3Com Switch 8800 Configuration Guide
Chapter 37 BGP/MPLS VPN Configuration
37-2
37.1.1 BGP/MPLS VPN Model
I. BGP/MPLS VPN model
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
CE
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
CE
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
Backbone network of
the service provider
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
CE
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
CE
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
CE
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
Backbone network of
the service provider
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
Figure 37-1
MPLS VPN model
As shown in Figure 37-1, MPLS VPN model contains three parts: CE, PE and P.
z
CE (Customer Edge) device: It is a composing part of the customer network, which
is usually connected with the service provider directly through an interface. It may
be a router or a switch which cannot sense the existence of VPN.
z
PE (Provider Edge) router: It is the Provider Edge router, namely the edge device
of the provider network, which connects with your CE directly. In MPLS network,
PE router processes all the operations for VPN.PE needs to possess MPLS basic
forwarding capability.
z
P (Provider) router: It is the backbone router in the provider network, which is not
connected with CE directly. P router needs to possess MPLS basic forwarding
capability.
The classification of CE and PE mainly depends on the range for the management of
the provider and the customer, and CE and PE are the edges of the management
ranges.
II. Nested BGP/MPLS VPN model
In a basic BGP/MPLS VPN model, the PEs are in the network of the service provider
and are managed by the service provider.
When a VPN user wants to subdivide the VPN into multiple VPNs, the traditional
solution is to configure these VPNs directly on the PEs of the service provider. This
solution is easy to implement, but has the following disadvantages: the number of the
VPNs carried on PEs may increase rapidly; the operator may have to perform more
operations when required by a user to adjust the relation between the user's internal