RFC 2547 (rfc2547) - Page 2 of 25
BGP/MPLS VPNs
Alternative Format: Original Text Document
RFC 2547 BGP/MPLS VPNs March 1999
4.2.1 The Target VPN Attribute ........................... 10
4.2.2 Route Distribution Among PEs by BGP ................ 12
4.2.3 The VPN of Origin Attribute ........................ 13
4.2.4 Building VPNs using Target and Origin Attributes ... 14
5 Forwarding Across the Backbone ..................... 15
6 How PEs Learn Routes from CEs ...................... 16
7 How CEs learn Routes from PEs ...................... 19
8 What if the CE Supports MPLS? ...................... 19
8.1 Virtual Sites ...................................... 19
8.2 Representing an ISP VPN as a Stub VPN .............. 20
9 Security ........................................... 20
9.1 Point-to-Point Security Tunnels between CE Routers . 21
9.2 Multi-Party Security Associations .................. 21
10 Quality of Service ................................. 22
11 Scalability ........................................ 22
12 Intellectual Property Considerations ............... 23
13 Security Considerations ............................ 23
14 Acknowledgments .................................... 23
15 Authors' Addresses ................................. 24
16 References ......................................... 24
17 Full Copyright Statement............................. 25
1. Introduction
1.1. Virtual Private Networks
Consider a set of "sites" which are attached to a common network
which we may call the "backbone". Let's apply some policy to create a
number of subsets of that set, and let's impose the following rule:
two sites may have IP interconnectivity over that backbone only if at
least one of these subsets contains them both.
The subsets we have created are "Virtual Private Networks" (VPNs).
Two sites have IP connectivity over the common backbone only if there
is some VPN which contains them both. Two sites which have no VPN in
common have no connectivity over that backbone.
If all the sites in a VPN are owned by the same enterprise, the VPN
is a corporate "intranet". If the various sites in a VPN are owned
by different enterprises, the VPN is an "extranet". A site can be in
more than one VPN; e.g., in an intranet and several extranets. We
regard both intranets and extranets as VPNs. In general, when we use
the term VPN we will not be distinguishing between intranets and
extranets.
We wish to consider the case in which the backbone is owned and
operated by one or more Service Providers (SPs). The owners of the
sites are the "customers" of the SPs. The policies that determine
Rosen & Rekhter Informational