242
Nested VPN is flexible and easy to implement and can reduce the cost because a customer only needs
to pay for one MPLS VPN to have multiple internal VPNs connected. Nested VPN provides diversified
VPN networking methods for a customer, and allows for multi-level hierarchical access control over the
internal VPNs.
HoVPN
In MPLS L3VPN solutions, PEs are the key devices, which provide the following functions:
•
User access. This means that the PEs must have a large amount of interfaces.
•
VPN route managing and advertising, and user packet processing, requiring that a PE must have a
large-capacity memory and high forwarding capability.
Most of the current network schemes use the typical hierarchical architecture. For example, the MAN
architecture contains typically three layers, namely, the core layer, distribution layer, and access layer.
From the core layer to the access layer, the performance requirements on the devices decrease while the
network expands.
MPLS L3VPN, on the contrary, is a plane model where performance requirements are the same for all PEs.
If a certain PE has limited performance or scalability, the performance or scalability of the whole network
is influenced.
Due to the difference, you are faced with the scalability problem when deploying PEs at any of the three
layers. Therefore, the plane model is not applicable to the large-scale VPN deployment.
To solve the scalability problem of the plane model, MPLS L3VPN must transition to the hierarchical
model.
In MPLS L3VPN, hierarchy of VPN (HoVPN) was proposed to meet that requirement. With HoVPN, the PE
functions can be distributed among multiple PEs, which take different roles for the same functions and
form a hierarchical architecture.
As in the typical hierarchical network model, HoVPN has different requirements on the devices at
different layers of the hierarchy.
Implementation of HoVPN
Figure 71
Basic architecture of HoVPN
MPLS network
PE
PE
SPE
UPE
UPE
CE
CE
CE
CE
VPN 1
VPN 1
VPN 2
VPN 2
Site 1
Site 2