The Virtual Private Connection (VPN) version 4 (v4) or version 6 (v6) feature provides connection between IPv4 or IPv6 private data network over public IPv4 network using the Multiprotocol Label Switching (MPLS) tunneling mechanism.
As defined by RFC 2547, MPLS VPN can be used by internet service providers to provide remote wide-area connectivity services using an MPLS domain for data traffic and internal Border Gateway Protocol (IBGP) to distribute routing information. By using this feature each customer network can be completely segregated from every other customer network while sharing the same infrastructure. MPLS provides scalable and efficient switching over an indeterminate group of devices along a predetermined labeled-switch-path (LSP). Using MPLS, LSPs can be set statically or determined dynamically by the Internet service providers (ISPs) to provide traffic engineering features. Border Gateway Protocol (BGP) or MPLS VPNs build on this infrastructure to provide virtual-circuit connectionless service between remote sites. Using a common MPLS-domain, multiple Virtual Private Networks (VPNs) can be configured across a service-provider MPLS core network. Each VPN provides a secure data path that allows IP packetized traffic to share the infrastructure while being effectively segregated from other VPNs that are using the same MPLS domain.
In the diagram below, four separate customers (1-4) each have remote sites. Each customer is connected to a network at a remote site through the MPLS domain while being completely segregated and secure from traffic between other sites. For instance, CE 1 and CE 8 belong to Customer 1. CE 1 is connected to the BGP or MPLS VPN network through PE 1 and CE 8 through PE 4. Using the service provider‘s BGP or MPLS VPN service, traffic can be forwarded between CE1 and CE8 at the same time that Customers 2 through 4 use VPNs that operate over the same network infrastructure. Different customers can even use the same IP addresses without conflicting with other customers networks or creating any routing problems.
