Basic VPLS architecture
Figure 79: Basic VPLS architecture
As shown in Figure 79, the VPLS architecture mainly includes the following components:
CE—A customer edge device is directly connected to the service provider network.
PE—A provider edge device connects one or more CEs to the service provider network. A PE implements VPN access by mapping and forwarding packets between private networks and public network tunnels. A PE can be a UPE or NPE in a hierarchical VPLS.
AC—An attachment circuit, physical or virtual, connects a CE and a PE, such as an Ethernet link or a VLAN.
PW—A pseudowire is a bidirectional virtual connection between two PEs. An MPLS PW consists of two unidirectional MPLS LSPs in opposite directions.
Tunnel—A tunnel can be an LSP tunnel or an MPLS TE tunnel. It carries one or more PWs over an IP/MPLS backbone. If a PW is carried on an LSP or MPLS TE tunnel, each packet on the PW contains two labels. The inner label is the PW label, which identifies the PW and makes sure the packet is forwarded to the correct VSI. The outer label is the public LSP or MPLS TE tunnel label, which makes sure the packet is correctly forwarded to the remote PE.
VPLS instance—A customer network might include multiple geographically dispersed sites (such as site 1 and site 3 in Figure 79.) The service provider uses VPLS to connect all the sites to create a single Layer 2 VPN, which is referred to as a "VPLS instance." Sites in different VPLS instances cannot communicate with each other at Layer 2.
VSI—A virtual switch instance provides Layer 2 switching services for a VPLS instance on a PE. A VSI acts as a virtual switch that has all the functions of a conventional Ethernet switch, including source MAC address learning, MAC address aging, and flooding. VPLS uses VSIs to forward Layer 2 data packets in VPLS instances.