$!2&
E7ercise1
1. =hich VPN technl(ies &eln( t l%"er 3 VPN /
+ 86E
Chapter 1 VPN ClassificationChapter 1 VPN Classification
Chapter 2 MPLS L3 VPN PrincipleCha
MPLS VPN Netwr- Str!ct!re
VPN_A
VPN_A
VPN_B
P
P
P
P
PE
PE
CE C!st# Ed(e 6!ter/) The !ser e!ip#ent directl" cnnected with the
ser,ice
pr,ider.
PE Pr,ider Ed(e 6!ter/) The ed(e r!ter n the &%c-&ne
netwr-$ cnnected with CE
%nd #%inl" respnsi&le 'r %ccess ' the VPN ser,ice.
P Pr,ider 6!ter/) The cre r!ter n the &%c-&ne netwr-$
#%inl" respnsi&le 'r the
r!tin( %nd '%st 'rw%rdin( '!nctins.
<!estin
One PE cnnect with se,er%l CEs which &eln( t di''erent
VPNs$
%s VPNs #%" h%,e ,erl%ppin( %ddress sp%ce$ hw t identi'"
e%ch VPN?s in'r#%tin@
6el%tinship >etween PE %nd CE
PE %nd CE r!ters e7ch%n(e in'r#%tin ,i% the E>8P$ 6IP r st%tic
r!te. CE r!ns the
st%nd%rd r!tin( prtcl.
PE #%int%ins sep%r%te r!tin( t%&les ' the p!&lic netwr- %nd
pri,%te netwr-.
6!tin( t%&le ' p!&lic netwr-$ incl!din( the r!tes ' %ll PE
%nd P r!ters$ (ener%ted &"
the &%c-&ne netwr- I8P ' VPN.
V6* VPN r!tin( A 'rw%rdin(/$ incl!din( t%&les ' r!tin( A
'rw%rdin( t ne r #!ltiple
directl" cnnected CEs.
HUAWEI TECHNOLOGIES CO., LTD. Page 15All rights reserved
V6* Det%il V6* c%n &e re(%rded %s % ,irt!%l r!ter
PE #%int%ins % sep%r%te 'rw%rdin( t%&le 'r e%ch site.
E%ch site h%s % !ni!e V6*.
I' %nd nl" i'/ tw sites h%,e identic%l 'rw%rdin( t%&le$ the"
sh%re % V6*.
The inter'%ce2s!&inter'%ce cnnected with CE is #%pped t
V6*.
The r!tes in V6* will &e distri&!ted t the sites !s!%ll"
cnnected n ther PEs/
&eln(in( t the s%#e VPN.
Distri&!tin ' V6* 6!tes
The PE r!ter distri&!tes the lc%l VPN r!te in'r#%tin ,i% the
&%c-&ne
netwr-. the tr%ns#ittin( ,i% >8P
PE PECE 6!ter CE 6!ter
P 6!ter
Site Site i>8P
Question: PE and PE set up IBGP session and excange !outing
in"o!#ation$ %i&e
so#e 'P( #a) a*e te sa#e p!i*ate IP add!ess space$ %en BGP t!ans"e!
te
!outing in"o!#ation on te pu+&ic net%o!,$ te!e get add!ess
o*e!&apping p!o+&e#$
o% to so&*e it-
VPN,4 %nd IP,4 +ddress *%#ilies
Rote istin.isher /0 ,tes #P& address
VPNV& address strctre4
TBPE
&"te/
*ield
1 4&"te IP %ddress &"te %ssi(ned n!#&er
R strctre4
<!estin
PE %nd PE set !p I>8P sessin %nd e7ch%n(e r!tin(
in'r#%tin &" >8P$ &" %ddin( 6D pre'i7 $ nw the
VPN?s
%ddress is VPN,4 %ddress '%#il"$ >8P4 nl" s!pprts IP,4
M>8P
M>8P M!ltiprtcl E7tensins 'r >8P4 /
>8P4 nl" s!pprts IP,4$ %nd is e7tended t M>8P t
tr%ns'er the r!te in'r#%tin ' #re prtcls IP,$
IP$etc./.
T #%int%in c#p%ti&ilit"$ nl" tw >8P %ttri&!tes %re
%dded 'r M>8P) MP6E+C;NL6I %nd
MPUN6E+C;NL6I. The tw %ttri&!tes c%n &e !sed in
the >8P Upd%te #ess%(e t nti'" r c%ncel the netwr-
re%ch%&ilit" in'r#%tin.
M>8P) MP6E+C;NL6I
M>8P) MPUN6E+C;NL6I
Used 'r withdr%win( ne r #!ltiple !n'e%si&le r!tes
+n UPD+TE p%c-et th%t cnt%ins the MPUN6E+C;NL6I
<!estin
=hen PE recei,ed the r!tin( in'r#%tin 'r# ther PEs
c%rried &" M>8P$ PE hw t sep%r%te the r!tin( in'r#%tin
which &eln(s t di''erent VPN@
.e#e#+e! ./- an %e use it-
6!te T%r(et
6!te T%r(et %ttri&!te 6T/ is ne ' the M>8P e7tensin
c##!nit"
%ttri&!tes
There %re tw t"pes ' 6T$ the ,%l!es ' the t"pe 'ield %re 07000
r
07010.
TBPE &"tes +d#inistr%tr *ield +ssi(ned N!#&er
*ield
07000 +S n!#&er&"tes/ +ssi(ned N!#&er 4
&"tes/
07010 IP %ddress4 &"tes/ +ssi(ned N!#&er &"tes/
R5 strctre4
6!te T%r(et
6T is !sed t sep%r%te VPN r!tin( in'r#%tin %d,ertise#ent
There %re tw sets ' 6!te T%r(et %ttri&!tes) E7prt T%r(ets
%nd I#prt T%r(ets
E7prt T%r(ets is %dded t the r!te recei,ed 'r# %
directcnnected Site in %d,ertisin( lc%l r!tes t re#te
PE r!ters.
I#prt T%r(ets is !sed t decide which r!tes c%n &e
i#prted int the r!tin( t%&le ' this Site in recei,in(
r!tes 'r# re#te PE r!ters.
HUAWEI TECHNOLOGIES CO., LTD. Page 25All rights reserved
T"pic%l Netwr- Tpl("1
E%ch site nl" &eln(s t ne VPN) Intr%netE%ch site nl" &eln(s
t ne VPN) Intr%net
site1 site3
T"pic%l Netwr- Tpl("
site1
site4
siteF
site site3
Intr%net
E7tr%net
+pplic%tin ' 6T
&
;!&sp-e #de
*!nctin ' 6T
MPLS!VPN Back,oneMPLS!VPN Back,oneVPN + VPN +
S#5ES#5E--&&
<!estin
+'ter the c#pletin ' e7ch%n(in( r!tin( in'r#%tin &etween
PEs$
nw site3 w%nt t %ccess site1$ the ri(ht PE l- 'r the V6*
t%&le
%nd 'ind !t the ne7thp le't PE$ 'rw%rd the p%c-et t the le't
PE
!sin( MPLS. =hen the p%c-et %rri,ed the le't PE$ the p!&lic
MPLS
l%&el is re#,ed$ which VPN the p%c-et &eln(s t@ +nd hw t
(et
the crrect ne7thp@
P 6!ter P 6!ter
VPN + VPN +
S#5ES#5E--&&
HUAWEI TECHNOLOGIES CO., LTD. Page 30All rights reserved
Netwr- L%"er 6e%ch%&ilit" In'r#%tin)
M!ltiple l%&els c%n &e %tt%ched. The 'irst 0 &its '
e%ch l%&el re'er t the l%&el
d#%in$ while ' the l%st 4 &its$ the 'irst three re'er t the EP
d#%in %nd the l%st ne
indic%tes whether it is the st%c- &%se.
Nte th%t this l%&el #!st &e %ssi(ned &" the LS6
re'erred t in the Ne7t;p ' the
MP6E+C;NL6I %ttri&!te.
There %re tw #ethds t c%ncel the r!te in'r#%tin #e%nwhile t rele%se
l%&el
&indin(/.
HUAWEI TECHNOLOGIES CO., LTD. Page 32All rights reserved
V6* 6!te Distri&!te Step 1)I#prtin( V6* 6!tes t
MPi>8P
I#prtin( V6* r!te t MPi>8P) PE r!ter cn,erts the r!te in the
V6*
r!tin( t%&le/ recei,ed 'r# CE int the VPNV4 r!te l%&els it
with 6D %nd
6T &%sed n the cn'i(!r%tin ch%n(es the ne7t hp %s PE
itsel'
lp&%c-/ %ssi(ns the l%&el &%sed n the inter'%ce 'in%ll"
sends the MP
i>8P !pd%te p%c-et t %ll PE nei(h&rs.
PE
CE-1
MP-iB"P
PE
B"P) R#P2 pdate for 1&;%2<%2%$!2&)N7=CE-1
VPN-& pdate4 R4142<41&;%2<%2%$!2&) Ne9t-hop=PE-1
R5=VPN-* La,el=/20
CE-2
HUAWEI TECHNOLOGIES CO., LTD. Page 33All rights reserved
V6* 6!te Distri&!te Step ) I#prtin( MPi>8P
6!tes t V6*
E%ch V6* h%s cn'i(!r%tins ' i#prt r!tet%r(et %nd e7prt
r!tet%r(et.
=hen the tr%ns#ittin( PE sends MPi>8P !pd%tes$ the e7prt
%ttri&!te is %tt%ched in
the p%c-et.
=hen recei,in( MPi>8P !pd%tes ' VPNIP,4$ the recei,in( PE will
9!d(e whether
the recei,ed e7prt is e!%l t the i#prt ' the lc%l V6*. I' "es$ it
will &e %dded t the
crrespndin( V6* r!tin( t%&le therwise$ it will &e
disc%rded.
PE
CE-1
MP-iB"P
PE
VPN-& pdate4 R4142<41&;%2<%2%$!2&) Ne9t-hop=PE-1
R5=VPN-* La,el=/20
CE-2
VPN-& into the #P& address) and
distri,tes it to V+R VPN-* /R5=VPN-*
rotin. ta,le) then trans8it it to CE with
rote protocol ,etween PE and CE%
Bei>in. Shan.hai
ip rf VPN-B
>%sic Intr%net Mdel
P 6!ter P 6!ter
MPLS!VPN Back,oneMPLS!VPN Back,oneVPN + VPN +
SiteSite r!tes r!tes
SiteSite3 r!tes3 r!tes
SiteSite4 r!tes4 r!tes
MP-iB"P
SiteSite3 A Site3 A Site4 r!tes4 r!tes
6TGVPN6TGVPN + +
SiteSite1 A Site1 A Site r!tes r!tes
6TGVPN6TGVPN + +
SiteSite r!tes r!tes
SiteSite3 r!tes3 r!tes
SiteSite4 r!tes4 r!tes
S#5ES#5E--11 S#5ES#5E--33
S#5ES#5E--&&
MPLS2VPN L%&el Distri&!tin
P r!ter P r!ter
#n La,el +EC ?t La,el
- 1;<%2(%1'%1!32 -
&1 1;<%2(%1'%1!32 P?P
#n La,el +EC ?t La,el
1;<%2(%1'%1!32 &1
