MPLS L3 VPN

MPLS L3 VPNs are deployed by service providers to provide L3 network connectivity and multi-tenant traffic isolation using an MPLS network.

In the figure below, the MPLS L3 VPN uses BGP Autonomous System (AS) 65001, CEs in Virtual Routing and Forwarding (VRF1) utilize AS 65101/65102, CEs in VRF2 utilize AS 65201/65202. VRF1 and VRF2 may utilize overlapping IP subnets if desired.

 

In this example, VRF1 consists of CE1 (LAN subnet 10.1.11.0/24) and CE3 (LAN subnet 10.1.12.0/24). VRF2 consists of CE2 (LAN subnet 10.1.11.0/24) and CE4 (LAN subnet 10.1.12.0/24). The Core LSR now functions as Provider (P) or Route Reflector (RR). The Edge LSR now functions as Provider Edge (PE). Customer Edge (CE) routers are not part of the MPLS L3VPN network but are attached to it. VRFs (without MPLS or VPNv4) could be enabled on CEs to provide locally significant L3 network isolation.

Multi Protocol BGP (MP-BGP) is used between PE routers to exchange VPNv4 addresses, extended communities and labels. Full mesh IBGP peering is avoided within the MPLS L3 VPN network when P routers function as VPNv4 RR. PE would peer to dual RRs for redundancy.