What Is 6VPE?
6VPE uses IPv4 and MPLS to connect isolated IPv6 networks and provide BGP MPLS VPN services for them. In a 6VPE scenario, customer edges (CEs) use the IPv6 address family, whereas the backbone network devices use the IPv4 address family. The network where 6VPE is deployed uses VPN to logically isolate IPv6 networks connected to it, improving IPv6 network security.
Why Do We Need 6VPE?
As more and more IPv4 networks evolve to IPv6, a growing number of users want carriers to provide VPN services for these networks. This is where IPv6 VPN provider edge (6VPE) comes in. 6VPE, as an extension of BGP MPLS IP VPN, provides BGP MPLS VPN services for IPv6 networks.
Evolution from an MPLS IPv4 Network to an IPv6 Network
As a next-generation network layer protocol, IPv6 not only provides sufficient address space, but also allows more users and devices to access the Internet. And due to its higher service quality and security, IPv6 attracts an increasing amount of attention.
As networks evolve from IPv4 to IPv6, it is inevitable that the two types of networks coexist for some time. At the early stage of the evolution, IPv6 networks are not widely deployed, and IPv4 networks are still predominant. As a result, IPv6 islands occur. IPv6 provider edge (6PE) can provide MPLS IPv4 networks to connect isolated IPv6 networks. However, with the wide application of IPv6 networks, the demand for IPv6 VPN also increases sharply.
6VPE uses VPN to logically isolate IPv6 networks connected to the network where it is deployed, significantly improving IPv6 network security.
Characteristics Shared by 6VPE and 6PE
6VPE and 6PE — both implemented based on BGP MPLS VPN — share the following characteristics:
- Both are tunneling technologies for connecting IPv6 islands and use MPLS to shield IPv6 tunnels on the IPv4 backbone network. They still use IPv4 IGP to establish routing relationships between provider nodes (Ps) and provider edges (PEs).
- Both use MP-BGP to transmit routing information for IPv6 networks.
Differences Between 6VPE and 6PE
6PE considers all connected IPv6 networks as one VPN customer, for which the IPv4 backbone network provides tunnel connections. This means that 6PE cannot logically isolate IPv6 networks. Because IPv6 and IPv4 belong to different address families, IPv6 routing information does not need to be distinguished from IPv4 routing information. On a 6PE router, the IPv6 routing table is equivalent to a VRF in BGP/MPLS IP VPN.
6VPE, in comparison, uses VPN on the network where it is deployed to ensure that the services of private IPv6 sites for different users are isolated from each other. To provide IPv6 VPN services, the 6VPE network introduces the VPN-IPv6 address family and establishes an independent VRF for each IPv6 VPN. A key benefit of this is that it implements logical isolation between different IPv6 VPNs.
Benefits of 6VPE
6VPE offers the following benefits:
- Easy configuration: 6VPE leverages the existing IPv4/MPLS backbone network to connect separate IPv6 networks, requiring only a few network adjustments. Moreover, all configurations are performed on PEs, and the IPv4 network is imperceptible to IPv6 networks.
- Wide range of services: 6VPE does not limit the IP protocol version used on the backbone network. IPv6 VPN traffic is mainly transmitted over IPv4 tunnels. In addition to LDP LSPs, CR-LSPs and GRE tunnels can also be used as public network tunnels between PEs.
- High security: 6VPE logically isolates connected IPv6 networks, significantly improving IPv6 network security.
What Types of 6VPE Exist?
Basic 6VPE networking is single-AS networking. However, different metro networks of the same carrier or collaborative backbone networks of different carriers usually span several ASs. In such cases, inter-AS 6VPE networking modes Option A, Option B, and Option C are proposed.
6VPE Single-AS Networking
The following figure shows the basic 6VPE single-AS networking. PEs need to run both IPv4 and IPv6, and CEs need to run only IPv6. Static routing or a multi-instance IPv6 protocol such as BGP4+, IS-ISv6, RIPng, or OSPFv3 can be used between PEs and CEs. The public network tunnels between PEs can be LDP LSPs, TE tunnels, or GRE tunnels.
Because IPv6 packets are encapsulated inside GRE packets, if GRE tunnels are used as public network tunnels, you also need to enable MPLS on public network interfaces.
6VPE single-AS networking
6VPE Inter-AS Option A Networking
The following figure shows the inter-AS Option A networking, which has the following characteristics:
- Interfaces between autonomous system boundary routers (ASBRs) are bound to IPv6 VPN instances and configured with IPv6 addresses. Furthermore, IPv4 runs in each AS. This means that both IPv4 and IPv6 run on ASBRs and PEs.
- A multi-instance IPv6 protocol can be used between ASBRs.
- Data packets are forwarded between ASBRs as common IPv6 packets without labels. Data packets within an AS (PE-ASBR) are forwarded as IPv6 VPN instance packets with double labels or one label. If double labels are used, the inner one is the IPv6 VPN instance label.
6VPE inter-AS Option A networking
6VPE Inter-AS Option B Networking
The following figure shows the inter-AS Option B networking, which has the following characteristics:
- IPv4 runs both within each AS and between ASs. Both IPv4 and IPv6 run on PEs.
- An MP-EBGP peer relationship is established between ASBRs through directly connected interfaces, and VPNv6 is enabled for the peer in the VPNv6 address family view.
- Data packets are forwarded between ASBRs as IPv6 VPN instance packets with one label. Data packets within an AS (PE-ASBR) are forwarded as IPv6 VPN instance packets with double labels or one label. If double labels are used, the inner one is the IPv6 VPN instance label.
6VPE inter-AS Option B networking
6VPE Inter-AS Option C Networking
The following figure shows the inter-AS Option C networking, which has the following characteristics:
- IPv4 runs both within each AS and between ASs. Both IPv4 and IPv6 run on PEs.
- ASBRs establish an MP-EBGP peer relationship with each other through directly connected interfaces and are configured to advertise labeled routes to each other. The two BGP peers negotiate the capability of advertising labeled IPv4 routes.
- PEs establish MP-EBGP peer relationships with each other through loopback interfaces and are configured to advertise labeled routes to each other. The same applies for ASBRs. The BGP peers negotiate the capability of advertising labeled IPv4 routes.
- PEs establish a multi-hop MP-EBGP peer relationship with each other through loopback interfaces, and the peer capability is enabled in the VPNv6 address family view. The BGP peers negotiate the capability of advertising labeled VPN routes.
- Data packets are forwarded between ASBRs as IPv6 VPN instance packets with double labels. Data packets within an AS (PE-ASBR) are forwarded as IPv6 VPN instance packets with three or double labels. The innermost label is the IPv6 VPN instance label.
6VPE inter-AS Option C networking
How Does 6VPE Work?
6VPE works on two planes: control plane (route advertisement) and forwarding plane (data forwarding).
6VPE Control Plane
The following figure shows the working process of the 6VPE control plane. Route advertisement from CE1 to CE2 is used as an example. And route advertisement from CE2 to CE1 is similar.
- After establishing a neighbor or peer relationship with PE1, CE1 advertises the local IPv6 route 2001:DB8:1::1/128 to PE1. CE1 and PE1 use a standard IPv6 routing protocol for communication.
- After receiving the route from CE1, PE1 adds an RD prefix to the route to convert it into a VPN-IPv6 route. PE1 then advertises the route to PE2 through MP-BGP. After receiving the VPN-IPv6 route, PE2 adds the route to its VPN-IPv6 routing table and stores the MPLS label information carried in the MP-BGP Update message.
- PE2 removes label information from the received IPv6 route and advertises the route to CE2 using an IPv6 routing protocol, such as BGP4+, IS-ISv6, or RIPng.
Working process of the 6VPE control plane
6VPE Forwarding Plane
The following figure shows the working process of the 6VPE forwarding plane. Similar to BGP/MPLS IP VPN, 6VPE encapsulates double labels into IPv6 packets so that these packets can pass through the IPv4 core network. The outer label is an MPLS tunnel label, which is used to indicate how to reach the BGP next hop. The inner label is a VPN-IPv6 label, which is used to determine the outbound interface of the packet and the VPN to which the packet belongs. IPv6 packets are forwarded between CEs and PEs, whereas MPLS packets are forwarded between only PEs. MPLS tunnels must be established based on IPv4 routes, meaning that PEs must run IPv4/IPv6 dual-stack.
An IPv6 packet is transmitted through a 6VPE tunnel as follows:
- CE1 sends an IPv6 packet to PE1.
- Upon receipt of the IPv6 packet, PE1 adds the inner label L2 and public tunnel label L1 to the packet. PE1 determines the inner label based on the IPv6 VRF and the public tunnel label based on IPv4 address information.
- PE1 forwards the labeled IPv6 packet over a public network tunnel to P, which in turn forwards the packet based on label information and is unaware of the inner IPv6 payload.
- Upon receipt, P swaps the outer label of the packet and then performs penultimate hop popping, or PHP, to remove outer label L1'.
- After PE2 receives the packet, it determines the corresponding VPN instance based on inner label L2 and then removes L2. Next, PE2 searches the VRF based on the destination address of the original IPv6 packet and forwards the packet to CE2.
Working process of the 6VPE forwarding plane
How Will 6VPE Evolve in the Future?
6VPE is a solution for the initial stage of IPv4-to-IPv6 transition. It uses the existing IPv4/MPLS backbone network to carry IPv6 services and connects IPv6 networks to provide IPv6 services for users without the need to upgrade the backbone network. In addition, the IPv6 networks are unaware of the IPv4 network. However, 6VPE has certain limitations. For example, it depends on MPLS and involves complex protocol states. In addition, it requires PEs to run IPv4/IPv6 dual-stack, consuming more CPU, memory, and other resources.
With the increased deployment of IPv6 networks, carrier networks now fully support IPv6. IPv6 networks can directly communicate through IPv6 without any transition technology. SRv6, which can provide IPv6 VPN services over an IPv6 backbone network, extends IPv6 headers to implement label forwarding-like processing based on existing IPv6 forwarding technologies, simplifying IPv6 VPN implementation.
Compared with 6VPE, SRv6 has the following advantages:
- Less resource consumption: After SRv6 is used, the entire network runs IPv6, and PEs need to support only IPv6, lowering consumption of device resources.
- Simplified services: SRv6 packets have the same packet headers as common IPv6 packets. Network nodes can communicate based entirely on IPv6 reachability, simplifying network protocols and facilitating service provisioning.
- Flexible deployment: SRv6 provides flexible programmability to meet the differentiated SLA requirements of services.
Simply put, IPv4-to-IPv6 transition is a long process. From the perspective of networks and services, SRv6 is more advantageous than 6VPE in terms of implementing IPv6 VPN.
- Author： Liu Jiaxuan
- Updated on： 2022-12-09
- Views： 19759
- Average rating：