CH A P T E R 2

Overview

End-to-end virtualization of an enterprise network infrastructure relies upon the following primary
components:
• Virtual routing instances in edge routers, delivering service to each group that uses a virtualized
infrastructure instance
• Route-distinguishers, added to IPv4 addresses to support overlapping address spaces in the virtual
infrastructure
• Label-based forwarding in the network core so that forwarding does not rely on IP addresses in a
virtual network, which can overlap with other virtual networks
Figure 2-1 summarizes the three most common options used to virtualize enterprise Layer 3 (L3) WANs.

Figure 2-1 Transport Options for L3 WAN Virtualization

1 Self Deployed IP/MPLS Backbone

Customer Managed Backbone

CE

Site 1
CE
P
P
Site 3
PE PE
P
Site 2
CE Customer-deployed Backbone
(IP and/or MPLS)

2 SP Managed “Ethernet” Service

Customer Managed Customer Managed
Backbone Backbone
SP Managed Domain
CE

Site 1 Provider
Ethernet
CE
Service
Site 3
PE
PE
Site 2
CE

3 SP Managed “IP VPN” Service

Customer Managed Customer Managed
Backbone Backbone
SP Managed Domain
CE

Site 1
Provider CE
MPLS VPN
Service Site 3
PE
PE
Site 2
CE
297258

VRFs IP Routing Peer (BGP, Static, IGP)

Cisco ASR 9000 Enterprise L3VPN

Design and Implementation Guide 2-1
Chapter 2 Overview
Terminology

This guide focuses on Option 1 in Figure 2-1, the enterprise-owned and operated Multiprotocol Label
Switching (MPLS) L3VPN model.

Terminology
The following terminology is used in the MPLS L3VPN architecture:
• Virtual routing and forwarding instance (VRF)—This entity in a physical router enables the
implementation of separate routing and control planes for each client network in the physical
infrastructure.
• Label Distribution Protocol (LDP)—This protocol is used on each link in the MPLS L3VPN
network to distribute labels associated with prefixes; labels are locally significant to each link.
• Multiprotocol BGP (MP-BGP)—This protocol is used to append route distinguisher values to
ensure unique addressing in the virtualized infrastructure, and imports and exports routes to each
VRF based on route target community value.
• P (provider) router—This type of router, also called a Label Switching Router (LSR), runs an
Interior Gateway Protocol (IGP) and LDP.
• PE (provider edge) router—This type of router, also called an edge router, imposes and removes
MPLS labels and runs IGP, LDP, and MP-BGP.
• CE (customer edge) router—This type of router is the demarcation device in a provider-managed
VPN service. It is possible to connect a LAN to the PE directly. However, if multiple networks exist
at a customer location, a CE router simplifies the task of connecting the networks to an L3VPN
instance.
The PE router must import all client routes served by the associated CE router into the VRF of the PE
router associated with that virtual network instance. This enables the MPLS L3VPN to distribute route
information to enable route connectivity among branch, data center, and campus locations.
Figure 2-2 shows how the components combine to create an MPLS L3VPN service and support multiple
L3VPNs on the physical infrastructure. In the figure, a P router connects two PE routers. The packet flow
is from left to right.

Figure 2-2 Figure 2 Major MPLS L3VPN Components and Packet Flow
PE P P PE

PE

PE

VPN Data
l
IGP Labe
l
Labe

4 Byte 4 Byte
297259

Original Packet
IGP Label VPN Label

The PE on the left has three groups, each using its own virtual network. Each PE has three VRFs (red,
green and blue); each VRF is for the exclusive use of one group using a virtual infrastructure.

Cisco ASR 9000 Enterprise L3VPN

Design and Implementation Guide 2-2
 Chapter 2 Overview
Terminology

When an IP packet comes to the PE router on the left, the PE appends two labels to the packet. BGP
appends the inner (VPN) label and its value is constant as the packet traverses the network. The inner
label value identifies the interface on the egress PE out of which the IP packet will be sent. LDP assigns
the outer (IGP) label; its value changes as the packet traverses the network to the destination PE.
For more information about MPLS VPN configuration and operation, refer to “Configuring a Basic
MPLS VPN” at:
• http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/13733-mpls-vp
n-basic.html

Cisco ASR 9000 Enterprise L3VPN

2-3 Design and Implementation Guide