VPRN (Virtual Private Routed Network)

VPRN (Virtual Private Routed Network) is a Multipoint-to-Multiponit Layer 3 VPN Service of Alcatel-Lucent. It can be imagined like a router. So, in this service, routing is the main point.

Logical View of VPRN

With VPRN, multiple sites of the customer can connect over an IP/MPLS network. So, from the customer perspective, the sites are connected to a Router.

You can see the logical view of VPRN below:

Logical View of VPRN

In VPRN, IP addresses are important, because it works on Layer 3.The traffic is routed according to IP addresses. This is the same logic used by routers. Think about this, a mini router in the main Servis Router.

From the customer perspective, VPRN service seem like below:

Alcatel-Lucent, Customer View of VPRN

Customer View of VPRN

MP-BGP is used on VPRN

In VPRN, route distribution of different VPRN services is done by MP-BGP. MP-BGP is the extended version of BGP that supports different address types than IPv4 unicast addresses. This will be explained later, detailly.

Inner/Outher Labels and VRF Tables

VPRN uses MPLS label mechanism with two label. One for “outher label” that allows the packet transfer over the provider MPLS network. In other words, this label is for Transport Tunnel. The other is “inner label” that determines the customer VPRN. This is for Service Tunnel. We had talked about this in Alcatel-Lucent Service article series. If you need, you can check again ;)

For each VPRN service, a seperate Routing table is built. And seperate IP addresses are used for each of this VPRN service. So, with VPRN, same private address blocks can be used between customers. The routing tables of each VPRN is called Virtual Routing and Forwarding (VRF) Table. This VRF term is also used in Cisco to during VPN creation. For Cisco VPN configuration, check the related article series. There is one that is not bad ;)

VPRN Example

As an example, you can check the below picture. In this picture, there are two customers each has two sites. VPRN 1 service is for Customer 1 and VPRN 2 service is for Customer 2.Each site has their own ip block and one block is overlapped as you see. Overlapped blocks can be used by different Customers in different VPRN service i as we said before. And below, you can also see the VRF Tables of PE routers.

Alcatel-Lucent, VPRN VRF Tables


VPRN Control Plane and Data Plane

There are two planes in VPRN services. One is control Plane where VPRN prefixes and customer network is identified. And the other is Forwarding Plane where the data is transported and forwarded according to the VPN service label.

In control plane, Customer routes are advertised to the PE routers. And In PE routers they are stored in the VRF Tables. Between the PE routers, CE routes are exchanged. This is done after adding the route-distinguisher to the routes. Remember, this allows using overlapping ip blocks. At the remote PE, the destination Customer router is identified by Route Targets and the routes are propagated to the destination Customer router. You can see this control plane process of VPRN below:

Alcatel-Lucent, VPRN Control Plane

VPRN Control Plane

In data plane, Customer routers send IP packets to the PE router. In PE router, LSP Label(Outer Label) and VPN Label(Inner Label) is added to the IP packet. In provider netowrk, this packet is label switched. Only Outer Label is changed and inner label do not change. Because, remember Provider routers are unaware about Service, so VPN Labels.At the remote PE, the labels are removed and the traffic is propagated to the exact point according to the VPN Label. You can see the data plane provess of VPRN below:

Alcatel-Lucent, VPRN Data Plane

VPRN Data Plane

Other Important Points in VPRN

How can the same address blocks transported over the same MPLS network?

As we said before, MP-BGP is used in VPRN. MP-BGP is an extension version of BGP to support more adress families. In VPRN to transport the same address blocks of one more customer, a mechanism need to identify these address blocks. To do this MP-BGP produce a new address with Route Distinguisher (RD). And this is named as VPN-IPv4 address.

VPRN VPN-IPv4 Address

VPRN VPN-IPv4 Address

Route Distinguisher is formed with 2 Byte Type, 2 or 4 Bytes Administrator and 2 or 4 Bytes Assigned number fields. As a common usage, the format is like 0:64600:100. After adding ip to this value, VPN-IPv4 Address is ready to use like 0:64600:100:

How can PE router know which route belong to which VRF?

The other important point in VPRN is the route destination determination in PE routers. The VRF came but how will it route to the destination. This is done by the help of Route Targets. The format of route target is like 64600:30. Here the first part is AS Number.

In this article, I tried to explain VPRN generally. I hope it will be helpfull for you. In the next article, we will focus on how to configure VPRN on Alcatel-Lucent Service Routers.

