layer3 mpls vpn is a way to provide separated routing instances (called vrfs) for the customers where overlapping address spaces could be used between the customers. control plane achieved by extending bgp with labeled vpn afi. the address space separation achieved by prepending route distringuisher specfic to the vpn before the prefix, making the resulting rd+prefix unique within the labeled vpn afi. the rd does not need to match between the particpating pe routers and you can choose between as:vpnid or loopback:vpnid format. prefixes within the labeled vpn afi should carry at least one route target extended community which could be used to specify the visibility of the prefix. it is sticked to the prefix on the originating pe with export config statements and referred on the other pe routers with the import config statement. a full mesh vpn could use a single rt importing and exporting it on every participating pe routers. a hub-and-spoke vpn could use one rt for hub to spoke direction and another rt for spoke to hub direction, in this way two spoke servicing pe routers won't import each other's spoke routes, just the hub's ones. since you can import and export more rts in a given vrf, you can do much more, for example introduce common services to vpns or use default-only routing on constrained pe routers if you have at least one pe with full visibility and legitimate default origination possibility. the data plane is quiet simple, once a packet arrives on an interface beloging to a vrf, the pe router looks the longest matching prefix in the vrf's routing table, from this info it places the inner, service label advertised by the remote pe in bgp labeled vpn afi. then it looks up the remote pe in it's global table for an appropirate lsp, and uses that info as the outer transport label on the packet. since the control plane is labeled vpn afi, you always have to consider the label allocating scheme within the vrf. between the pe and the customer edge router nearly any routing protocol could be used, or simply they could point to each other by static routes. if bgp is chosen, plain unicast afi is used on the pe-ce bgp session, and the pe translates the routes between the core's labeled vpn afi and the ce's unicast afi.

freeRouter nop.hu