3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration
37-2
37.1.1 BGP/MPLS VPN Model

I. BGP/MPLS VPN model

site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
CE
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
CE
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
Backbone network of
the service provider
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
CE
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
CE
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
VPN1
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2
site 1
VPN1
CE
site 2
VPN 2
CE
PE
P
PE
P
P
PE
PE
Backbone network of
the service provider
site 1
CE
site 2
CE
VPN1
site 3
CE
VPN2

Figure 37-1 MPLS VPN model

As shown in Figure 37-1, MPLS VPN model contains three parts: CE, PE and P.

z CE (Customer Edge) device: It is a composing part of the customer network, which

is usually connected with the service provider directly through an interface. It may

be a router or a switch which cannot sense the existence of VPN.

z PE (Provider Edge) router: It is the Provider Edge router, namely the edge device

of the provider network, which connects with your CE directly. In MPLS network,

PE router processes all the operations for VPN.PE needs to possess MPLS basic

forwarding capability.

z P (Provider) router: It is the backbone router in the provider network, which is not

connected with CE directly. P router needs to possess MPLS basic forwarding

capability.

The classification of CE and PE mainly depends on the range for the management of

the provider and the customer, and CE and PE are the edges of the management

ranges.

II. Nested BGP/MPLS VPN model

In a basic BGP/MPLS VPN model, the PEs are in the network of the service provider

and are managed by the service provider.

When a VPN user wants to subdivide the VPN into multiple VPNs, the traditional

solution is to configure these VPNs directly on the PEs of the service provider. This

solution is easy to implement, but has the following disadvantages: the number of the

VPNs carried on PEs may increase rapidly; the operator may have to perform more

operations when required by a user to adjust the relation between the user's internal