MPLS - Virtual Private Network (VPN)
What does the term "VPN" mean in the context of MPLS?
A VPN is a technology that creates a secure and encrypted connection over a less secure network, such as the Internet. It’s like a protected tunnel through which your traffic can pass undisturbed, away from the prying eyes of hackers, your ISP, the government, and even the websites you visit. VPNs can be deployed in various forms, such as site-to-site, host-based, or even via a subscription-based VPN provider, which creates a VPN between your device and its servers, which then act as a proxy for your communications.
In the context of MPLS, a VPN can be thought of as a ‘pseudo-wire’ that exists in an MPLS network. This pseudo-wire is able to transport payload traffic of various types and segments, each isolated from each other. This is where the understanding of a VPN as a network/connection running over a tunnel comes in.
The mpls ip
command on MPLS routers (label switch routers (LSRs) and label edge routers (LERs)) simply enables MPLS on the interface, but does not make it a VPN. The VPN comes into play when we start using VRF and RDs and RTs. These are used to segregate customer traffic, making each customer’s traffic private from others - hence the term VPN.
In a normal MPLS network without VRFs, RDs/RTs, all customer traffic would be in the same routing instance, which would not provide the necessary separation and isolation for it to be considered a VPN.
However, VPNs in the context of MPLS have a couple of specialized traits:
- First, a VPN in the context of MPLS does not apply any form of security, which is traditionally associated with VPNs. If you want to ensure an encrypted MPLS L3 VPN implementation, you can use an option such as FlexVPN or IPSec with MPLS, among other options.
- The second is that MPLS L3 VPNs use what are known as VPNv4 and VPNv6 routes. In the context of BGP and MPLS these terms refer to the BGP address family used to carry IPv4 and IPv6 prefixes over MPLS-based VPNs. So the term VPN in this context is a well-defined terminology for MPLS and means something very specific.
Links
https://networklessons.com/mpls/mpls-layer-3-vpn-configuration/
Links to this page:
- MPLS - Disabling IPv4 address family in BGP for VPNv4
- MPLS - L3VPN BGP EIGRP redistribution
- MPLS - L3VPN BGP OSPF Redistribution
- MPLS - Using the BGP Allow-AS in feature
- MPLS - VPN label
- MPLS - VPNv4 Labels are assigned per route
- OSPF - MPLS SuperBackbone
- OSPF requirements for forming adjacency
- OSPF sham-link
- VRF - VPNv4 address