Network based IP VPN Architecture Using Virtual Routers

Document Type Withdrawn by IETF Internet-Draft (l3vpn WG)
Author Hamid Ould-Brahim 
Last updated 2007-05-07 (latest revision 2006-03-06)
Stream Internet Engineering Task Force (IETF)
Intended RFC status Informational
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Withdrawn by IETF (IESG: Dead)
Action Holders
Consensus Boilerplate Unknown
Telechat date
Responsible AD Mark Townsley
Send notices to,,,,,,

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes a network-based Virtual Private Network (VPN) architecture using the virtual router (VR) concept. Multiple VRs can exist in a single physical device. A VR emulates all the functionality of a physical router, and therefore inherits all existing mechanisms and tools for configuration, operation, accounting, and maintenance. Any routing protocol can be used to distribute VPN reachability information among VRs, and no VPN- related modifications or extensions are needed to the routing protocol for achieving VPN reachability. Direct VR-to-VR connectivity may be configured through layer-2 links or through IP- or MPLS-based tunnels. Traffic from VRs belonging to different VPNs may be aggregated over a "backbone VR" network, which greatly simplifies VPN provisioning. This architecture accommodates various backbone deployment scenarios, both where the VPN service provider owns the backbone, and where the VPN service provider obtains backbone service from one or more other service providers.


Hamid Ould-Brahim (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)