Fact-checked by Grok 2 weeks ago

MPLS VPN

() Virtual Private Network (VPN) is a networking technology that enables service providers to deliver scalable, secure Layer 3 VPN services to customers over a shared -enabled backbone, using () for route distribution and for efficient . This approach creates virtualized networks that isolate customer traffic without requiring dedicated physical infrastructure, supporting features like overlapping spaces and control. At its core, MPLS VPN leverages label switching to packets across the provider's core while maintaining logical separation between VPNs, ensuring that routes and data for one customer's network remain from others. The architecture relies on key components such as Provider Edge (PE) routers, which connect directly to customer sites and maintain per-VPN Virtual Routing and Forwarding (VRF) instances to segregate routing tables; Customer Edge (CE) routers, which handle customer-side connectivity via standard IP protocols like BGP or OSPF; and Provider (P) routers in the core that forward MPLS-labeled packets without awareness of VPN-specific routes. Route exchange between PE routers occurs via Multi-Protocol BGP (MP-BGP) using the VPN-IPv4 address family, where Route Distinguishers (RDs)—8-byte prefixes—uniquely identify routes to resolve IP address overlaps across VPNs, and Route Targets (RTs) control route import/export policies for membership in specific VPNs. Packets are encapsulated with a two-level MPLS label stack: an outer label for transport across the backbone (distributed via Label Distribution Protocol or BGP) and an inner label for VPN demarcation at the egress PE. MPLS VPN offers significant benefits, including scalability by confining VPN route knowledge to PE routers only, thus avoiding route explosion in the core; security through inherent traffic isolation and optional encryption; and flexibility for supporting intranets, extranets, and inter-provider extensions via Autonomous System Border Routers (ASBRs). It also enables advanced capabilities like Quality of Service (QoS) enforcement and traffic engineering, making it a foundational technology for enterprise WAN connectivity and service provider offerings since its standardization in the early 2000s. Despite the rise of alternatives like SD-WAN, MPLS VPN remains widely deployed for its reliability and performance in mission-critical environments.

Overview

Definition and Purpose

MPLS VPN, or Multiprotocol Label Switching Virtual Private Network, is a networking technology that integrates MPLS with virtual private network (VPN) functionalities to deliver secure, isolated connectivity services over a shared service provider infrastructure, effectively emulating dedicated private networks for multiple customers. This approach leverages MPLS label-based forwarding to create virtual topologies that support Layer 3 services, allowing customer sites to communicate as if connected via private lines without requiring separate physical infrastructure. The primary purpose of MPLS VPN is to enable service providers to offer scalable IP-based VPN solutions that provide end-to-end connectivity between customer sites, incorporating features such as traffic engineering, quality of service (QoS) differentiation, and traffic isolation across a common backbone. By using MPLS to tunnel customer traffic, providers can support any-to-any communication models while maintaining logical separation between different customers' networks through mechanisms like virtual routing and forwarding (VRF) instances. This facilitates efficient resource utilization in the provider's IP/MPLS core, allowing for dynamic provisioning of services like premium bandwidth guarantees and best-effort delivery without altering customer routing protocols. Key benefits of MPLS VPN include its scalability for handling numerous customers and sites, as routing information for a specific VPN is maintained only on relevant provider edge routers rather than flooding the entire core network. It supports seamless integration with existing IP infrastructures, enabling any-to-any connectivity that simplifies network management compared to hub-and-spoke topologies, while providing inherent support for overlapping IP address spaces across customers. Additionally, MPLS VPN delivers carrier-grade performance with low latency and high reliability through label-switched paths that can incorporate traffic engineering for optimized routing and QoS policies. In comparison to traditional non-MPLS VPNs, such as IPsec-based overlays, MPLS VPNs offer superior performance and reliability by operating over a trusted provider , eliminating the computational overhead of and decryption while achieving through MPLS labeling rather than cryptographic means. This model reduces management complexity for customers, as the provider handles core and , contrasting with the point-to-multipoint challenges and higher often seen in Internet-based VPNs.

Evolution and Standards

MPLS VPN technology originated in the late 1990s as an extension of (MPLS), with initial concepts proposed in the mid-1990s by industry and formalized by the (IETF) starting in 1997 to enhance efficiency and support virtual private networks (VPNs) over shared infrastructures. Early efforts addressed limitations in traditional IP VPNs by leveraging MPLS for scalable, secure connectivity across service provider backbones. A key milestone came with RFC 2547 in March 1999, which introduced as an experimental specification for providing Layer 3 VPN services using (BGP) for route distribution and MPLS for forwarding. This was later standardized in RFC 4364 in February 2006, which obsoleted RFC 2547 and formalized , enabling robust inter-autonomous system (AS) connectivity and route target mechanisms for policy control. In the 2000s, implementations like Nokia's Virtual Private Routed Network (VPRN) terminology emerged, building on these RFCs to describe Layer 3 VPN services in service router operating systems. The evolution extended to Layer 2 support through pseudowires, with RFC 3985 in March 2005 defining the Pseudo Wire Emulation Edge-to-Edge (PWE3) architecture for emulating services like Ethernet over MPLS packet-switched networks. In the 2020s, MPLS VPNs have integrated with (SDN) and for hybrid architectures, allowing MPLS as a reliable underlay for SD-WAN overlays to improve flexibility, cost-efficiency, and cloud connectivity. As of 2025, the MPLS VPN market continues to grow, with projections estimating a value of over USD 11 billion by 2032, fueled by integrations with cloud services and demand for reliable enterprise connectivity. Standardization efforts are led primarily by the IETF through working groups like L3VPN and PWE3, with IEEE contributions focusing on Layer 2 Ethernet aspects such as bridging in VPN contexts.

Fundamentals of MPLS

Label Switching Mechanism

Multiprotocol Label Switching (MPLS) enhances packet forwarding efficiency by inserting short, fixed-length between the Layer 2 and Layer 3 headers of packets, enabling routers to make forwarding decisions based on these labels rather than performing full lookups at each . This mechanism replaces traditional lookups in the core network with simpler label-based switching, which reduces processing overhead and improves scalability in large networks. As defined in the MPLS architecture, labels are locally significant identifiers, typically 20 bits long, that allow for high-speed forwarding through Label Switching Routers (LSRs). The switching process begins at the ingress LSR, where an incoming packet is classified into a (FEC) based on its header, and a corresponding is pushed onto the packet's label stack. In the core network, intermediate LSRs use an Incoming Label Map (ILM) to map the topmost to a Next Hop Label Forwarding Entry (NHLFE), which specifies the outgoing and any label operations, such as the incoming with a new outgoing . This occurs without examining the underlying , allowing packets to traverse a predetermined Label Switched (LSP) efficiently. At the egress LSR, or often the penultimate LSR to optimize processing, the is popped from the stack, and the packet is forwarded based on its native Layer 3 information. MPLS supports a label stack mechanism to enable hierarchical and tunneling, where multiple can be stacked, with the top determining the immediate forwarding action and deeper handling subsequent decisions. For instance, an outer might direct traffic across the core LSP, while an inner manages service-specific . This stacking is managed through , swap, and pop operations as dictated by the NHLFE, providing flexibility for nested paths without altering the underlying packet. Label imposition and distribution in MPLS are facilitated by protocols such as the Label Distribution Protocol (LDP), which advertises FEC-to-label mappings between LSRs to establish LSPs in a non-traffic-engineered manner. LDP operates in modes like downstream unsolicited distribution, where labels are proactively shared, ensuring seamless label swapping across the network. For traffic-engineered paths, Resource Reservation Protocol with Traffic Engineering extensions (RSVP-TE) is used to signal LSPs, reserving resources and distributing labels along explicit routes. Additionally, Border Gateway Protocol (BGP) can carry label information in updates, particularly for labeled unicast scenarios, allowing inter-domain label distribution.

Forwarding Equivalence Classes and Label Distribution

In (), a () represents a set of packets that receive identical forwarding treatment within the network, such as traversing the same path or applying the same policies. This is determined at the network ingress point through of the packet's header, typically involving the against a destination in the , though it may also consider factors like type or application requirements. By grouping packets into FECs, MPLS enables efficient label-based forwarding without repeated header inspections at intermediate nodes, supporting scalability in large networks. Label assignment occurs at the ingress Label Switching Router (LSR), where a specific label is bound to the identified FEC to initiate the Label Switched Path (LSP). Downstream LSRs assign these labels and distribute the bindings upstream via label distribution protocols, ensuring the label represents the FEC for packets between adjacent LSRs. In scenarios involving nested LSPs, such as hierarchical routing or VPN tunneling, multiple labels may be stacked onto a single packet, with each label corresponding to a distinct FEC level— for instance, an outer label for core network transport and an inner label for service-specific routing. Several protocols handle label distribution, tailored to specific forwarding needs. The (LDP) operates for IP forwarding, enabling LSRs to exchange FEC-label bindings along standard routed paths without explicit path setup, using modes like downstream unsolicited distribution for efficiency. For traffic-engineered paths requiring resource reservations, with Traffic Engineering extensions (RSVP-TE) facilitates label distribution by signaling explicit routes and bandwidth allocations through Path and Resv messages, supporting LSPs with mechanisms like make-before-break for seamless rerouting. In MPLS VPN environments, (BGP) distributes labels alongside VPN routes using the VPN-IPv4 address family, where provider edge routers advertise labeled routes to maintain separation across customer networks. To prevent label conflicts and ensure proper forwarding, MPLS employs distinct label spaces for allocation. Per-platform label space assigns labels uniquely across the entire router, suitable for interfaces that share a common forwarding context, with a reserved index of zero in management tables. Per-interface label space, in contrast, allocates labels unique to each interface, defined by minimum and maximum label ranges per entry, allowing independent management on point-to-point links while avoiding reuse issues in multi-access environments. Interfaces may participate in both spaces simultaneously if configured accordingly, with the per-platform mode indicated by a specific bit in label participation types.

General Architecture

Network Components

In an MPLS VPN network, the primary hardware components include Provider Edge () routers, Customer Edge () devices, and Provider (P) routers, each playing distinct roles in facilitating secure and scalable VPN services. PE routers serve as the boundary devices of the service provider's network, directly connecting to customer sites and handling the termination of VPN services. They maintain separate routing tables for each attached VPN, enabling traffic isolation and route distribution specific to individual customers. CE devices, typically customer-owned routers or switches, connect to PE routers via attachment circuits such as Ethernet or links. These devices operate without awareness of the MPLS mechanisms in the provider's core, simply exchanging IP routes with the adjacent PE router to participate in the VPN. P routers form the core backbone of the provider's network, interconnecting multiple PE routers and performing high-speed label switching without maintaining any VPN-specific routing information. This design enhances by limiting the complexity in the core to basic MPLS forwarding, relying on PE routers for all customer-related processing. Logically, Label Switched Paths (LSPs) provide the transport mechanism across the provider backbone, establishing unidirectional tunnels between PE routers to carry MPLS-labeled packets efficiently. (VRF) instances on PE routers ensure logical isolation by maintaining per-VPN forwarding tables, preventing traffic leakage between different customers' networks. These components interact such that CE devices forward traffic to PE routers, which apply VPN labels and route packets along LSPs through P routers for delivery to remote sites.

Tunneling and Encapsulation Methods

MPLS VPNs employ encapsulation techniques to transport customer traffic across a service provider's while maintaining logical separation between different VPNs. The core mechanism involves inserting an MPLS label stack between the Layer 2 () and Layer 3 (L3) headers of the original packet, known as the "shim" header. This shim header, defined in RFC 3032, consists of one or more 32-bit label stack entries, each comprising a 20-bit label value for forwarding decisions, a 3-bit Experimental (EXP) field for quality-of-service markings, a 1-bit Bottom-of-Stack (S) flag to indicate the last entry, and an 8-bit field copied from or to the . For IP/MPLS encapsulation, the shim follows the L2 header (e.g., Ethernet or ) and precedes the , using 0x8847 for or 0x8848 for on links. Tunneling in MPLS relies on Label Switched Paths (LSPs), which are unidirectional paths established through the network via protocols like LDP or RSVP-TE. To support bidirectional communication required for most services, a pair of unidirectional LSPs—one in each direction—is used to form a bidirectional tunnel. Security in MPLS VPNs is achieved through label-based isolation rather than encryption, as the MPLS backbone operates as a trusted environment under service provider control. Each VPN customer's traffic is assigned unique inner labels that segregate it from other VPNs, ensuring that core (P) routers forward packets only along the designated LSP without visibility into VPN-specific details. This two-level hierarchy—outer labels for transport across the backbone and inner labels for service demarcation—prevents cross-VPN leakage, as the outer label directs packets to the correct provider edge (PE) router, while the inner label (e.g., VC label for L2 or VPN label for L3) handles final delivery within the VPN. No cryptographic mechanisms are inherent to the MPLS encapsulation, relying instead on the physical and administrative separation of the provider network. The stack format allows for efficient stacking: the outer (transport LSP ) is pushed first at the ingress PE for backbone , followed by the inner service (e.g., VC ) closest to the payload. Upon reaching the egress PE, the outer is popped, exposing the inner for VPN-specific forwarding. This structure supports scalable VPN services without requiring core routers to maintain per-VPN state.

Layer 2 MPLS VPNs

Point-to-Point Pseudowires

Point-to-point s in MPLS VPNs provide a mechanism for emulating Layer 2 point-to-point connections over an MPLS packet-switched network (PSN), allowing transparent transport of customer Layer 2 frames between remote sites as if connected by a direct physical link. A is essentially a that encapsulates and forwards Layer 2 protocols such as T1, E1, , Relay, or across the MPLS core, preserving the native service characteristics without requiring changes to customer edge equipment. This emulation enables service providers to offer Layer 2 VPN services, known as Virtual Private Wire Services (VPWS), where the acts as a tunnel between provider edge (PE) routers. The setup of point-to-point pseudowires relies on signaling protocols to establish the virtual circuit and agree on parameters between PE routers. Label Distribution Protocol (LDP) extensions, as defined in RFC 4447, are commonly used for signaling, where PE routers exchange targeted LDP sessions to advertise pseudowire forwarding equivalence class (FEC) elements and allocate MPLS labels for the pseudowire. Alternatively, Border Gateway Protocol (BGP) can be employed for auto-discovery and signaling in larger deployments, using BGP reachability information to identify endpoints and distribute pseudowire labels, as specified in RFC 6074. Endpoint identification is achieved through a Virtual Circuit Identifier (VC ID), a unique 32-bit value assigned to each pseudowire, ensuring proper mapping of customer attachments and preventing cross-connections. During setup, optional interface parameters, such as maximum transmission unit (MTU), are negotiated via type-length-value (TLV) sub-TLVs in the signaling messages to ensure compatibility. In operation, pseudowires enable the transparent transport of Layer 2 frames by encapsulating the customer within an MPLS label stack, where the bottom label identifies the specific and the top label routes through the MPLS core. The router at the ingress site removes the frame preamble and FCS (if present), adds the encapsulation (including an optional control word), and forwards it over the MPLS tunnel; the egress reverses this process to deliver the original frame. To maintain frame order and handle due to PSN paths, a sequence number can be included in the control word, which is a 4-byte header providing length, sequence numbering, and fragmentation flags, as outlined in RFC 4385. MTU matching is enforced during signaling to prevent fragmentation, with the MTU set to the minimum of the attachment and PSN capabilities, ensuring end-to-end frame without exceeding 9216 bytes for most emulated services. Point-to-point pseudowires are particularly valuable for migrating legacy (TDM) circuits, such as T1 or E1 lines, to modern packet-based MPLS networks, allowing service providers to phase out circuit-switched infrastructure while maintaining support for voice and data services that require precise timing and low latency. For instance, Structure-Agnostic TDM over Packet (SAToP) pseudowires emulate unstructured TDM streams by transporting raw bitstreams, facilitating the replacement of /SDH rings with MPLS cores. They also support simple site-to-site connectivity for Ethernet or , providing dedicated virtual links between branch offices or data centers without the overhead of Layer 3 , ideal for scenarios demanding Layer 2 and .

Virtual Private LAN Service (VPLS)

Virtual Private LAN Service (VPLS) is a multipoint technology that emulates an Ethernet (LAN) across geographically dispersed customer sites, allowing them to appear as if connected to a single . It achieves this by establishing a logical full of s between provider (PE) routers, which transport Ethernet frames transparently over the MPLS core, building on point-to-point pseudowire mechanisms. VPLS supports both full mesh topologies for direct interconnections and hub-and-spoke configurations to optimize resource usage in larger networks. In VPLS, PE routers function similarly to Ethernet switches by performing dynamic MAC address learning from incoming frames on attachment circuits (ACs) and pseudowires (PWs). Unknown destination trigger flooding of to all other PWs in the VPLS instance, ensuring broadcast and traffic reaches all sites, while known MACs enable forwarding. To prevent forwarding loops in the multipoint topology, VPLS employs a split-horizon , where traffic received on one PW is not forwarded to other PWs connected to the same PE, but only to local ACs. Signaling for VPLS pseudowires can use either with Auto-Discovery (BGP-AD) as defined in 4761 or (LDP) as specified in 4762. BGP-AD enables auto-discovery of remote PEs through Route Targets and signaling of PW labels via BGP updates, supporting full or partial topologies with reduced configuration overhead. In contrast, LDP signaling requires a full of LDP sessions between PEs, using Forwarding Equivalence Class (FEC) elements to associate labels with VPLS instances, which suits environments without BGP but demands more sessions for large-scale deployments. For scalability in large deployments, Hierarchical VPLS (H-VPLS) extends the basic model by introducing a two-tier with user-facing PEs (u-PEs) connecting to network-facing PEs (n-PEs) via spoke pseudowires, while n-PEs maintain a core full mesh, thereby reducing the number of pseudowires and sessions. Additionally, integration with (EVPN) enhances VPLS by providing MAC learning and mobility support, where EVPN's sequence-numbered MAC advertisements enable seamless handling of host movements across sites without flooding disruptions.

Layer 3 MPLS VPNs

BGP/MPLS IP VPN Architecture

The BGP/MPLS IP VPN architecture provides a framework for service providers to deliver Layer 3 Virtual Private Networks (VPNs) over an IP/MPLS backbone, enabling secure and scalable connectivity for sites. This design, standardized in RFC 4364, employs a peer model where routers directly exchange routing information with routers at each site, without forming an among CEs. In this model, the PE router acts as the between the customer's network and the provider's core, facilitating routing that preserves the customer's existing addressing and routing protocols while leveraging the provider's MPLS infrastructure for transport. At the core of this architecture are Virtual Routing and Forwarding (VRF) instances maintained on each PE router, with a separate VRF allocated per customer VPN to ensure isolation of routing tables and forwarding paths. Traffic between remote customer sites is transported across the provider's backbone using Multiprotocol Label Switching (MPLS) Label Switched Paths (LSPs), which provide a tunnel mechanism for encapsulating and forwarding VPN packets between PEs without requiring the core routers to maintain customer-specific routing information. Route distribution among PE routers relies on Multiprotocol BGP (MP-BGP), which extends BGP to carry VPN-IPv4 address family routes, allowing the exchange of customer-specific reachability information while maintaining separation from the provider's global routing table. Route learning and advertisement occur in a structured manner to integrate customer networks seamlessly. Each PE router acquires routes from its attached CE routers through mechanisms such as static configuration, OSPF, RIP, or BGP peering, populating the corresponding VRF. These routes are then advertised by the PE to other PEs in the provider's autonomous system via internal BGP (iBGP) sessions, using MP-BGP to propagate VPN-IPv4 routes that include necessary labels for proper forwarding. This process supports the reuse of private IP address spaces across multiple customers, as MPLS labels appended to packets distinguish overlapping prefixes during transit through the shared backbone, preventing conflicts and enabling efficient multiplexing of VPN traffic.

Route Distinguishers and Target Communities

In Layer 3 MPLS VPNs, the (RD) is an 8-byte value prepended to a customer's IPv4 to form a unique VPN-IPv4 address, ensuring that identical addresses from different VPNs can be distinguished within the provider's BGP routing tables. This mechanism prevents route overlaps across multiple VPNs by creating globally unique identifiers for routes learned from customer edge (CE) devices. The RD consists of a 2-byte Type field followed by an subfield and an Assigned Number subfield, with defined types including Type 0 (a 2-byte Autonomous System Number followed by a 4-byte number), Type 1 (a 4-byte followed by a 2-byte number), and Type 2 (a 4-byte Autonomous System Number followed by a 2-byte number). The VPN-IPv4 address family, used in Multi-Protocol BGP (MP-BGP) updates, encodes the 8-byte concatenated with the 4-byte IPv4 prefix, resulting in a 12-byte address that BGP speakers advertise and process to support per-VPN . This address family, identified by Address Family Identifier () 1 and Subsequent Address Family Identifier (SAFI) 128 for labeled VPN-IPv4 addresses, allows provider edge () routers to maintain separate (VRF) tables for each VPN while sharing a common backbone. Route Targets (RTs) complement RDs by providing a mechanism for selective route distribution, encoded as 8-byte BGP Extended Communities that are attached to VPN-IPv4 routes during export from a PE router's VRF. Each VRF is configured with one or more RTs that define membership in a VPN, enabling PEs to apply import and export policies: when a PE exports a route, it adds RTs based on the originating VRF's configuration, and remote PEs import the route into their VRFs only if the RT matches one of the importing VRF's configured RTs. This policy-based filtering prevents unintended route leaks between VPNs, ensuring isolation while allowing controlled sharing for features like extranet connectivity. RTs follow a similar structure to RDs but are carried in the BGP path attributes of UPDATE messages to influence distribution across the provider's MP-BGP full mesh.

References

  1. [1]
    RFC 4364 - BGP/MPLS IP Virtual Private Networks (VPNs)
    This document describes a method by which a Service Provider may use an IP backbone to provide IP Virtual Private Networks (VPNs) for its customers.
  2. [2]
    Introduction to Cisco MPLS VPN Technology
    Aug 3, 2007 · MPLS VPNs, created in Layer 3, provide privacy and security by constraining the distribution of a VPN's routes only to the routers that belong ...
  3. [3]
    RFC 4364 - BGP/MPLS IP Virtual Private Networks (VPNs)
    RFC 4364 describes how a service provider uses an IP backbone to provide IP VPNs for customers using a peer model and BGP/MPLS.
  4. [4]
    RFC 2917: A Core MPLS IP VPN Architecture
    Abstract This memo presents an approach for building core Virtual Private Network (VPN) services in a service provider's MPLS backbone.
  5. [5]
    MPLS: Layer 3 VPNs Configuration Guide, Cisco IOS Release 15M&T
    Jul 23, 2014 · MPLS VPNs are Layer 3, IP-based networks using a peer model, where the provider relays data, and are easier to manage than conventional VPNs.
  6. [6]
    MPLS: A solution that found a big customer problem - The Register
    Mar 2, 2022 · The time we came up with a solution – and found a big customer problem. A fascinating firsthand retelling of the technical history of MPLS.
  7. [7]
    RFC 2547 - BGP/MPLS VPNs - IETF Datatracker
    Mar 2, 2013 · This document describes a method by which a Service Provider with an IP backbone may provide VPNs (Virtual Private Networks) for its customers.Missing: milestones | Show results with:milestones
  8. [8]
    VPRN service - Nokia Documentation Center
    Jul 17, 2025 · This chapter provides information about the VPRN service and implementation. RFC 2547b is an extension to the original RFC 2547, BGP/MPLS ...Missing: history | Show results with:history
  9. [9]
    What Is the Difference Between SD-WAN and MPLS? - Cisco
    Enterprises are moving from MPLS to support transition to a multicloud environment for predictable user experience and to reduce bandwidth costs.
  10. [10]
    https://www.cisco.com/site/us/en/learn/topics/networking/what-is-the-difference-between-sd-wan-and-mpls.html
  11. [11]
    RFC 3031 - Multiprotocol Label Switching Architecture
    This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements.
  12. [12]
    RFC 5036: LDP Specification
    Summary of each segment:
  13. [13]
    RFC 3209 - RSVP-TE: Extensions to RSVP for LSP Tunnels
    This document describes the use of RSVP (Resource Reservation Protocol), including all the necessary extensions, to establish label-switched paths (LSPs) in ...
  14. [14]
    RFC 3107 - Carrying Label Information in BGP-4 - IETF Datatracker
    This document specifies the way in which the label mapping information for a particular route is piggybacked in the same Border Gateway Protocol (BGP) Update ...
  15. [15]
    RFC 3813 - Multiprotocol Label Switching (MPLS ... - IETF Datatracker
    This memo defines an portion of the Management Information Base (MIB) for use with network management protocols in the Internet community.
  16. [16]
    RFC 3032 - MPLS Label Stack Encoding - IETF Datatracker
    This document specifies the encoding to be used by an LSR in order to transmit labeled packets on Point-to-Point Protocol (PPP) data links, on LAN data links, ...
  17. [17]
    RFC 4448 - Encapsulation Methods for Transport of Ethernet over ...
    RFC 4448 specifies using an Ethernet pseudowire to carry Ethernet PDUs over MPLS, enabling emulated Ethernet services.
  18. [18]
    RFC 3985 - Pseudo Wire Emulation Edge-to-Edge (PWE3 ...
    This document describes an architecture for Pseudo Wire Emulation Edge-to-Edge (PWE3). It discusses the emulation of services such as Frame Relay, ATM, ...
  19. [19]
    RFC 4447 - Pseudowire Setup and Maintenance Using the Label ...
    This document specifies a protocol for establishing and maintaining the pseudowires, using extensions to Label Distribution Protocol (LDP).
  20. [20]
    RFC 6074 - Provisioning, Auto-Discovery, and Signaling in Layer 2 ...
    ... BGP can be used to discover the information necessary to build VPWS instances. When BGP-based auto-discovery is used for VPWS, the AFI/SAFI will be: o An ...
  21. [21]
    RFC 4385 - Pseudowire Emulation Edge-to-Edge (PWE3) Control ...
    This document specifies how the PW control word is used to distinguish a PW payload from an IP payload carried over an MPLS PSN.
  22. [22]
    RFC 4761 - Virtual Private LAN Service (VPLS) - IETF Datatracker
    This document describes the functions required to offer VPLS, a mechanism for signaling a VPLS, and rules for forwarding VPLS frames across a packet switched ...
  23. [23]
    RFC 4762: Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling
    ### Summary of RFC 4762: VPLS Using LDP Signaling
  24. [24]
    https://datatracker.ietf.org/doc/html/rfc4553
  25. [25]
    https://datatracker.ietf.org/doc/html/rfc4761
  26. [26]
    https://datatracker.ietf.org/doc/html/rfc4762
  27. [27]
    https://datatracker.ietf.org/doc/html/rfc4761#section-2.2
  28. [28]
    https://datatracker.ietf.org/doc/html/rfc4762#section-10
  29. [29]
    https://datatracker.ietf.org/doc/html/rfc4761#section-4.2.1
  30. [30]
    RFC 8560 - Seamless Integration of Ethernet VPN (EVPN) with ...
    This document specifies mechanisms for backward compatibility of Ethernet VPN (EVPN) and Provider Backbone Bridge Ethernet VPN (PBB-EVPN) solutions with ...
  31. [31]
    https://datatracker.ietf.org/doc/html/rfc4761#section-4.2.5
  32. [32]
    https://datatracker.ietf.org/doc/html/rfc4761#section-3.1
  33. [33]
    https://datatracker.ietf.org/doc/html/rfc8560
  34. [34]
    https://datatracker.ietf.org/doc/html/rfc4364#section-4.1