Skip Navigation LinksHome > Products > MPLS and GMPLS > MPLS Services > Layer 3 VPNs

Layer 3 VPNs

More information

Related pages

MPLS compatibility IP Routing compatibility

BGP/MPLS Virtual Private Networks (VPNs), as defined in RFC 4364 and related drafts and standards, provide a Layer 3 VPN (L3 VPN).

With Layer 3 VPNs, each Provider Edge (PE) device acts like a set of virtual routers, one per VPN. The service provider configures the VPN membership of each PE router port. As a result, the port's view of the network is restricted to the VPNs of which it is a member, and it cannot address devices outside that environment. Either static routes are provisioned on both the CE and PE, or, for more complex scenarios, a routing protocol (such as RIP, OSPF or BGP) is run between CE and PE. So the interface between the CE and PE devices is conventional IP routing.

The service provider also establishes a suitable transport mesh of MPLS Label Switched Paths (LSPs) between all the PE routers that need to communicate. The PE devices qualify each external IP address that they learn with a per-VPN identifier, and broadcast them to all other PE routers using an extended form of BGP. They also include an MPLS label that is specific to the destination route (or, in some implementations, the destination port). Through this process, the PE devices build up a complete map of the VPNs and destination labels.

Layer 3 VPN PE device

Integrated L3 VPN solution

Metaswitch's VPN Manager product (DC-VPN Manager) is an extension to DC-BGP. It provides VPN routing and forwarding software that facilitates the implementation of BGP/MPLS L3 VPNs. In conjunction with DC-MPLS, and possibly other routing protocols (such as DC-OSPF, DC-ISIS, and DC-RIP), it provides a complete VPN control plane solution for CE and PE routers.

The VPN Manager software coordinates VPN activities including

  • providing flexible internet access to all VPNs
  • leaking VRF table routes into the provider's network, under the control of local policy, for example to enable individual VPN addresses to be advertised to the internet
  • requesting labels from DC-MPLS Label Manager and passing them to other PE routers using DC-BGP
  • implementing the VPN-MIB (draft-ietf-ppvpn-mpls-vpn-mib, plus extensions for configuring the VPNs and defining policies for route propagation)
  • implementing the BGP-MPLS IP VPN extension for IPv6 VPN (RFC 4659).

Related links:


For inquiries about Metaswitch's MPLS products and expertise contact .