BGP/MPLS IP Virtual Private Networks (VPNs)
RFC 4364
Document | Type |
RFC - Proposed Standard
(February 2006; Errata)
Obsoletes RFC 2547
|
|
---|---|---|---|
Authors | Yakov Rekhter , Eric Rosen | ||
Last updated | 2020-01-21 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized with errata bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4364 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Thomas Narten | ||
Send notices to | rcallon@juniper.net, rbonica@juniper.net, rick@rhwilder.net |
Network Working Group E. Rosen Request for Comments: 4364 Cisco Systems, Inc. Obsoletes: 2547 Y. Rekhter Category: Standards Track Juniper Networks, Inc. February 2006 BGP/MPLS IP Virtual Private Networks (VPNs) Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document describes a method by which a Service Provider may use an IP backbone to provide IP Virtual Private Networks (VPNs) for its customers. This method uses a "peer model", in which the customers' edge routers (CE routers) send their routes to the Service Provider's edge routers (PE routers); there is no "overlay" visible to the customer's routing algorithm, and CE routers at different sites do not peer with each other. Data packets are tunneled through the backbone, so that the core routers do not need to know the VPN routes. This document obsoletes RFC 2547. Rosen & Rekhter Standards Track [Page 1] RFC 4364 BGP/MPLS IP VPNs February 2006 Table of Contents 1. Introduction ....................................................3 1.1. Virtual Private Networks ...................................4 1.2. Customer Edge and Provider Edge ............................5 1.3. VPNs with Overlapping Address Spaces .......................6 1.4. VPNs with Different Routes to the Same System ..............7 1.5. SP Backbone Routers ........................................7 1.6. Security ...................................................8 2. Sites and CEs ...................................................8 3. VRFs: Multiple Forwarding Tables in PEs .........................9 3.1. VRFs and Attachment Circuits ...............................9 3.2. Associating IP Packets with VRFs ..........................10 3.3. Populating the VRFs .......................................11 4. VPN Route Distribution via BGP .................................12 4.1. The VPN-IPv4 Address Family ...............................13 4.2. Encoding of Route Distinguishers ..........................14 4.3. Controlling Route Distribution ............................15 4.3.1. The Route Target Attribute .........................15 4.3.2. Route Distribution Among PEs by BGP ................17 4.3.3. Use of Route Reflectors ............................20 4.3.4. How VPN-IPv4 NLRI Is Carried in BGP ................22 4.3.5. Building VPNs Using Route Targets ..................23 4.3.6. Route Distribution Among VRFs in a Single PE .......23 5. Forwarding .....................................................23 6. Maintaining Proper Isolation of VPNs ...........................26 7. How PEs Learn Routes from CEs ..................................27 8. How CEs Learn Routes from PEs ..................................30 9. Carriers' Carriers .............................................30 10. Multi-AS Backbones ............................................32 11. Accessing the Internet from a VPN .............................34 12. Management VPNs ...............................................36 13. Security Considerations .......................................37 13.1. Data Plane ...............................................37 13.2. Control Plane ............................................39 13.3. Security of P and PE Devices .............................39 14. Quality of Service ............................................39 15. Scalability ...................................................40 16. IANA Considerations ...........................................40 17. Acknowledgements ..............................................41 18. Contributors ..................................................41 19. Normative References ..........................................44 20. Informative References ........................................45 Rosen & Rekhter Standards Track [Page 2] RFC 4364 BGP/MPLS IP VPNs February 2006 1. Introduction This document describes a method by which a Service Provider may use an IP backbone to provide IP Virtual Private Networks (VPNs) for its customers. This method uses a "peer model", in which the customers'Show full document text