Using unicast L3VPNs to connect sites over an MPLS network and Using multicast L3VPNs to connect sites over an MPLS network identify the basic components of an L3VPN. Because an L3VPN is designed for interconnecting routing devices, each PE and CE in the figure must be a router or a routing-capable switch.

Figure 1. Using unicast L3VPNs to connect sites over an MPLS network
Figure 2. Using multicast L3VPNs to connect sites over an MPLS network

An L3VPN consists of multiple access links, multiple VPN routing and forwarding (VRF) tables, and multiple VPN tunnels or multiple P2MP LSPs. An L3VPN can be configured to connect two or more customer sites.

Central to an L3VPN is the VRF, which allows for separate and private VPN forwarding decisions to co-exist within a PE device. A VRF is created on a per VPN basis within each PE. The VRF is the fundamental mechanism that enables the partitioning of individual customers over the shared IP routed infrastructure.

Note:

A VRF can be configured to transport unicast traffic, multicast traffic, or both.

Even if a service provider’s customers have overlapping IP address spaces, for example, 10.x.x.x networks, the VRFs effectively segment those addresses so that the control traffic and the data traffic remain exclusively within the correct VPNs.