MPLS VPN high scalability, an opportunity automatic configuration and natural integration with other services IP favourably distinguishes.

Virtual private networks on the basis of MPLS (MPLS VPN) draw today general attention. The quantity of the service providers offering to the clients to take advantage by a new kind of service for economic construction of networks Intranet and Extranet, constantly grows. It does MPLS VPN accessible to users of the countries and regions increasing number.

From other ways of virtual private networks construction, similarly to VPN on the basis of ATM/FR or IPSec, MPLS VPN high scalability, an opportunity automatic configuration and natural integration with other services IP favourably distinguishes. Such, as access to Internet, Web and to post services, hosting services.

Despite of criticism, some aspects MPLS VPN this technology confidently clears road to a life and consequently deserves detailed studying. In given clause base mechanisms of virtual private networks on the basis of MPLS which knowledge will allow to estimate new technology more objectively are considered. The basic document regulating organization MPLS VPN, is information RFC 2547bis.

Each client wants, that the provider of services VPN has connected among themselves its networks, thus the received uniform network should be absolutely isolated from similar networks of other clients. This problem to the modern provider should be solved in inconsistent conditions of technology domination IP as universal transport.

One of main principles of compound network IP work consists in automatic linkage of all networks in a single whole due to distribution on a network of the routing information protocols of routing, such as BGP, OSPF, IS-IS, RIP. By means of the similar mechanism on each router of a network the table of routing in which transits of packages to each of the networks included in compound are specified is created.

The provider can to bypass, certainly, the specified problem, in general having refused from application of protocol IP for association of the client sites. So operators who suggest to be connected to the networks under other protocols, more often on frame relay and ATM act. But then the opportunity to render to the client of service IP is lost. Certainly, it is possible to support various sets of services by means of different protocols (as well as many providers), but also it not the best decision operate - both to the client, and the provider the set of protocols creates many complexities. Appeal MPLS VPN just also consists that they concern to a class of services IP, and isolability of networks is reached without refusal of this protocol.

To isolate networks from each other, between them it is enough to put a barrier on a way of distribution of the routing information. If in the table of unit routing And there is no record about a route to unit In (and there is no record about a route by default) speak, that unit Instead of "sees" unit of Century In MPLS VPN it is reached because routing announcements from a network of the client jump through an internal network of the provider by means of protocol BGP. After that, owing to use of expanded version Multi Protocol BGP, MP BGP, they get only in a network of the same client. As a result routers of different clients have no routing information about each other and consequently cannot exchange packages, Desirable isolation is reached.

One more consequence of such approach is isolability of an internal network of the provider from networks of clients - and it, in turn, raises reliability of work of a network of the provider and its scalability.

How to connect territorially carried networks of the client in uniform VPN if the internal network of the provider about them does not know anything? Traditional enough reception is applied for this purpose - use of the tunnel between boundary routers of an internal network. Feature of considered technology consists in application of tunnel MPLS. Advantage of tunnels MPLS VPN are an automatic way of their lining. Among other advantages of application of that technology - accelerated promotion on networks of the provider and quality management of service (QoS) for tunnels with engineering the traffic.

One of potentially possible ways of construction IP VPN is creation of routing tables and filters for isolation of networks completely manually. But hardly it is possible to consider this way suitable for providers as with its help it is necessary to serve hundreds clients and thousand sites. That the described principles of construction MPLS VPN could find an embodiment in a real network, specific mechanisms have been developed some and the behaviour of all network components is precisely certain.

Network MPLS VPN shares on two areas: networks IP of clients and internal (main) network MPLS of the provider which is necessary for association of networks of clients.

Generally at each client can be a little bit territorially isolated networks IP, each of which in turn can include a little subnets, connected by routers. Such territorially isolated subnets of corporate network can name sites. Sites of one client exchange packages IP through a network of the provider and form a virtual private network of the client. For example, about a corporate network in which the network of the central branch contacts three removed branches, it is possible to tell, that it consists of four sites. For an exchange of the routing information within the limits of a site units use one of Interior Gateway Protocol (IGP) which scope is limited by independent system: RIP, OSPF or IS-IS.

The router by means of which the site of the client is connected to a highway of the provider, refers to Customer Edge router, CE. Being a component of the client network, CE nothing knows about existence VPN. It can be connected to the main network of the provider several channels.

The main network of the provider is network MPLS where packages IP move ahead on the basis of not IP-addresses, and local labels. Network MPLS consists from Label Switch Router (LSR) which direct the traffic on preliminary laid ways with Label Switching Path (LSP) in conformity with values of labels. Device LSR is an original hybrid of router IP and the switchboard, thus from router IP ability to define topology of a network by means of protocols of routing undertakes and to choose rational transits of the traffic, and from the switchboard - technics of promotion of packages with use of labels and local tables of switching. Devices LSR for brevity often name simply routers, and in it there is a reason - they with the same success are capable to advance packages on the basis of the IP-address if support MPLS is disconnected.

In a network of the provider among devices LSR allocate Provider Edge router (PE) to which through routers CE sites of clients and Provider router are connected. Routers CE and PE are usually connected by directly physical channel on which any protocol of a channel level - for example works, PPP, FR, ATM or Ethernet. Dialogue between CE and PE goes on the basis of standard protocols of stack TCP/IP. Support MPLS is necessary only for internal interfaces PE (and all interfaces P). Sometimes it is useful to distinguish concerning a direction of the traffic promotion entrance PE and the day off (removed) PE.

In the main network of the provider only boundary routers PE should be configured for support of virtual private networks, therefore only they know about existing VPN. If to consider a network from positions VPN routers of provider P directly do not cooperate with routers of customer CE, and simply settle down along the tunnel between entrance and target routers PE.

Routers PE are functionally more complex, than P. The main tasks are assigned To them on support VPN, namely differentiation of routes and the data acting from different clients. Routers PE serve also as terminal points of ways LSP between sites of customers, and PE appoints a label to package IP for its transit through an internal network of routers P.

Ways LSP can be laid by two ways: or with application of technology of the accelerated routing (IGP) by means of protocols LDP, or on the basis of technology Traffic Engineering by means of protocols RSVP or CR-LDP. Lining LSP means creation of tables of switching of labels on all routers PE and P, forming given LSP.

In aggregate these tables set set of ways for different kinds of the traffic of clients. In VPN the various topology of communications is applied hub-and-spoke or cellular.