• Chapter 1: Describing Network Requirements
• Chapter 2: Topologies for Teleworker Connectivity
• Chapter 3: Using Cable to Connect to a Central Site
• Chapter 4: Using DSL to Connect to a Central Site
• Chapter 5: Configuring DSL Access with PPPoE
• Chapter 6: Configuring DSL Access with PPPoA
• Chapter 7: DSL Connection Troubleshooting
• Chapter 8: The MPLS Conceptual Model
• Chapter 9: MPLS Architecture
• Chapter 10: Configuring Frame Mode MPLS
• Chapter 11: MPLS VPN Technologies
• Chapter 12: IPsec Overview
• Chapter 13: Site-to-Site VPN Operations
• Chapter 14: GRE Tunneling over IPsec
• Chapter 15: IPsec High Availability Options
• Chapter 16: Configuring Cisco Easy VPN
• Chapter 18: Cisco Device Hardening
• Chapter 19: Securing Administrative Access
• Chapter 20: Using AAA to Scale Access Control
• Chapter 21: Cisco IOS Threat Defense Features
• Chapter 22: Implementing Cisco IOS Firewalls
• Chapter 23: Implementing Cisco IDS and IPS

Chapter 11: MPLS VPN Technologies

VPN Types

• Layer 1 Overlay - Dedicated physical circuits
• Layer 2 Overlay - Traditional WAN services (Frame Relay, HDLC, etc); virtual circuits
• Layer 3 Overlay - GRE/IPsec tunnels
• Peer-to-Peer - Layer 3 connectivity serviced by provider

VPN Architecture

• C network - A customer's private network
• CE router - Customer edge router which connects to a PE router
• P network - The provider's shared network composed of MPLS routers
• PE router - Provider edge router which connects to one or more customers

Different customer networks can be logically separated using Virtual Routing and Forwarding (VRF), a private routing table on the provider's routers.

A route distinguisher (RD) is a 64-bit prefix prepended to an IPv4 address to create a globally unique VPNv4 address. Each customer is assigned its own RD or RDs.

VPNv4 addresses are communicated between PE routers using MPBGP.

A route target (RT) is an attribute appended to a VPNv4 BGP route to indicate VPN membership.