Enterprise Network Connection Through Private Lines
In Figure 10-8, an enterprise has two sites in different places. Each site has three networks: Finance, Marketing, and Others. To ensure network security, the enterprise requires that users belonging to different networks be unable to communicate with each other.
The carrier uses VPLS technology on the MPLS/IP core network and QinQ technology on the metro Ethernet network. Each site is assigned three VLANs 100, 200 and 300, which represent Finance, Marketing, and Others departments respectively. The UPEs at two ends tag received packets with outer VLAN 1000 (different outer VLAN tags are allowed on two ends), and the same VSI is configured on the NPEs. This configuration ensures that only users of the same VLAN in different sites can communicate with each other.