Problem solve Get help with specific problems with your technologies, process and projects.

The MPLS/VPN architecture

How to combine the best of overlay and peer-to-peer VPNs.

The MPLS/VPN architecture
Jim Guichard and Ivan Pepelnjak

Using Multiprotocol Label Switching, it's possible to come up with a technology that combines the best features of an overlay VPN and a peer-to-peer VPN. This tip, excerpted from InformIT, discusses the advantages of using this approach.

Network management topics like this one will be discussed at the new Networking Decisions Conference held in Chicago on October 16 - 18. The conference is free for attendees. Go to to read more, and to sign up for a free registration.

With the introduction of Multiprotocol Label Switching (MPLS), which combines the benefits of Layer 2 switching with Layer 3 routing and switching, it became possible to construct a technology that combines the benefits of an overlay VPN (such as security and isolation among customers) with the benefits of simplified routing that a peer-to-peer VPN implementation brings. The new technology, called MPLS/VPN, results in simpler customer routing and somewhat simpler service provider provisioning, and makes possible a number of topologies that are hard to implement in either the overlay or peer-to-peer VPN models. MPLS also adds the benefits of a connection-oriented approach to the IP routing paradigm, through the establishment of label-switched paths, which are created based on topology information rather than traffic flow.

This might lead you to believe that any overlay VPN implementation can be replaced with an MPLS/VPN implementation. Unfortunately, that is not true. MPLS/VPN currently supports only IP as the Layer 3 protocol. Other protocols, such as IPX and AppleTalk, still must be tunneled across an IP backbone.

The MPLS/VPN architecture provides the capability to commission an IP network infrastructure that delivers private network services over a shared infrastructure. The MPLS/VPN technology is quite complex in itself.

[For example:]

The overlapping addresses, usually resulting from usage of private IP addresses in customer networks, are one of the major obstacles to successful deployment of peer-to-peer VPN implementations. The MPLS/VPN technology provides an elegant solution to the dilemma: Each VPN has its own routing and forwarding table in the router, so any customer or site that belongs to that VPN is provided access only to the set of routes contained within that table. Any PE router in an MPLS/VPN network thus contains a number of per-VPN routing tables and a global routing table that is used to reach other routers in the provider network, as well as external globally reachable destinations (for example, the rest of the Internet). Effectively, a number of virtual routers are created in a single physical router.

To read the entire article from which this tip is excerpted, click over to InformIT. You have to register there, but the registration is free. For more information, see's MPLS VPN tutorial.

This was last published in August 2002

Dig Deeper on Network Infrastructure

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.