Internet Draft






MPLS Working Group                                           D. Jamieson
Internet Draft                                               B. Jamoussi
Expiration Date: January 1999                                G. Wright
                                                             P. Beaubien
                                          Nortel (Northern Telecom) Ltd.
                                                             August 1998

                         MPLS VPN Architecture

                    <draft-jamieson-mpls-vpn-00.txt>

Status of this Memo

   This document is an Internet-Draft.  Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups.  Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   To learn the current status of any Internet-Draft, please check the
   "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
   Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
   munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
   ftp.isi.edu (US West Coast).

Abstract

   This Internet Draft defines an architectural model for building
   Virtual Private Networks (VPNs) in an MPLS domain. The proposed model
   takes advantage of both network layer peering and packet switching,
   and link layer circuits and per-stream switching. The model provides
   a set of simple mechanisms for controlling VPN membership, including
   registration, propagation, discovery, and dynamic creation of Label
   Switch Paths to provide connectivity.

   The architectural constructs described in this document, when
   combined with the MPLS architecture [1], provide a flexible and
   scaleable basis for building VPNs.

Table of Contents

   1       Introduction ............................................  2
   2       Architectural Overview ..................................  3
   2.1     Building Blocks .........................................  3



Jamieson, et. al.            August 7, 1998                     [Page 1]





Internet Draft       draft-jamieson-mpls-vpn-00.txt         August 1998


   2.2     MPLS-VPN Architecture Summary ...........................  5
   2.3     Emulated LAN Model ......................................  7
   2.4     Elements of a LAN Model .................................  7
   2.5     Other Models ............................................  8
   3       Architectural Details ...................................  8
   3.1     Registration of VPN and VPN subnet Information on a PEL .  8
   3.2     Distribution of VPN Information .........................  9
   3.2.1   Static Provisioning ..................................... 10
   3.2.2   OSPF Opaque LSAs Option ................................. 10
   3.2.3   TCP Connection/BGP Options .............................. 10
   3.2.4   Withdrawal of VPN Subnet Information .................... 10
   3.3     Establishment of VPN Subnet LSPs ........................ 10
   3.3.1   Creation of Unicast LSPs ................................ 10
   3.4     Creation of Multicast LSPs .............................. 11
   3.5     Layer 3 Modeling of VSI ................................. 12
   3.6     Layer 3 to Layer 2 Address Mapping ...................... 13
   3.7     PNL Routing & Forwarding ................................ 13
   4       Extending MPLS into the VPN Member Network .............. 13
   5       Summary ................................................. 14
   6       Security Considerations ................................. 14
   6.1     User Data Privacy and User Address Privacy .............. 14
   6.2     Service Provider Security ............................... 14
   7       Intellectual Property Considerations .................... 14
   8       Acknowledgement ......................................... 14
   9       References .............................................. 15
   10      Authors' Addresses ...................................... 15

1. Introduction

   Virtual Private Networks (VPNs) enable private restricted
   communications of distinct, closed networks over a common shared
   network infrastructure.  Supporting VPNs with MPLS or other
   connectionless and connection-oriented layers requires three basic
   functions.

      - Discovery of VPN members.

      It is assumed that VPN members connect to a provider network and
      those members need to find out what other members there are in the
      VPN. Members may join and leave the service network and those
      changes need to be known by all remaining members. Mechanisms to
      support discovery include manual configuration, client-server
      approaches, and notification provided by the provider network
      (i.e., auto-discovery). The discovery of membership in one VPN
      must not allow members of other VPNs to be discovered. That is,
      discovery within a VPN is kept separate from discovery in another
      VPN in the same provider network.




Jamieson, et. al.            August 7, 1998                     [Page 2]





Internet Draft       draft-jamieson-mpls-vpn-00.txt         August 1998


      - Exchanging reachability and control traffic between VPN members.

      Members in the same VPN need to exchange reachability information
      about their network layer addresses. These addresses may be in a
      different space from the provider network and may in fact overlap
      with other VPN address spaces. Control traffic could include
      topology information specific to that VPN. As with the discovery
      mechanism, the exchange of reachability and control traffic must
      be kept separate between VPNs sharing the same provider network.

      - Carrying data traffic between VPN members.

      This mechanism enables data traffic to be carried between users
      within a VPN. Data traffic from different VPNs is kept separate.

   In [2] the discovery mechanism involves local configuration (VPNid)
   and then propagation in LDP, OSPF, or BGP. The reachability exchange
   is also accomplished by LDP, OSPF, or BGP. Topology information is
   not propagated between VPN member subnets over the MPLS network
   providing the VPN service. Data traffic is carried on LSPs which are
   created to connect all members of the same VPN.

   This Internet-Draft proposes the use of OSPF, BGP-4, or TCP
   connections for the discovery mechanism. Reachability and control
   traffic (topology information) are exchanged over LSPs which are
   setup between members in the same VPN. Data traffic is carried on
   LSPs which are created to connect all members of the same VPN.

   This internet draft is different from [2] and is proposed as an
   alternative.

   In Section 2, an architectural overview of building VPNs in an MPLS
   domain is presented. Section 3 presents the details of the proposed
   architecture. Extending MPLS into the VPN member network is
   highlighted in Section 4. Section 5 summarizes the draft.

2. Architectural Overview

2.1 Building Blocks

   The building blocks of the MPLS VPN architecture proposed in this
   draft are shown in Figure 1 and described in this section.

      Private Network LSR (PNL):

      The PNL is a device that runs standards based layer 3 (OSPF, BGP,
      RIP, static routes, etc.) protocols to distribute and calculate
      reachability information for the private network. It also runs an



Jamieson, et. al.            August 7, 1998                     [Page 3]





Internet Draft       draft-jamieson-mpls-vpn-00.txt         August 1998


      LDP [3] process for the purpose of establishing Label Switched
      Paths (LSP) between itself and other members of the same VPN
      connected over the provider network. The PNL may be a physical
      device that resides in either the private or provider's premise.
      It could also be a logical device embedded in some other device,
      such as a Provider Edge LSR (PEL).


        PNL            PEL    Core LSRs       PEL             PNL
       +------+ SAL   +----+  +--+  +--+     +----+    SAL  +------+
       |  A   |-------|    |--| 1|--| 2|-----|    |---------|  B   |
       +------+       | Y  |  +--+  +--+   / | X  |         +------+
                      +----+   \     |   /   +----+
                                \    |  /
                                 \   | /    +----+    SAL  +------+
                                  \ +--+    |    |---------|  C   |
                                   \| 3|----| Z  |         +------+
                                    +--+    +----+           PNL
                                              PEL

                       Figure 1. MPLS VPN Architecture

      Provider Edge LSR (PEL):

      The Provider Edge LSR (PEL) is an LSR in the provider domain. It
      has one or more Shared Access Links (SALs) connecting it to one or
      more PNLs. LDP peering is established over these SALs which is
      used to setup end to end (PNL to PNL) LSPs.

      PELs dynamically discover other PELs supporting the same VPN and
      VPN subnets. LSPs are then established between those PELs to
      transport VPN traffic.

      Core LSR:

      Core LSRs provide transport across the provider network. They run
      a layer 3 protocol and MPLS. Core LSRs don't attach directly to
      PNLs.

      Shared Access Link (SAL):

      The SAL is a IP capable physical or logical link that connects the
      PNL to the PEL.

      VPN Subnets:

      A VPN subnet connects an IP subnet between 2 or more PNLs. A VPN
      subnet is uniquely identified within the provider network by a VPN



Jamieson, et. al.            August 7, 1998                     [Page 4]





Internet Draft       draft-jamieson-mpls-vpn-00.txt         August 1998


      Id, an IP address and prefix.

      VPN Subnet Interface (VSI):

      The IP interface on a PNL for an VPN subnet. A SAL supports 1 or
      more VSIs.


   The PNL device has a Shared Access Link (SAL) to a PEL. A VPN Subnet
   Interface (VSI) is established over the SAL. The VSI is viewed as a
   broadcast emulated LAN interface by the IP process running on the
   PNL. IP routing information can be exchanged between all PNLs of the
   same VPN subnet. The emulated LAN connectivity is achieved using a
   set of LSPs.

2.2 MPLS-VPN Architecture Summary

   - The provider network provides LSPs that are used by PNLs of the
   same VPN subnet to exchange VPN routing information and to carry
   datagrams across the provider network.

   - The exchange of routing information across provider network is
   dynamic. This property eases network management and removes the need
   for static routing requiring operator intervention.

   - No routing information is exchanged between PNLs and PELs. PNLs
   form peering relationships across the provider network. Eliminating
   the routing exchange between the PNL and the PEL provides several
   benefits:

      - Topology changes (route flapping) in the private network are
      transparent to the provider network. Routing engines in the LSRs
      inside the provider network are not affected by route flaps.

      - Topology changes in provider network are transparent to private
      network. When routes change in the provider network, new LSPs are
      created to re-route the VPN traffic without involving the PNLs.

      - Private routes are never mixed with provider routes. This
      eliminates possible address conflicts between VPNs.

   - The provider network emulates a LAN for each VPN subnet. A
   particular PNL can send a unicast datagram to any other PNL in the
   same VPN subnet, or multicast a datagram to all other PNLs in the VPN
   subnet.

   - The ELAN requires multicast capability. This functionality can be
   accomplished three ways: multipoint-to-multipoint LSPs, a set of



Jamieson, et. al.            August 7, 1998                     [Page 5]





Internet Draft       draft-jamieson-mpls-vpn-00.txt         August 1998


   point-to-multipoint LSPs, or by PNL copy and send broadcast over
   existing unicast LSPs.

   - Three types of LSPs are used to interconnect PNLs:

      - Multipoint-to-point LSP.

      Each PNL has a multipoint-to-point LSP directed to it. It is used
      by all other PNLs within the VPN subnet for unicast sends.

      - Multipoint-to-multipoint LSP (option 1).

      All PNLs are also interconnected using a bi-directional
      multipoint-to-multipoint LSP. It is used for sending multicast
      datagrams. There is one such LSP per VPN subnet.

      - Point-to-multipoint LSP (option 2).

      If multipoint-to-multipoint LSPs are not supported by the
      underlying infrastructure, then point-to-multipoint LSP going from
      each PNL to all other PNL in a VPN subnet is necessary.

      - LSP scaling within a SAL.

      N is defined as the number of PNLs in a VPN subnet. Each PNL
      therefore uses (assuming the single multipoint-to-point LSP
      model):

         - 1 label for the incoming unicast datagram traffic from all
         other PNLs in the subnet,

         - N-1 labels to send unicast datagrams to any other PNL in the
         subnet,

         - 1 label to send and receive multicast traffic on the subnet
         using multicast option 1.

         - N-1 labels to send and receive multicast traffic on the
         subnet using multicast option 2.

   - MAC addresses are represented as labels. For a particular PNL, say
   PNL A, the MAC address of another PNL, say PNL B, is the label that
   must be used by PNL A to send unicast datagrams to PNL B.  Because
   labels have local significance only, the MAC address used to reach a
   particular PNL is usually different for different senders.

   - Layer 2 to layer 3 address mapping is achieved through one of 2
   methods; propagating the information from the PEL to the PNL or a



Jamieson, et. al.            August 7, 1998                     [Page 6]





Internet Draft       draft-jamieson-mpls-vpn-00.txt         August 1998


   modified ARP procedure

   - When the PNL is an LSR in its own right, label stacking can be used
   to label-switch datagrams in that PNL (instead of doing layer-3
   forwarding).

2.3 Emulated LAN Model

   To provide maximum flexibility to the VPN members, the provider
   network appears as a Local Area Network (LAN) to the various VPN
   member sites as shown in Figure 2.

   The MPLS architecture with architectural constructs described in this
   document provide for a flexible model to construct an emulated LAN in
   an efficient manner. There are several advantages to adopting an
   emulated LAN model as explained in this section:


                 PNL               |
                +------+           |     PNL
                |  A   |-----------|    +------+
                +------+           |----|  B   |
                                   |    +------+
                                   |
                                   |    +------+
                 Logical View of   |----|  C   |
                Provider Network ->|    +------+
                                   |     PNL

                 Figure 2. Emulated LAN in an MPLS Domain

   - The emulated LAN model provides IP address space conservation. IP
   address pace conservation occurs two ways. First by eliminating the
   double addressing requirement for IP tunneling and by decreasing the
   subnet requirements for equivalent connectivity with current ATM or
   FR services

   - The emulated LAN model simplifies the configuration of the VPN
   within the shared network. Adding or deleting a site from VPS only
   requires a change only on the interface being added or deleted.

2.4 Elements of a LAN model

   Each node is identified by a MAC address. A MAC address is equivalent
   to a Label on a VSI port.

   Each node on a LAN must be able to send a unicast packet to any other
   node on the LAN. This unicast traffic would include both control and



Jamieson, et. al.            August 7, 1998                     [Page 7]





Internet Draft       draft-jamieson-mpls-vpn-00.txt         August 1998


   user traffic between any two given PNLs.

   Each node on a LAN must be able to transmit a single packet onto the
   LAN and have it delivered to all other nodes on the LAN (multicast).
   These packets are sent to a multicast MAC address. Multicast traffic
   includes Hello packets, LSAs, ARP, etc.

2.5 Other models

   This architecture does not rule out other models such as a star or
   point to point model. The details of other models are left for
   further study.

3. Architectural Details

   This sections describes the following architectural components of the
   proposal:

   - The provisioning of an SAL and the registration of VPN and VPN
   subnet information on a PEL

   - The distribution of the VPN information across in the provider
   network

   - The establishment of VPN subnet LSPs based on learned VPN subnet
   information

   - The modeling of the VPN subnet LSPs into a LAN like broadcast media
   on the PNL

3.1 Registration of VPN and VPN subnet information on a PEL

   The first step in adding a new site to a VPN subnet is to establish
   an SAL between the PEL and PNL. The SAL is the link over which LDP
   runs between the PEL and PNL. Only one SAL needs to be provisioned
   for all VPN subnets on a PNL, so if the SAL already existed this step
   can be skipped.

   Once the SAL has been provisioned on the PEL, a VPN Identifier is
   assigned to the SAL. There is a one to one mapping between VPN Id and
   SAL. Again, if the SAL was already provisioned then the VPN Id will
   also have been provisioned.

   The next step is to provision the VPN subnet information. This
   requires an IP address and prefix. The IP address and prefix are the
   same as the PNL's VSI to which this SAL is linked. The VPN Id
   together with the IP address and prefix define the VPN Subnet. The IP
   address itself defines an instance of the subnet. If the same PEL has



Jamieson, et. al.            August 7, 1998                     [Page 8]





Internet Draft       draft-jamieson-mpls-vpn-00.txt         August 1998


   another SAL to another PNL that supports the same VPN Id and subnet
   then the IP address distinguishes between the two instances.

   A protocol could be used to dynamically learn the IP address and
   prefix from the PNL. Because the learning of this information causes
   the consumption of resources in the provider network, appropriate
   control mechanism would have to be part of the protocol. The details
   of such a protocol are left for further study.

   Once all of the VPN subnet information has been provisioned or
   learned on the PEL, LDP is triggered on the PEL to establish an LSP
   for the VPN subnet that goes from the PEL to the PNL. This LSP does
   not go any further at this point. It will be spliced onto a
   multipoint to point LSP later after other PELs supporting the same
   VPN subnet learn of the existence of this instance of the VPN subnet.

   The successful establishment of this first LSP also signals to the
   PEL that the PNL has provisioned the associated VSI port and that
   port is enabled.

3.2 Distribution of VPN information

   This section describes the distribution of the VPN subnet information
   within the provider network.

   All PELs in the network, at least those that have links to the same
   VPN Subnet, must be made aware of the other PELs that support the
   same VPN Subnet. This is required to establish LSPs across the
   provider network for the VPN Subnet.

   There are several ways to accomplish the distribution of the VPN
   information:

     - Static provisioning
     - OSPF opaque LSAs;
     - TCP connections;
     - BGP-4

   Regardless of the distribution mechanism, the information that is
   distributed is the PEL provider IP address and a list of VPN records.
   Each VPN record is a VPN Id followed by a list of IP address/prefix
   pairs. This information is referred to as the VPN subnet information.

   Other information that may be part of the VPN subnet information is a
   QOS value and a status flag. The status flag would indicate if the
   subnet is being added or withdrawn.

3.2.1 Static provisioning



Jamieson, et. al.            August 7, 1998                     [Page 9]





Internet Draft       draft-jamieson-mpls-vpn-00.txt         August 1998


   Each PEL that has a connection to a VPN subnet can be provisioned
   with VPN subnet information from other PELs that have a connection to
   the same subnet.

3.2.2 OSPF Opaque LSAs Option

   With opaque LSAs, the VPN subnet information is put into an opaque
   LSA and flooded throughout the OSPF AS. This information is
   delivered, reliably, to every other node via the normal LSA flooding
   mechanisms. The amount of information distributed in a single LSA
   (all, for a single VPN Id, for a single VPN subnet) is left for
   further study.

3.2.3 TCP connections/BGP Options

   The TCP connection option allows for a TCP connection to be
   established between a PEL and all other PELs that support the same
   set of VPN subnets.  The VPN information would be transmitted
   reliably across the TCP connections to the PEL peers. This option
   would require that the IP address of each PEL peer be provisioned,
   however, it provides an option that is independent of the layer 3
   routing protocol(s) running in the provider network.

   BGP-4, could also be modified to carry the VPN information. BGP-4
   would require a new opaque update type in which it would carry the
   VPN information.

3.2.4 Withdrawal of VPN subnet information.

   If an instance of a VPN subnet on a PEL is operationally or
   administratively disabled or deleted, the withdrawal of the VPN
   subnet information is distributed through the provider network using
   the same mechanism used to distribute new VPN subnet information. The
   format of a withdrawal message is left for further study. The
   withdrawal of an instance of VPN subnet information from a PEL will
   cause the removal of the LSPs that go to that VPN subnet instance on
   that PEL.

3.3 Establishment of VPN Subnet LSPs

   VPN subnet LSPs are created when a PEL learns, via one of the
   distribution mechanism described in 3.2, that it has a VPN subnet in
   common with some other PEL in the provider network. Two types of LSPs
   are created; unicast LSPs and multicast LSPs.

3.3.1 Creation of Unicast LSPs

   When a PEL receives new VPN information, it determines if any LSPs



Jamieson, et. al.            August 7, 1998                    [Page 10]





Internet Draft       draft-jamieson-mpls-vpn-00.txt         August 1998


   need to be established.

   First, the PEL determines if it has any VPNs in common with the new
   list. If so, it checks to see if it has any VPN subnets in common. If
   there are, LSPs are triggered for each of the IP addresses that are
   members of the subnets.

   In  Figure 3, the creation of LSPs is triggered when PEL X learns
   that PEL Y supports a common VPN subnet.

   Using the example below, an LSP will be established from PNL B to PEL
   X. LDP then continues to establish the LSP from X to Y.  At Y, the
   LSP is spliced onto the LSP that was created when the VPN subnet for
   PNL A was provisioned.

                ---------------------------------
                |                               |
        PNL     |  PEL    Core LSRs     PEL     |   PNL
       +------+ | +----+  +--+  +--+   +----+   |   +------+
       |  A   |---|    |<-| 1|--| 2|---|    |-------|  B   |
       +------+ | | Y  |  +--+  +--+   | X  |   |   +------+
                | +----+   ^      |   /+----+   |
                |           \     |  /          |
                |            \    | \/ +----+   |   +------+
                |             \ +--+   |    |-------|  C   |
                |              \| 3|<--| Z  |   |   +------+
                |               +--+   +----+   |    PNL
                |                               |
                |         Provider domain       |
                ---------------------------------

                        Figure 3. Unicast LSP Setup

   Downstream label allocation is used from the PELs (leafs of the
   multi-point to point tree) to the PNL. Upstream on demand label
   allocation is used by the PEL  (root of the mpt-to-pt tree) and its
   connected PNL.

   The LSP that is created is a unidirectional LSP that carries data
   from PNL B to PNL A. Within the provider network, the LSP can be
   established along the best hop route or an explicitly provisioned
   route. If during the establishment of a best hop LSP, another LSP is
   encountered that goes to the same destination for the same VPN
   subnet, the LSPs can be merged. For example, when Z tries to
   establish an LSP to Y, an existing LSP to Y for the given VPN subnet
   will be encountered on core router 3. The LSP will be merged at that
   point.




Jamieson, et. al.            August 7, 1998                    [Page 11]





Internet Draft       draft-jamieson-mpls-vpn-00.txt         August 1998


3.5 Creation of Multicast LSPs

   An emulated LAN must be able to multicast certain packets (Hellos,
   Routing Updates) across the LAN. This draft describes three options
   for providing this capability.

      1> A single bi-directional multi-point to multi-point LSP

      2> A set of unidirectional point to multi-point LSPs

      3> No multicast LSP is established. VSI interface is responsible
      for copying and sending multicast packets on all outgoing unicast
      LSPs.


   With option 1, when a PEL (e.g. X) learns of the existence of another
   PEL (e.g. Y) which supports a VPN subnet which it supports, the
   creation of both unicast and multicast LSPs are initiated. The
   multicast LSP is a bi-directional LSP that can follow either the next
   best hop route or an explicit route. If, during the creation of a
   next best hop multicast LSP, an existing multicast LSP is encountered
   for the same VPN, the LSP may be merged.

   Even though a merge point is encountered during the creation of a
   multi-point to multi-point LSP, LDP must continue through to the
   destination PNL in case the multicast LSP requires a new branch to
   reach the destination.

   Option 2 is simply a less efficient version of option one, at least
   in terms of label consumption. In this case a point to multi-point
   LSP is established from each PNL to all other PNLs for the VPN
   subnet. Again, they are established at the same time as the unicast
   LSPs.

   Option 3 is the least expensive in terms of label consumption and
   most expensive in terms of bandwidth and PNL/PEL resources. When the
   VSI media has a multicast packet to send it copies and sends the
   packet on each outgoing label for the VSI.

   Changes required to LDP to support multicast LSPs is left for further
   study.

3.6 Layer 3 Modeling of VSI

   For each VSI on a PNL there will be one multicast LSP, one incoming
   LSP and N-1 outgoing LSPs where N is the number of PNLs in the VPN
   subnet. The incoming label will be viewed by layer 3 as the  MAC
   address for the interface. The outgoing labels will be viewed as



Jamieson, et. al.            August 7, 1998                    [Page 12]





Internet Draft       draft-jamieson-mpls-vpn-00.txt         August 1998


   destination MAC addresses for all of the peer routers on the VSI. The
   multicast LSP will be viewed as the viewed as the multicast MAC
   address.

3.7 Layer 3 to Layer 2 address mapping

   Two methods of mapping layer 3 to layer 2 addresses for a VSI
   interface are proposed. The first is the distribution of the layer 3
   information learned on a PEL for a given VPN subnet into the PNL.
   This information is injected into the ARP table on the PNL. The
   second is a modified ARP protocol run between the PNLs on the VPN
   subnet.

   When a PEL learns VPN information from other PELs, it learns the VSI
   IP addresses that belong to VPN subnets. The PEL then triggers LDP to
   establish an LSP form the PNL to the PEL to reach that peer IP
   address. Once the LSP is established, the mapping, IP address to
   label is known. This information is then propagated into the PNL
   where it can be injected into the ARP table. It may be possible to
   use LDP on the PNL side to learn the mapping. The details of this
   mechanism are left for further study.

   The other option is to use a modified ARP that runs across the VPN
   subnet.  This would be similar to Inverse ARP in that when a new
   outgoing MAC label is enabled an ARP request is sent across that
   label. The receiver of the ARP request would put their own VSI IP
   address in the ARP response packet and send the packet.

   The local significance of labels and multipoint to point LSPs provide
   an additional twist. The ARP response packet may need to be sent on
   the multicast path. An ARP request has the sender's IP address in the
   packet. If the receiver of an ARP request had already resolved the
   mapping of the sender's IP address to MAC label, the response can be
   sent on that unicast LSP, otherwise the response must be sent on the
   multicast LSP.

3.8 PNL Routing and Forwarding

   Once the mapping for next hop IP address to MAC label is established,
   normal IP routing and forwarding can take place between the PNLs For
   each destination IP address that a PNL can send to, its forwarding
   table will contain an entry which contains the exit port, the next
   hop IP address to which the packet is to be sent and the MAC
   address/label for that next hop IP address.

4. Extending MPLS into the VPN Member's Network

   The private network could run MPLS across the VPN by forming LDP



Jamieson, et. al.            August 7, 1998                    [Page 13]





Internet Draft       draft-jamieson-mpls-vpn-00.txt         August 1998


   peers with other PNLs on the logical LAN and using a shim in the
   packet header to identify MPLS flows.

5. Summary

   This internet draft presents a VPN architecture over MPLS networks.
   It addresses the three basic functions required to establish VPNs
   over MPLS. Using an emulated LAN model for connectivity across the
   provider network, simplifies the configuration and management
   coordination effort between the service provider and the VPN.

6. Security Considerations

   One of the major functions of VPN is being able to provide both data
   privacy and addressing privacy for users [2]. The architecture
   proposed in this draft comes with built-in security which is robust
   under dynamic environment.

6.1 User Data Privacy and User Address Privacy

   Both user data privacy and user address privacy are achieved by
   assigning different VPN identifier to different VPN and building a
   separate logical network for each VPN. These logical networks may
   share the same physical connections. But as far as users are
   concerned, they won't see each other at all. The exceptional case
   will be one user participate in multiple VPNs. But that would be a
   configuration issue.

6.2 Service Provider Security

   Due to the emulated LAN model adopted in this architecture, each user
   won't see the service provider's network at all. i.e. the service
   provider's network is transparent to users. The latter case indicates
   that users can even have the same address space as the service
   provider's.

6.3 IP SEC

   Since the original VPN IP addresses can be transported across the
   provider network IP SEC functionality is not impacted. One benefit
   provided by this mode is IP SEC can run in transport as opposed to
   tunnel mode reducing bandwidth consumption across the provider
   network.

7. Intellectual Property Considerations

   Nortel may seek patent or other intellectual property protection for
   some of all of the technologies disclosed in this document. If any



Jamieson, et. al.            August 7, 1998                    [Page 14]





Internet Draft       draft-jamieson-mpls-vpn-00.txt         August 1998


   standards arising from this document are or become protected by one
   or more patents assigned to Nortel, Nortel intends to disclose those
   patents and license them on reasonable and non-discriminatory terms.

8. Acknowledgment

   The authors would like to acknowledge the valuable review and
   comments of Jerry Wu, Stephen Shew, Ian Duncan, and Scott Pegrum.

9. References

   [1] Rosen et al, "Multiprotocol Label Switching Architecture",
   draft-ietf-mpls-arch-01.txt, March 1998.

   [2] J. Heinanen, et. al, "VPN support with MPLS", , March 1998.

   [3] Anderson, et. al., "Label Distribution Protocol", draft-mpls-
   ldp-00.txt, March 1998.

10. Authors' Addresses

   Dwight Jamieson
   Nortel (Northern Telecom), Ltd.
   PO Box 3511 Station C
   Ottawa ON K1Y 4H7
   Canada

   EMail: djamies@Nortel.ca

   Bilel Jamoussi
   Nortel (Northern Telecom), Ltd.
   PO Box 3511 Station C
   Ottawa ON K1Y 4H7
   Canada

   EMail: jamoussi@Nortel.ca

   Gregory Wright
   Nortel (Northern Telecom), Ltd.
   PO Box 3511 Station C
   Ottawa ON K1Y 4H7
   Canada

   EMail: gwright@Nortel.ca

   Paul Beaubien
   Nortel (Northern Telecom), Ltd.



Jamieson, et. al.            August 7, 1998                    [Page 15]





Internet Draft       draft-jamieson-mpls-vpn-00.txt         August 1998


   PO Box 3511 Station C
   Ottawa ON K1Y 4H7
   Canada

   EMail: beaubien@Nortel.ca














































Jamieson, et. al.            August 7, 1998                    [Page 16]