No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of BGP/MPLS IP VPN

Overview of BGP/MPLS IP VPN

This section describes the definition, background, and functions of BGP/MPLS IP VPN.


A BGP/MPLS IP VPN is a Layer 3 virtual private network (L3VPN). A BGP/MPLS IP VPN uses the Border Gateway Protocol (BGP) to advertise VPN routes and uses Multiprotocol Label Switching (MPLS) to forward VPN packets on backbone networks. Here, IP that Internet Protocol (IP) packets are carried by the VPN.

Figure 7-1 shows the BGP/MPLS IP VPN model.

Figure 7-1  BGP/MPLS IP VPN model

The BGP/MPLS IP VPN model consists of the following entities:

  • Customer Edge (CE): a device that is deployed at the edge of a customer network and has interfaces directly connected to the service provider (SP) network. A CE device can be a router, a switch, or a host. Generally, CE devices do not detect VPNs and do not need to support MPLS.

  • Provider Edge (PE): a device that is deployed at the edge of an SP network and directly connected to a CE device. On an MPLS network, PE devices process all VPN services and must have high performance.

  • Provider (P): a backbone device that is deployed on an SP network and is not directly connected to CE devices. P devices only need to provide basic MPLS forwarding capabilities and do not maintain VPN information.

PE and P devices are managed by SPs. CE devices are managed by customers unless customers authorize SPs to manage their CE devices.

A PE device can connect to multiple CE devices. A CE device can connect to multiple PE devices of the same SP or different SPs.


A traditional VPN sets up full-mesh tunnels or permanent virtual circuits (PVCs) between all sites to forward VPN data. This method makes networks difficult to maintain and expand. When a new site is added to an established VPN, a network administrator must modify the configuration of all edge nodes connected to this site.

A BGP/MPLS IP VPN uses a peer model that enables SPs and customers to exchange routing information. The SPs are responsible for forwarding data of customers, without participation of the customers. A BGP/MPLS IP VPN is more scalable and more easier to manage than a traditional VPN. When a new site is added, a network administrator only needs to modify the configuration of the edge nodes serving the new site.

BGP/MPLS IP VPN allows overlapping address spaces and overlapping VPNs so that VPNs can be flexibly deployed and expanded. In addition, BGP/MPLS IP VPN supports MPLS Traffic Engineering (TE). Because of these merits, BGP/MPLS IP VPN becomes an important approach for IP network carriers to provide value-added services and is now widely used.

Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 144872

Downloads: 361

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next