RFC 4364 - BGP/MPLS IP Virtual Private Networks (VPNs)
Document Information
- RFC Number: 4364
- Title: BGP/MPLS IP Virtual Private Networks (VPNs)
- Authors: E. Rosen, Y. Rekhter
- Date: February 2006
- Category: Standards Track
- Obsoletes: RFC 2547
- ISSN: 2070-1721
Abstract
This document describes a method by which a Service Provider may use an IP backbone to provide IP Virtual Private Networks (VPNs) for its customers. This method uses a "peer model", in which the customers' edge routers (CE routers) send their routes to the Service Provider's edge routers (PE routers); there is no "overlay" visible to the customer's routing algorithm, and CE routers at different sites do not peer with each other. Data packets are tunneled through the backbone, so that the core routers do not need to know the VPN routes.
This document obsoletes RFC 2547.
Status of This Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Table of Contents
- Introduction
- Sites and VPNs
- VRFs: Multiple Forwarding Tables in PE Routers
- VPN Route Distribution via BGP
- Label Distribution
- VPN-IPv4 Address Family
- How VPN-IPv4 Addresses are Formed
- VPN Route Selection
- VPN Route Distribution in BGP
- Route Reflectors
- Building VPNs using LSP Tunnels
- Security Considerations
- Acknowledgements
- Normative References
- Informative References
1. Introduction
This document describes a method by which a Service Provider may use an IP backbone to provide IP Virtual Private Networks (VPNs) for its customers. This method uses a "peer model", in which the customers' edge routers (CE routers) send their routes to the Service Provider's edge routers (PE routers); there is no "overlay" visible to the customer's routing algorithm, and CE routers at different sites do not peer with each other. Data packets are tunneled through the backbone, so that the core routers do not need to know the VPN routes.
2. Sites and VPNs
A VPN is a collection of sites that share common routing information. A site is a set of IP systems that can communicate with each other without going through the public Internet. A site may consist of a single customer location or multiple locations connected by private lines.
3. VRFs: Multiple Forwarding Tables in PE Routers
Each PE router maintains a number of separate forwarding tables. One of these is the "default forwarding table", which contains the routes for the public Internet. The others are "VPN Routing and Forwarding instances" (VRFs). Each VRF is associated with one or more ports on the PE router.
4. VPN Route Distribution via BGP
PE routers use BGP to distribute VPN routes to each other. When a PE router receives a route from a CE router, it places the route in the appropriate VRF. It then distributes the route to other PE routers using BGP.
5. Label Distribution
MPLS labels are used to tunnel packets through the backbone. When a PE router distributes a VPN route via BGP, it also distributes an MPLS label for that route.
6. VPN-IPv4 Address Family
BGP is extended to support a new address family, VPN-IPv4. A VPN-IPv4 address consists of an 8-byte Route Distinguisher (RD) and a 4-byte IPv4 address.
7. How VPN-IPv4 Addresses are Formed
The RD is used to make the IPv4 address unique across all VPNs. The RD is prepended to the IPv4 address to form the VPN-IPv4 address.
8. VPN Route Selection
When a PE router receives multiple routes to the same destination, it uses the BGP decision process to select the best route.
9. VPN Route Distribution in BGP
VPN-IPv4 routes are distributed in BGP using the Multiprotocol Extensions for BGP-4 [RFC4760].
10. Route Reflectors
Route reflectors can be used to improve the scalability of the BGP mesh.
11. Building VPNs using LSP Tunnels
LSP tunnels can be used to tunnel VPN packets through the backbone.
12. Security Considerations
VPNs provided by this method should provide a level of security comparable to that of Frame Relay or ATM VPNs.
13. Acknowledgements
The authors would like to thank the many people who have contributed to this work.
14. Normative References
- [RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, "Multiprotocol Extensions for BGP-4", RFC 4760, January 2007.
15. Informative References
- [RFC2547] Rosen, E. and Y. Rekhter, "BGP/MPLS VPNs", RFC 2547, March 1999.
Authors' Addresses
Eric C. Rosen Cisco Systems, Inc. 1414 Massachusetts Avenue Boxborough, MA 01719
EMail: [email protected]
Yakov Rekhter Juniper Networks 1194 N. Mathilda Avenue Sunnyvale, CA 94089
EMail: [email protected]