The MPLS/VPN architecture
Jim Guichard and Ivan Pepelnjak
Using Multiprotocol Label Switching, it's possible to come up with a technology that combines the best features of an overlay VPN and a peer-to-peer VPN. This tip, excerpted from InformIT, discusses the advantages of using this approach.
Network management topics like this one will be discussed at the new Networking Decisions Conference held in Chicago on October 16 - 18. The conference is free for attendees. Go to www.networkingdecisions.com to read more, and to sign up for a free registration.
With the introduction of Multiprotocol Label Switching (MPLS), which combines the benefits of Layer 2 switching with Layer 3 routing and switching, it became possible to construct a technology that combines the benefits of an overlay VPN (such as security and isolation among customers) with the benefits of simplified routing that a peer-to-peer VPN implementation brings. The new technology, called MPLS/VPN, results in simpler customer routing and somewhat simpler service provider provisioning, and makes possible a number of topologies that are hard to implement in either the overlay or peer-to-peer VPN models. MPLS also adds the benefits of a connection-oriented approach to the IP routing paradigm, through the establishment of label-switched paths, which are created based on topology information rather than traffic flow.
This might lead you to believe that any overlay VPN implementation can be replaced with an MPLS/VPN implementation. Unfortunately, that is not true. MPLS/VPN currently supports only IP as the Layer 3 protocol. Other protocols, such as IPX and AppleTalk, still must be tunneled across an IP backbone.
The MPLS/VPN architecture provides the capability to commission an IP network infrastructure that delivers private network services over a shared infrastructure. The MPLS/VPN technology is quite complex in itself.
The overlapping addresses, usually resulting from usage of private IP addresses in customer networks, are one of the major obstacles to successful deployment of peer-to-peer VPN implementations. The MPLS/VPN technology provides an elegant solution to the dilemma: Each VPN has its own routing and forwarding table in the router, so any customer or site that belongs to that VPN is provided access only to the set of routes contained within that table. Any PE router in an MPLS/VPN network thus contains a number of per-VPN routing tables and a global routing table that is used to reach other routers in the provider network, as well as external globally reachable destinations (for example, the rest of the Internet). Effectively, a number of virtual routers are created in a single physical router.
To read the entire article from which this tip is excerpted, click over to InformIT. You have to register there, but the registration is free. For more information, see SearchEnterpriseWAN.com's MPLS VPN tutorial.