BGP/MPLS VPNs
RFC 2547

Document Type RFC - Informational (March 1999; No errata)
Obsoleted by RFC 4364
Was draft-rosen-vpn-mpls (individual)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf html
Stream Legacy state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2547 (Informational)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                           E. Rosen
Request for Comments: 2547                                    Y. Rekhter
Category: Informational                              Cisco Systems, Inc.
                                                              March 1999

                             BGP/MPLS VPNs

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   This document describes a method by which a Service Provider with an
   IP backbone may provide VPNs (Virtual Private Networks) for its
   customers.  MPLS (Multiprotocol Label Switching) is used for
   forwarding packets over the backbone, and BGP (Border Gateway
   Protocol) is used for distributing routes over the backbone.  The
   primary goal of this method is to support the outsourcing of IP
   backbone services for enterprise networks. It does so in a manner
   which is simple for the enterprise, while still scalable and flexible
   for the Service Provider, and while allowing the Service Provider to
   add value. These techniques can also be used to provide a VPN which
   itself provides IP service to customers.

Table of Contents

   1          Introduction  .......................................   2
   1.1        Virtual Private Networks  ...........................   2
   1.2        Edge Devices  .......................................   3
   1.3        VPNs with Overlapping Address Spaces  ...............   4
   1.4        VPNs with Different Routes to the Same System  ......   4
   1.5        Multiple Forwarding Tables in PEs  ..................   5
   1.6        SP Backbone Routers  ................................   5
   1.7        Security  ...........................................   5
   2          Sites and CEs  ......................................   6
   3          Per-Site Forwarding Tables in the PEs  ..............   6
   3.1        Virtual Sites  ......................................   8
   4          VPN Route Distribution via BGP  .....................   8
   4.1        The VPN-IPv4 Address Family  ........................   9
   4.2        Controlling Route Distribution  .....................  10

Rosen & Rekhter              Informational                      [Page 1]
RFC 2547                     BGP/MPLS VPNs                    March 1999

   4.2.1      The Target VPN Attribute  ...........................  10
   4.2.2      Route Distribution Among PEs by BGP  ................  12
   4.2.3      The VPN of Origin Attribute  ........................  13
   4.2.4      Building VPNs using Target and Origin Attributes  ...  14
   5          Forwarding Across the Backbone  .....................  15
   6          How PEs Learn Routes from CEs  ......................  16
   7          How CEs learn Routes from PEs  ......................  19
   8          What if the CE Supports MPLS?  ......................  19
   8.1        Virtual Sites  ......................................  19
   8.2        Representing an ISP VPN as a Stub VPN  ..............  20
   9          Security  ...........................................  20
   9.1        Point-to-Point Security Tunnels between CE Routers  .  21
   9.2        Multi-Party Security Associations  ..................  21
   10         Quality of Service  .................................  22
   11         Scalability  ........................................  22
   12         Intellectual Property Considerations  ...............  23
   13         Security Considerations  ............................  23
   14         Acknowledgments  ....................................  23
   15         Authors' Addresses  .................................  24
   16         References  .........................................  24
   17         Full Copyright Statement.............................  25

1. Introduction

1.1. Virtual Private Networks

   Consider a set of "sites" which are attached to a common network
   which we may call the "backbone". Let's apply some policy to create a
   number of subsets of that set, and let's impose the following rule:
   two sites may have IP interconnectivity over that backbone only if at
   least one of these subsets contains them both.

   The subsets we have created are "Virtual Private Networks" (VPNs).
   Two sites have IP connectivity over the common backbone only if there
   is some VPN which contains them both.  Two sites which have no VPN in
   common have no connectivity over that backbone.

   If all the sites in a VPN are owned by the same enterprise, the VPN
Show full document text