English
HomeBlogMCE

MCE

Updated on Apr 1, 2024 by
  Howard
78

What is MCE?

MCE stands for Multi-VPN Customer Edge. It is a cost-effective solution that ensures the isolation and security of VPN services. Unlike traditional BGP/MPLS IP VPN technology, which requires a Customer Edge (CE) device to be deployed for each VPN to connect to upper-layer devices, MCE offers a new, economical, and easy-to-manage approach.

MCE-related Concepts

Understanding MCE requires a grasp of fundamental VPN and BGP/MPLS IP VPN concepts, as they form the foundation for MCE implementation.

  • Customer Edges (CEs) are devices situated at the edge of the customer network. They establish direct connections to the service provider network through interfaces. CEs can take the form of routers, switches, or hosts. Typically, CEs operate without awareness of VPNs and do not require MPLS support.

  • Provider Edges (PEs) are devices located at the edge of the service provider network. PEs directly link to CEs. In an MPLS network, all VPN operations occur on PEs. Consequently, PEs have demanding performance requirements.

  • Provider devices (Ps) are core devices within the service provider network. They are not directly connected to CEs. Ps are required to have fundamental MPLS forwarding capabilities but do not need to manage VPN information.

  • A VPN is a virtual private communication network created over the public network of an Internet service provider (ISP) or network service provider (NSP). VPNs possess two primary characteristics: dedicated and virtual. They have the ability to segment an existing IP network into logically isolated networks.

  • A site refers to a collection of IP systems with IP connectivity that can be established without the assistance of any ISP. Sites are categorized based on their topology rather than the geographical locations of devices. Additionally, a site has the ability to be a part of multiple VPNs.

Why is MCE Necessary?

With the increasing sophistication of user services and their growing security demands, there is a need to deploy service isolation on the network. In traditional VPN architecture, one CE is required for each VPN to connect to upper-layer devices. If these VPNs connect to upper-layer devices through the same CE, they will share the same routing and forwarding table, compromising data security. Nevertheless, MCE technology can effectively guarantee data security in a network with multiple VPNs without raising network costs.

How Does MCE Work?

MCE Implementation Principles

For each service that needs to be isolated, an MCE device is configured with a VPN instance, and an independent routing protocol is deployed for each VPN to communicate with the MCE device. MCE extends the functions of Provider Edges (PEs) to Customer Edges (CEs). The interfaces of the MCE device and the peer PE are bound to their corresponding VPN instances. Additionally, the MCE device creates and maintains an independent routing and forwarding table for each VPN. This setup establishes an independent channel for each VPN user, achieving service isolation among these users.

Methods for MCE Device to Exchange Routing Information with Sites

  • Each VPN instance is associated with corresponding static routes on the MCE device, ensuring isolation of static routes for different VPNs even if they use overlapping address spaces.

  • Each VPN instance is linked to a RIP process on the MCE device, enabling the exchange of routes between the MCE device and sites using different RIP processes, thus ensuring VPN route isolation and security.

  • Each VPN instance is linked to an OSPF process on the MCE device to segregate routes of different VPNs.

  • Employing IS-IS to advertise VPN routes between the MCE device and sites follows a similar approach to using OSPF, where each VPN instance is associated with an IS-IS process.

  • When BGP is utilized to advertise VPN routes between the MCE device and sites, a BGP peer is set up for each VPN instance, and the IGP routes of each VPN instance must be incorporated into BGP on the MCE device.

Applications of MCE

MCE Application on a Campus Network

In a campus network, BGP/MPLS IPv6 VPN can be utilized for user isolation. However, the number of users that can be isolated is often limited. If PEs and Ps are still employed, the deployment becomes complex, leading to increased maintenance costs. In such scenarios, MCE can be deployed. MCE is implemented on the access-layer devices within the campus network, enabling these devices to act as MCE devices. They connect to multiple VPNs and carry the VPN routes of users. VPN routes can be directly transmitted to the peer MCE device for route exchange, eliminating the need for the carrier network.

Application of MCE on a Data Center Network

Data center network devices are typically categorized into four layers: egress layer, core layer, aggregation layer, and access layer. The egress layer manages incoming and outgoing traffic within the data center at high speeds. The core layer is responsible for forwarding data traffic from various aggregation layers at high speeds. The aggregation layer provides services such as gateway redundancy, load balancing, and firewall capabilities for servers. The access layer offers high-density network interfaces for data center servers. In a data center network, MCE can be deployed on core switches to reduce the number of required CEs and simplify networking.

Tags

You might be interested in

See profile for undefined.
FS Official
Load Balancing
See profile for undefined.
FS Official
Malware
See profile for undefined.
FS Official
Orthogonal Architecture
News Letter
Videos
FS Same Day Shipping Ensures Your Business Success
01:28
Nov 20, 2023
652
FS Same Day Shipping Ensures Your Business Success
Recent Trend
Cloud-based Networks Grow with Your Business

Cloud-based Networks Grow with Your Business

Anchor Your Hybrid Cloud Networking Strategy

Anchor Your Hybrid Cloud Networking Strategy

Hot Tags
Popular
FS.com About FS FS APP Contact Privacy Terms