Traditional VPNs, Interprovider VPNs, and Carrier-of-Carriers VPNs

The sections that follow provide an overview of traditional VPNs, interprovider and carrier-of-carriers VPNs, and the differences in how external and internal routes are handled in each of these environments.

In traditional IP routing architectures, there is a clear distinction between internal routes and external routes. From the perspective of an Internet service provider (ISP), internal routes include all the provider’s internal links (including BGP next hops) and loopback interfaces. These internal routes are exchanged with other routing platforms in the ISP’s network by means of an interior gateway protocol (IGP), such as Open Shortest Path First (OSPF) or Intermediate System-to-Intermediate System (IS-IS). All routes learned at Internet peering points or from customer sites are classified as external routes and are distributed by means of an exterior gateway protocol (EGP) such as BGP. In traditional IP routing architectures, the number of internal routes is typically much smaller than the number of external routes.

Standard VPNs

The traditional distinction between internal routes and external routes also applies to VPN routing architectures. As shown in Figure 1, the provider (P) routers maintain only the service provider’s internal routes (to provider edge [PE] routers and other P routers); they do not maintain VPN routes. PE routers are the only devices in the provider network that are required to maintain external routes.

The BGP next hop connects the external routes to the internal routes in traditional VPNs:

• The BGP next hop is advertised with each external route in BGP advertisements.
• The route to the BGP next hop is an internal route that is advertised by the IGP.
• Multiprotocol Label Switching (MPLS) provides packet forwarding from the ingress PE router to the BGP next-hop egress PE router.

Interprovider and Carrier-of-Carriers VPNs

All interprovider and carrier-of-carriers VPNs share the following characteristics:

• Each interprovider or carrier-of-carriers VPN customer must distinguish between internal and external customer routes.
• Internal customer routes must be maintained by the VPN service provider in its PE routers.
• External customer routes are carried only by the customer’s routing platforms, not by the VPN service provider’s routing platforms.

The key difference between interprovider and carrier-of-carriers VPNs is whether the customer sites belong to the same AS or to separate ASs:

• Interprovider VPNs—The customer sites belong to different ASs. You need to configure external BGP (EBGP) to exchange the customer’s external routes.
• Carrier-of-Carriers VPNs—The customer sites belong to the same AS. You need to configure internal BGP (IBGP) to exchange the customer’s external routes.

In general, each service provider in a VPN hierarchy is required to maintain its own internal routes in its P routers, and the internal routes of its customers in its PE routers. By recursively applying this rule, it is possible to create a hierarchy of VPNs.

The following are definitions of the types of PE routers specific to interprovider and carrier-of-carriers VPNs:

• The AS border router is located at the AS border and handles traffic leaving and entering the AS.
• The end PE router is the PE router in the customer VPN; it is connected to the CE router at the end customer’s site.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.