Layer 3 VPN Mechanims

vprn

Basically in a L3 VPN Architecture, there is a Service Provider Network and there are multiple branches of multiple customers. Service Provider consist of P and PE devices and every branch of a customer has a CE device to connect to the Service Provider Network. These connection points are PE routers. PE routers are also the routers, that L3 VPN (L3 VPN ) Services are defined.

 

In L3 VPN Architecture, customer routers (CE) are connected to the Service Provider Edge Routers (PE). In the Provider Edge Routers there is a specific IP forwarding table (VRF Table) for each customer (or each L3 VPN ). This is the table created after L3 VPN (L3 VPN)definion.

 

A VRF Table is a specific Routing Table belongs to a specific L3 VPN . There are multiple VRF tables in a PE Router. Beside VRF tables, PE Routers also has a Default Forwarding Table.

 

In L3 VPN , customers can manage their IP addressing. They also manage CE devices and responsible from the routing inside their network. Customers use their own routing protocols. They provide the routing information of their private network to the Service Provider. For route advertisements, it can use same or different ip routing protocols between them and Service Provider Edge Router (PE Router).

 



 

Service Provider has already a routed network. And every Service Provider use an apprepriate routing protocol for their network. P and PE devices use this routing protocol inside the core network.

 

L3 VPN Service is a Layer 3 Service that provides end-to-end communication of customer branches over Service Provider IP/MPLS network. This Service is defined in PE devices of Service provider and for end-to-end service delivery, LSP tunnels are build between the PE devices. In this LSP tunnels, customer traffic is pass through the Service Provider network.

 

After explainning general L3 VPN process, let’s check L3 VPN process detailly. Here, we will explain L3 VPN with two main activities. These activities are Control Plane Activities and Data Plane Activities.

 


 

L3 VPN Control Plane and Data Plane

 

There are two planes in L3 VPN services. One is control Plane where L3 VPN prefixes and customer network is identified. And the other is Data (Forwarding) Plane where the data is transported and forwarded according to the VPN service label.

 

In control plane, Customer routes are advertised to the PE routers. And In PE routers they are stored in the VRF Tables. Between the PE routers, CE routes are exchanged. This is done after adding the Route Distinguisher to the routes. This allows using overlapping IP blocks. At the remote PE, the destination Customer router is identified by Route Targets and the routes are propagated to the destination Customer router. You can see this control plane process of L3 VPN below:

 

L3 VPN Control Plane
L3 VPN Control Plane
 

In data plane, Customer routers send IP packets to the PE router. In PE router, LSP Label(Outer Label) and VPN Label(Inner Label) is added to the IP packet. In provider network, this packet is label switched. Only Outer Label is changed and Inner Label does not change. Because, Provider routers are unaware about Service.At the remote PE, the labels are removed and the traffic is propagated to the exact point according to the VPN Label. You can see the data plane provess of L3 VPN below:

 

L3 VPN Data Plane
L3 VPN Data Plane
Lesson tags: l3 vpn, vpn services, vprn
Back to: JNCIP > Layer 3 VPN

Leave a Reply

Your email address will not be published. Required fields are marked *

JNCIP

Collapse
Expand
Latest Blog Posts