What’s the difference between VPN’s, VRF’s and MPLS
In some business circles i.e. project managers, solutions architects, blue-sky thinkers or the wizards of light bulb moments, your company WAN (Wide Area Network) is sometimes referred to as VRF, MPLS, VPN, VFR’s or ‘that network thing”. So I thought I’d try to explain it all to a variety of audiences.
This is a high-level explanation. You should know that these technologies come in lots of different configurations depending on what needs to be achieved and/or what the service provider is selling. An in-depth explanation of how these technologies work is out of scope. Instead this is a real world business application.
When you hear ‘VPN’ you might automatically think of the words secure or encryption, as that’s what you use when you’re working from home. VPN stands for ‘Virtual Private Network’ which can come and many different forms i.e. with or without encryption.
According to Cisco a VPN is “a network delivering private network services over a public infrastructure”.
“A set of sites that are allowed to communicate with each other privately over the Internet or other public or private networks”
So at it’s simplest form, a VPN is a private environment traversing over another network that you do not own.
From this articles perspective this could mean, for example, that company A has offices in New York, Paris and Peckham. They need them all to be able to talk to each other privately. A service provider (BT, Virgin Media, Vodafone, Verizon etc) can deliver this but over their existing global infrastructure. Company B could buy the same product and the two will be completely unaware of each other. Please note though when I say private, this doesn’t automatically mean secure/encrypted, it just means segregation.
VRFs or “Virtual Routing and Forwarding” is a technology that allows multiple isolated (VPN) routing environments to exist on the same physical infrastructure. That infrastructure could either be the one self-contained within your company, within your service provider (BT, VM, Verizon etc) network or both.
This means that your company can either have segregated network services e.g. data, voice (VoIP), video, wireless that can’t ‘see’ each other, even though they reside within the same company and in turn the same physical infrastructure.
Looking at the diagram, R1 and R2 could either reside in your company or a service provider. The different colours could either be this difference between voice and data or it could be customer X and customer Y.
Provided by Cisco.com
For any of these segregated networks to be able to talk to each other it would need an intermediary device that traditional is a firewall as you can then control what happens but it could also be a simple router.
MPLS or “Multi-protocol Label Switching” is another mechanism or technology then facilitates you been able to have a VPN from point A to point B.
In a network, Routers contain lists of known destinations to IP address e.g. to get to 10.10.10.2 you have to go via 192.168.1.1 as your next hop. They build up a table of these destinations and then swap them in-between each other.
Times this by a million or so and that’s what the Internet looks like. Google “512k crisis”.
To alleviate this and increase performance, these lists of destinations can be somewhat replaced by simple ‘labels’ or numbers. For example, instead of lots of routers all swapping lots of lists that they then have to do memory intensive searches on, it would be replaced by something like 20,23,56,87. Each one of those numbers represent a hop along it’s needed destination.
In relation to this article, this technique can be used in conjunction with VRF’s to provide you with your VPN.
Unlike VRF alone, MPLS needs some high-end kit to run on so typically you only find it within a service providers network.
Hope you find it useful and thanks for reading
If you would like to know more about computer networking, I offer a live, one-on-one, online course here.