No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of BGP/MPLS IP VPN

Overview of BGP/MPLS IP VPN


A BGP/MPLS IP VPN is a Layer 3 virtual private network (L3VPN). It uses the Border Gateway Protocol (BGP) to advertise VPN routes and uses Multiprotocol Label Switching (MPLS) to forward VPN packets on backbone networks. Internet Protocol (IP) in BGP/MPLS IP VPN indicates IP packets carried by the VPN.

Figure 2-1 shows the BGP/MPLS IP VPN model.

Figure 2-1 BGP/MPLS IP VPN model

The BGP/MPLS IP VPN model consists of the following entities:

  • Customer Edge (CE): a device that is deployed at the edge of a customer network and has interfaces directly connected to the service provider (SP) network. A CE device can be a router, a switch, or a host. Generally, CE devices do not detect VPNs and do not need to support MPLS.

  • Provider Edge (PE): a device that is deployed at the edge of an SP network and directly connected to one or more CE devices. On an MPLS network, PE devices process all VPN services and must have high performance.

  • Provider (P): a backbone device that is deployed on an SP network and is not directly connected to CE devices. P devices only need to provide basic MPLS forwarding capabilities and do not maintain VPN information.

PE and P devices are managed by SPs. CE devices are managed by customers unless SPs are authorized to manage them.

One PE device can connect to one or more CE devices. One CE device can connect to one or more PE devices of the same or different SPs.


A traditional VPN sets up full-mesh tunnels or permanent virtual circuits (PVCs) between all sites to forward VPN data. This method makes networks difficult to maintain and expand. When a new site is added to an established VPN, a network administrator must modify the configuration of all edge nodes connected to this site.

A BGP/MPLS IP VPN uses a peer model that enables SPs and customers to exchange routing information. The SPs are responsible for forwarding data of customers, without requiring customer participation. A BGP/MPLS IP VPN is more scalable and more easier to manage than a traditional VPN. When a new site is added, a network administrator only needs to modify the configuration of the edge nodes serving the new site.

BGP/MPLS IP VPN supports overlapping address spaces and overlapping VPNs. This enables VPNs to be flexibly deployed and expanded. In addition, BGP/MPLS IP VPN supports MPLS quality of service (QoS) and MPLS Traffic Engineering (TE). These advantages allow IP network carriers to provide a wide range of value-added services, and have resulted in BGP/MPLS IP VPN being widely used.

Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14558

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next