RFC 2547 (rfc2547) - Page 2 of 25


BGP/MPLS VPNs



Alternative Format: Original Text Document



RFC 2547                     BGP/MPLS VPNs                    March 1999


   4.2.1      The Target VPN Attribute  ...........................  10
   4.2.2      Route Distribution Among PEs by BGP  ................  12
   4.2.3      The VPN of Origin Attribute  ........................  13
   4.2.4      Building VPNs using Target and Origin Attributes  ...  14
   5          Forwarding Across the Backbone  .....................  15
   6          How PEs Learn Routes from CEs  ......................  16
   7          How CEs learn Routes from PEs  ......................  19
   8          What if the CE Supports MPLS?  ......................  19
   8.1        Virtual Sites  ......................................  19
   8.2        Representing an ISP VPN as a Stub VPN  ..............  20
   9          Security  ...........................................  20
   9.1        Point-to-Point Security Tunnels between CE Routers  .  21
   9.2        Multi-Party Security Associations  ..................  21
   10         Quality of Service  .................................  22
   11         Scalability  ........................................  22
   12         Intellectual Property Considerations  ...............  23
   13         Security Considerations  ............................  23
   14         Acknowledgments  ....................................  23
   15         Authors' Addresses  .................................  24
   16         References  .........................................  24
   17         Full Copyright Statement.............................  25

1. Introduction

1.1. Virtual Private Networks

   Consider a set of "sites" which are attached to a common network
   which we may call the "backbone". Let's apply some policy to create a
   number of subsets of that set, and let's impose the following rule:
   two sites may have IP interconnectivity over that backbone only if at
   least one of these subsets contains them both.

   The subsets we have created are "Virtual Private Networks" (VPNs).
   Two sites have IP connectivity over the common backbone only if there
   is some VPN which contains them both.  Two sites which have no VPN in
   common have no connectivity over that backbone.

   If all the sites in a VPN are owned by the same enterprise, the VPN
   is a corporate "intranet".  If the various sites in a VPN are owned
   by different enterprises, the VPN is an "extranet".  A site can be in
   more than one VPN; e.g., in an intranet and several extranets.  We
   regard both intranets and extranets as VPNs. In general, when we use
   the term VPN we will not be distinguishing between intranets and
   extranets.

   We wish to consider the case in which the backbone is owned and
   operated by one or more Service Providers (SPs).  The owners of the
   sites are the "customers" of the SPs.  The policies that determine



Rosen & Rekhter              Informational