1. Home
  2. Networking
  3. MPLS and VPN Architectures

Case Study: Basic MPLS/VPN Intranet Service

One of the simplest VPN topologies you can provision using the MPLS/VPN architecture is an Intranet between multiple sites that belong to the same organization. This topology is the basic VPN network structure that provides any-to-any connectivity between sites using the enhanced peer-to-peer model discussed in Chapter 7, "Virtual Private Network (VPN) Implementation Options." Using the same mechanisms you use to build the Intranet topology, you can add more advanced services and connectivity requirements.

Figure 9-1 shows an example of this type of topology, which is used as a case study throughout this chapter.

Figure 9-1. Basic MPLS/VPN Intranet Topology Structure

graphics/09fig01.gif

In Figure 9-1, you can see that the SuperCom MPLS/VPN backbone has two VPN customers: EuroBank and FastFoods. The EuroBank organization has sites in San Francisco, New York, and Paris. The FastFoods organization has sites in San Jose, New York, and Lyon. Both customer sites have the any-to-any, non-redundant, Intranet VPN service from the SuperCom MPLS/VPN backbone, with only one CE-to-PE connection.

The SuperCom service provider learns routes from both VPN customers through a combination of RIP Version 2 and static routing. The EuroBank San Francisco site and the FastFoods San Jose site both use RIP Version 2 to communicate with the MPLS/VPN backbone, whereas the FastFoods Lyon/New York and EuroBank Paris/New York sites use static routing.

Table 9-1 shows the relevant address space for both VPN customers, and the loopback addresses used by the SuperCom backbone for BGP sessions.

Table 9-1. Address Space for VPN Customers and Service Provider Loopbacks

Company

Site

Subnet

FastFoods

San Jose

195.12.2.0/24
 

New York

10.2.2.0/24
 

Lyon

10.2.1.0/24

EuroBank

San Francisco

10.2.1.0/24
 

New York

10.1.2.0/24
 

Paris

196.7.25.0/24

SuperCom

Paris (Loopback 0)

194.22.15.1/32
 

San Jose (Loopback 0)

194.22.15.2/32
 

New York (Loopback 0)

194.22.15.3/32

To provision this VPN service across the MPLS/VPN backbone, follow these steps:

  1. Define and configure the VRFs.

  2. Define and configure the route distinguishers.

  3. Define and configure the import and export policies.

  4. Configure the PE-to-CE links.

  5. Associate the CE-interfaces to the previously defined VRFs.

  6. Configure the Multiprotocol BGP.

Throughout the rest of this chapter, you examine in more detail each of these mechanisms and you can follow the configuration of the SuperCom San Jose PE-router (refer to Figure 9-1) to learn how to provision the basic MPLS/VPN architecture.



    		MPLS and VPN Architectures
    		About the Authors
    		About the Technical Reviewers
    		Acknowledgments
    		Part I: MPLS Technology and Configuration
    		Part 2: MPLS-based Virtual Private Networks
    		Chapter 7. Virtual Private Network (VPN) Implementation Options
    		Chapter 8. MPLS/VPN Architecture Overview
    		Chapter 9. MPLS/VPN Architecture Operation
    		Case Study: Basic MPLS/VPN Intranet Service
    		Configuration of VRFs
    		Route Distinguishers and VPN-IPv4 Address Prefixes
    		BGP Extended Community Attribute
    		Basic PE to CE Link Configuration
    		Association of Interfaces to VRFs
    		Multiprotocol BGP Usage and Deployment
    		Outbound Route Filtering (ORF) and Route Refresh Features
    		MPLS/VPN Data Plane?Packet Forwarding
    		Summary
    		Chapter 10. Provider Edge (PE) to Customer Edge (CE) Connectivity Options
    		Chapter 11. Advanced MPLS/VPN Topologies
    		Chapter 12. Advanced MPLS/VPN Topics
    		Chapter 13. Guidelines for the Deployment of MPLS/VPN
    		Chapter 14. Carrier's Carrier and Inter-provider VPN Solutions
    		Chapter 15. IP Tunneling to MPLS/VPN Migration Case Study
    		Appendix A. Tag-switching and MPLS Command Reference