Understanding Carrier-of-Carriers VPNs

 

The customer of a VPN service provider might be a service provider for the end customer. The following are the two main types of carrier-of-carriers VPNs (as described in RFC 4364:

  • Internet Service Provider as the Customer—The VPN customer is an ISP that uses the VPN service provider’s network to connect its geographically disparate regional networks. The customer does not have to configure MPLS within its regional networks.

  • VPN Service Provider as the Customer—The VPN customer is itself a VPN service provider offering VPN service to its customers. The carrier-of-carriers VPN service customer relies on the backbone VPN service provider for inter-site connectivity. The customer VPN service provider is required to run MPLS within its regional networks.

Figure 1 illustrates the network architecture used for a carrier-of-carriers VPN service.

Figure 1: Carrier-of-Carriers VPN Architecture
Carrier-of-Carriers VPN Architecture

This topic covers the following:

Internet Service Provider as the Customer

In this type of carrier-of-carriers VPN configuration, ISP A configures its network to provide Internet service to ISP B. ISP B provides the connection to the customer wanting Internet service, but the actual Internet service is provided by ISP A.

This type of carrier-of-carriers VPN configuration has the following characteristics:

  • The carrier-of-carriers VPN service customer (ISP B) does not need to configure MPLS on its network.

  • The carrier-of-carriers VPN service provider (ISP A) must configure MPLS on its network.

  • MPLS must also be configured on the CE routers and PE routers connected together in the carrier-of-carriers VPN service customer’s and carrier-of-carriers VPN service provider’s networks.

VPN Service Provider as the Customer

A VPN service provider can have customers that are themselves VPN service providers. In this type of configuration, also called a hierarchical or recursive VPN, the customer VPN service provider’s VPN-IPv4 routes are considered external routes, and the backbone VPN service provider does not import them into its VRF table. The backbone VPN service provider imports only the customer VPN service provider’s internal routes into its VRF table.

The similarities and differences between interprovider and carrier-of-carriers VPNs are shown in Table 1.

Table 1: Comparison of Interprovider and Carrier-of-Carriers VPNs

Feature

ISP Customer

VPN Service Provider Customer

Customer edge device

AS border router

PE router

IBGP sessions

Carry IPv4 routes

Carry external VPN-IPv4 routes with associated labels

Forwarding within the customer network

MPLS is optional

MPLS is required

Support for VPN service as the customer is supported on QFX10000 switches starting with Junos OS Release 17.1R1.

Release History Table
Release
Description
Support for VPN service as the customer is supported on QFX10000 switches starting with Junos OS Release 17.1R1.