A VPN in an L3VPN is a collection of unicast-enabled VPN routing and forwarding (VRF) instances that are members of the same virtual private network. The instances are configured on PE devices. All functions that are associated with establishing, maintaining, and operating an L3VPN take place in the PE devices.
The P devices are not aware of the L3VPNs; they forward packets over the established LSPs. Similarly, the CE devices are not aware of the L3VPNs; they route IP packets in accordance with the customer’s established addressing and routing schemes.
Multi-VRF CEs are aware of L3VPNs, but not to the extent that the PEs that connect directly to the multi-VRF CEs are. The directly connected PE maintains VRFs that are mirror images of the VRFs that are maintained by the multi-VRF CE. No MPLS label exchange, no LDP adjacency, and no labeled packet flow occur between the PE and the multi-VRF CE. The packets flow as IP packets between the two devices.
Here are three types of VPN:
-
Full-mesh (FullMesh)
Each customer site can communicate directly with every other customer site in the VPN.
-
Hub-and-spoke (HubAndSpoke)
All traffic flows to/from a central hub site.
-
Partial-mesh (SpokeAndSpoke)
Some customer sites can communicate directly with other customer sites in the VPN. A partial-mesh VPN is a hub-and-spoke VPN that has multiple hubs.
A VPN in an L3VPN provides a unicast VPN service. As such, the VPN transports unicast traffic but not multicast traffic.