A Virtual Private Network is a network that emulates a private network over a common infrastructure. The private network requires all customer sites to be able to interconnect and be completely separate from other Virtual Private Networks. The Virtual Private Network usually belongs to one company and has several sites interconnected across the common service provider infrastructure. Service providers can deploy two major Virtual Private Network models to provide Virtual Private Network services to their customers:

1. Overlay Virtual Private Network model
2. Peer-to-peer Virtual Private Network model

Overlay Virtual Private Network Model

In the overlay model, the service provider supplies a service of point-to-point links or virtual circuits across his network between the routers of the customer. The customer routers form routing peering between them directly across the links or virtual circuits from the service provider. The routers or switches from the service provider carry the customer data across the service provider network, but no routing peering occurs between a customer and a service provider router. The result of this is that the service provider routers never see the customer routes. An extra advantage of running Multiprotocol Label Switching traffic engineering is the possibility of Fast ReRouting (FRR). FRR allows you to reroute labeled traffic around a link or router that has become unavailable. The rerouting of traffic happens in less than 50 ms, which is fast even for standards of today.

History of Multiprotocol Label Switching in Cisco IOS

This section gives you a brief chronological overview of the Multiprotocol Label Switching implementation in Cisco IOS from its start in 1998.

Tag Switching to Multiprotocol Label Switching

Cisco Systems started off with putting labels on top of IP packets in what was then called tag switching. The first implementation was released in Cisco IOS 11.1(17)CT in 1998. A tag was the name for what is now known as a label. This implementation could assign tags to networks from the routing table and put those tags on top of the packet that was destined for that network. Tag switching built a Tag Forwarding Information Base (TFIB), which is, in essence, a table that stores input-to-output label mappings. Each tag-switching router had to match the tag on the incoming packet, swap it with the outgoing tag, and forward the packet. Multiprotocol Label Switching Applications

The first release of tag switching in Cisco IOS allowed for traffic engineering, but it was first called Routing with Resource Reservation (RRR or R3). The first implementation of traffic engineering in Cisco IOS was static. This meant that you as the operator of the router had to configure all the hops that a certain flow of traffic had to follow through the network. A later implementation made traffic engineering more dynamic by using extensions to the link state routing protocols. The operator no longer had to statically configure the traffic engineering tunnels hop by hop. The link state routing protocol carried extra information, so that the tunnels could be created in a more dynamic way. This greatly reduced the amount of work the operator had to do, which made Multiprotocol Label Switching traffic engineering more popular.

Until the coming of Multiprotocol Label Switching Virtual Private Network, tag switching or Multiprotocol Label Switching was not widespread. When Cisco came out with Cisco IOS Software Release 12.0(5)T, the first Cisco IOS release containing support for Multiprotocol Label Switching Virtual Private Network in 1999, it became an instant success because many service providers immediately started to implement Multiprotocol Label Switching Virtual Private Network. To date, the Multiprotocol Label Switching Virtual Private Network application is still the most popular of all the Multiprotocol Label Switching applications. The next big addition to the family of Multiprotocol Label Switching applications was AToM. Cisco implemented AToM in Cisco IOS Release 12.0(10)ST, released in 2000, to carry Asynchronous Transfer Mode AAL 5 over an Multiprotocol Label Switching backbone. Later, many more encapsulation types were added to AToM in Cisco IOS. Examples of Layer 2 encapsulation types that can be carried over an AToM network today are Frame Relay, Asynchronous Transfer Mode, PPP, HDLC, Ethernet, and 802.1Q. Particularly, the transport of Ethernet across the Multiprotocol Label Switching backbone has seen a growing success today. However, AToM is restricted in that it carries these Ethernet frames across the Multiprotocol Label Switching backbone in a point-to-point fashion only. Virtual Private LAN Service (VPLS) enables the forwarding of the Ethernet frames in a point-to-multipoint fashion. In essence, VPLS is the Layer 2 service that emulates a LAN across an Multiprotocol Label Switching-enabled network. The first implementation of VPLS in Cisco IOS was released in early 2004 on the 7600 platform in Cisco IOS release 12.2(17d)SXB.

Label Switch Router

A label switch router is a router that supports Multiprotocol Label Switching. It is capable of understanding Multiprotocol Label Switching labels and of receiving and transmitting a labeled packet on a data link. Three kinds of Label Switch Routers exist in an Multiprotocol Label Switching network:

1. Ingress Label Switch Routers - Ingress Label Switch Routers receive a packet that is not labeled yet, insert a label (stack) in front of the packet, and send it on a data link.
2. Egress Label Switch Routers - Egress Label Switch Routers receive labeled packets, remove the label(s), and send them on a data link. Ingress and egress Label Switch Routers are edge Label Switch Routers.
3. Intermediate Label Switch Routers - Intermediate Label Switch Routers receive an incoming labeled packet, perform an operation on it, switch the packet, and send the packet on the correct data link.

An Label Switch Router can do the three operations: pop, push, or swap. It must be able to pop one or more labels (remove one or more labels from the top of the label stack) before switching the packet out. An Label Switch Router must also be able to push one or more labels onto the received packet. If the received packet is already labeled, the Label Switch Router pushes one or more labels onto the label stack and switches out the packet. If the packet is not labeled yet, the Label Switch Router creates a label stack and pushes it onto the packet. An Label Switch Router must also be able to swap a label.

This simply means that when a labeled packet is received, the top label of the label stack is swapped with a new label and the packet is switched on the outgoing data link. An Label Switch Router that pushes labels onto a packet that was not labeled yet is called an imposing Label Switch Router because it is the first Label Switch Router to impose labels onto the packet. One that is doing imposition is an ingress Label Switch Router. An Label Switch Router that removes all labels from the labeled packet before switching out the packet is a disposing Label Switch Router. One that does disposition is an egress Label Switch Router. In the case of Multiprotocol Label Switching Virtual Private Network, the ingress and egress Label Switch Routers are referred to as provider edge (PE) routers. Intermediate Label Switch Routers are referred to as provider (P) routers. The terms PE and P routers have become so popular that they are also used when the Multiprotocol Label Switching network does not run Multiprotocol Label Switching Virtual Private Network.