BGP/MPLS Virtual Private Networks (VPNs), as defined in RFC 4364 and related drafts and standards, provide a Layer 3 VPN (L3 VPN).
With Layer 3 VPNs, each Provider Edge (PE) device acts like a set of virtual routers, one per VPN. The service provider configures the VPN membership of each PE router port. As a result, the port's view of the network is restricted to the VPNs of which it is a member, and it cannot address devices outside that environment. Either static routes are provisioned on both the CE and PE, or, for more complex scenarios, a routing protocol (such as RIP, OSPF or BGP) is run between CE and PE. So the interface between the CE and PE devices is conventional IP routing.
The service provider also establishes a suitable transport mesh of MPLS Label Switched Paths (LSPs) between all the PE routers that need to communicate. The PE devices qualify each external IP address that they learn with a per-VPN identifier, and broadcast them to all other PE routers using an extended form of BGP. They also include an MPLS label that is specific to the destination route (or, in some implementations, the destination port). Through this process, the PE devices build up a complete map of the VPNs and destination labels.
Integrated L3 VPN solution
Metaswitch's DC-VPN Manager is an extension to DC-BGP. It provides VPN routing and forwarding software that facilitates the implementation of BGP/MPLS VPNs. In conjunction with DC-MPLS, and other routing products (such as DC-OSPF, DC-ISIS, and DC-RIP), it provides a fully integrated, scalable, source code implementation of Layer 3 VPNs.
DC-VPN Manager is designed for communications equipment manufacturers building Provider Edge (PE) or Customer Edge (CE) devices, including edge routers, enterprise routers, and MSPPs.
The VPN Manager software coordinates VPN activities including
- providing flexible internet access to all VPNs
- leaking VRF table routes into the provider's network, under the control of local policy, for example to enable individual VPN addresses to be advertised to the internet
- requesting labels from DC-MPLS Label Manager and passing them to other PE routers using DC-BGP
- implementing the VPN-MIB (draft-ietf-ppvpn-mpls-vpn-mib, plus extensions for configuring the VPNs and defining policies for route propagation)
- implementing the BGP-MPLS IP VPN extension for IPv6 VPN (RFC 4659).