13-5
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
OL-7827-12
Chapter 13 MPLS/VPN Support
How MPLS/VPN Support Works
Private IP Subscriber Support
VPN-based subscribers can have private IP mappings, which are a combination of an IP range and a VPN
mapping. Since the source of such mappings is typically in the BGP protocol, and they are received
automatically from the protocol by the BGP agent, the IP ranges may contain overlapping ranges. The
semantics of such overlaps is that of a longest prefix match.
For example, if subscriber A receives the range 10.0.0.0/8@VPN1 and subscriber B receives the range
10.1.0.0/16@VPN1, then the system maps IPs that start with 10.1 to subscriber B, and any other address
that begins with 10 to subscriber A. Traffic with other IP addresses on VPN1 will be mapped to the
unknown subscriber.
For private IP subscribers, flows are distributed to traffic processors according to the VPN, not according
to the IP address. This means that all traffic from any one VPN is mapped to the same traffic processor.
How the Service Control MPLS/VPN Solution Works
•
How the Service Control MPLS/VPN Solution Works: A Summary, page 13-5
•
SCE Platform Tasks in the MPLS/VPN Solution, page 13-5
•
BGP LEG Tasks in the MPLS/VPN Solution, page 13-6
•
SM Tasks in the MPLS/VPN Solution, page 13-6
How the Service Control MPLS/VPN Solution Works: A Summary
•
The SM is configured with the VPNs and VPN-based subscribers that should be managed.
A VPN is identified by the RD / RT and the PE.
•
The BGP-LEG updates the SM with the MPLS labels and IP routes.
•
The SM pushes the VPNs with their labels and the VPN-based subscriber to the SCE platform with
the downstream MPLS labels of the VPN.
•
The SCE platform resolves the PE MAC addresses and updates its tables with the new information.
•
The SCE platform learns the upstream labels, including the P MAC address.
•
The SCE platform provides the regular services to the VPN-based subscribers (BW management,
reports, etc.)
SCE Platform Tasks in the MPLS/VPN Solution
•
Matching upstream to downstream labels
–
Mappings of downstream labels to VPNs are received from the SM
–
Upstream labels are learned from the data
•
The MAC addresses of the PEs are used to distinguish downstream labels of different PEs
•
After the learning, each flow is classified as belonging to one of the VPNs.
•
The SCE platform performs a longest prefix match on the IP address inside the VPN, and classifies
each flow to the correct VPN-based subscriber
•
The SCE platform runs the SCA-BB application for the network flows, which are classified to
VPNs, thus providing subscriber aware service control and reporting