1. Home
  2. Networking
  3. MPLS and VPN Architectures

Chapter 8. MPLS/VPN Architecture Overview

In the previous chapter, you learned about virtual private network (VPN) evolution; two major VPN models, overlay VPN and peer-to-peer VPN; and the major technologies used to implement both VPN models.

The overlay VPN model, most commonly used in a service provider network, dictates that the design and provisioning of virtual circuits across the backbone must be complete prior to any traffic flow. In the case of an IP network, this means that even though the underlying technology is connectionless, it requires a connection-oriented approach to provision the service.

From a service provider's point of view, the scaling issues of an overlay VPN model are felt most when having to manage and provision a large number of circuits/tunnels between customer devices. From a customer's point of view, the Interior Gateway Protocol design is typically extremely complex and also difficult to manage.

On the other hand, the peer-to-peer VPN model suffers from lack of isolation between the customers and the need for coordinated IP address space between them.

With the introduction of Multiprotocol Label Switching (MPLS), which combines the benefits of Layer 2 switching with Layer 3 routing and switching, it became possible to construct a technology that combines the benefits of an overlay VPN (such as security and isolation among customers) with the benefits of simplified routing that a peer-to-peer VPN implementation brings. The new technology, called MPLS/VPN, results in simpler customer routing and somewhat simpler service provider provisioning, and makes possible a number of topologies that are hard to implement in either the overlay or peer-to-peer VPN models. MPLS also adds the benefits of a connection-oriented approach to the IP routing paradigm, through the establishment of label-switched paths, which are created based on topology information rather than traffic flow.

Note

This introduction might lead you to believe that any overlay VPN implementation can be replaced with an MPLS/VPN implementation. Unfortunately, that is not true. MPLS/VPN currently supports only IP as the Layer 3 protocol. Other protocols, such as IPX and AppleTalk, still must be tunneled across an IP backbone.


The MPLS/VPN architecture provides the capability to commission an IP network infrastructure that delivers private network services over a public infrastructure. This is the same type of service that has already been described in the previous chapter. However, the mechanisms used to provision the service are different. The MPLS/VPN technology is quite complex in itself and will be covered in a series of chapters. In this chapter, you'll see the basic MPLS/VPN concepts without going into too many details that would clutter the overall picture. In the next chapter, the detailed operation of MPLS/VPN is explained, along with the relevant configuration information to be able to provision a simple Intranet topology based on the MPLS/VPN architecture.



    		MPLS and VPN Architectures
    		About the Authors
    		About the Technical Reviewers
    		Acknowledgments
    		Part I: MPLS Technology and Configuration
    		Part 2: MPLS-based Virtual Private Networks
    		Chapter 7. Virtual Private Network (VPN) Implementation Options
    		Chapter 8. MPLS/VPN Architecture Overview
    		Case Study: Virtual Private Networks in SuperCom Service Provider Network
    		VPN Routing and Forwarding Tables
    		Overlapping Virtual Private Networks
    		Route Targets
    		Propagation of VPN Routing Information in the Provider Network
    		VPN Packet Forwarding
    		Summary
    		Chapter 9. MPLS/VPN Architecture Operation
    		Chapter 10. Provider Edge (PE) to Customer Edge (CE) Connectivity Options
    		Chapter 11. Advanced MPLS/VPN Topologies
    		Chapter 12. Advanced MPLS/VPN Topics
    		Chapter 13. Guidelines for the Deployment of MPLS/VPN
    		Chapter 14. Carrier's Carrier and Inter-provider VPN Solutions
    		Chapter 15. IP Tunneling to MPLS/VPN Migration Case Study
    		Appendix A. Tag-switching and MPLS Command Reference