Cisco Systems OL-4344-01 manual About Provider Edge Routers PEs, About Multi-VRF CEs

Page 10

Chapter 1 About Cisco IP Solution Center

The Customer’s and Provider’s View of the Network

Figure 1-6 Service Provider’s View of the Network

VPN 10

CE

Gadgets, Inc.

PE-1

Seattle

VPN 15

CE

Gizmos, Intl.

San Francisco

Service provider network

VPN 10

CE

Gadgets, Inc.

 

 

 

 

 

BGP

 

 

New York City

 

 

 

 

BGP

MPLS core

PE-2

 

 

 

BGP

 

 

 

PE-3

 

VPN 15

 

VPN 10

VPN 15

 

 

 

 

 

CE

 

 

 

 

Gizmos, Intl.

 

 

 

 

London

 

CE

CE

 

 

Gadgets, Inc.

Gizmos, Intl.

Chicago

Berlin

28555

About Provider Edge Routers (PEs)

At the edge of the provider network are provider edge routers (PEs). Within the provider network are other provider routers as needed (often designated as P routers) that communicate with each other and the PEs via the Border Gateway Protocol-Multiprotocol (MP-BGP). Note that in this model, the service provider need only provision the links between the PEs and CEs.

PEs maintain separate routing tables called VPN routing and forwarding tables (VRFs). The VRFs contain the routes for directly connected VPN sites only. (For more information about VRFs, see the “VPN Routing and Forwarding Tables (VRFs)” section on page 1-16). PEs exchange VPN-IPv4 updates through MP-iBGP sessions. These updates contain VPN-IPv4 addresses and labels. The PE originating the route is the next hop of the route. PE addresses are referred to as host routes into the core interior gateway protocol.

About Multi-VRF CEs

The Multi-VRF CE is a feature that provides for Layer 3 aggregation. Multiple CEs can connect to a single Multi-VRF CE (typically in an enterprise network); then the Multi-VRF CE connects directly to a PE. A Multi-VRF CE can be a Cisco router or a Cisco Catalyst® 3550 Intelligent Ethernet Switch.

The Multi-VRF CE functionality extends some of the functionality formerly reserved to the PE to a CE router in an MPLS VPN—the only PE-like functionality that this feature provides is the ability to have multiple VRFs on the CE router so that different routing decisions can be made. The packets are sent toward the PE as IP packets.

With this feature, a Multi-VRF CE can maintain separate VRF tables to extend the privacy and security of an MPLS VPN down to a branch office, rather than just at the PE router node.

Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0

1-10

OL-4344-01

 

 

Image 10
Contents About Cisco IP Solution Center Overview of ISC ISC Network Management SubnetISC Features Service Provider Network for Vlan ID Management Access Domain Assigned Resource PoolsFeatures and Functions Provided in Provisioning with ISC VPN Service Profile-Based ProvisioningRole-Based Access Control Rbac CPE Customer’s and Provider’s View of the Network Customer’s View of the NetworkAbout Provider Edge Routers PEs About Multi-VRF CEsA Multi-VRF CE Providing Layer 3 Aggregation Using Templates to Customize Configuration Files Mapping IPsec Tunnels to Mpls VPNsAuditing Service Requests Uses for the Template FunctionAbout Mpls VPNs VPNs Sharing SitesCharacteristics of Mpls VPNs Intranets and ExtranetsVPN Routing and Forwarding Tables VRFs VRF Implementation Considerations Ip vrf site2 rdCreating a VRF Instance Route Distinguishers and Route TargetsRoute Target Communities CE Routing CommunitiesHub and Spoke Considerations Address Space Separation Security Requirements for Mpls VPNsAddress Space and Routing Separation Routing SeparationHiding the Mpls Core Structure Resistance to Attacks Securing the Routing ProtocolLabel Spoofing Trusted Devices Routing AuthenticationSecuring the Mpls Core PE-CE InterfaceSeparation of CE-PE Links LDP AuthenticationConnectivity Between VPNs MP-BGP Security Features Security Through IP Address ResolutionEnsuring VPN Isolation North Bound Interface NBIAPI Functionality Supported NBI Benefits Distributed Load BalancingAPI Approach 11 Simple Flat-Based Server Load Balancing Configuration Four-Tier System Architecture Client tierControl tier