Layer 3 VPN Manager


Metaswitch’s DC‑L3VPN Manager is an extension to DC‑BGP that facilitates the implementation of Layer 3 BGP/MPLS VPNs.  In conjunction with DC‑MPLS, and possibly other routing protocols (such as DC‑OSPF, DC‑ISIS, and DC-RIP), it provides a complete VPN control plane solution for Provider Edge (PE) routers.  The DC‑L3VPN Manager is responsible for coordinating all VPN-related configuration. It is used to store VPN configuration, learn VPN routes, and co-ordinate communication between the VRFs, MPLS stack, and BGP stack. 


BGP/MPLS VPNs are defined in RFC 4364, and these standards are implemented by DC‑BGP/DC‑MPLS as follows.

  • There are separate VPN routing protocol instances for each distinct VPN. These can use a variety of protocols, for example OSPF or BGP, as supported by DC‑OSPF and DC‑BGP. Each has its own VPN Routing and Forwarding (VRF) table that is used only for forwarding packets within its VPN.
  • DC-L3VPN Manager supports both BGP/MPLS VPN-IPv4 and BGP/MPLS VPN-IPv6 address families learned from any routing protocol (including BGP, OSPF, ISIS, and RIP) or statically configured. 
  • Packets arriving from a locally attached CE router destined for other local CE routers are forwarded conventionally using the VRF table. For packets destined for remote CE routers, the VRF table indicates that two labels need to be attached using MPLS label stacking. An outer label is used to traverse the provider’s network to the destination PE router and to provide QoS. An inner (BGP) label is used to identify the CE router to which each packet is to be forwarded. 
  • The network provider has a separate instance of BGP with its own forwarding table. This is common across all PE routers and includes the information needed to locate PE routers. It typically also contains Internet routes which are shared between all VPNs.

DC‑L3VPN Manager itself coordinates VPN activities including

  • requesting labels from DC‑MPLS Label Manager and passing them to other PE routers using DC‑BGP
  • implementing the VPN-MIB (RFC 4382, plus extensions for configuring the VPNs)
  • redistributing VPN routes into locally attached VRFs.