Businesses today are looking to the Internet for wide area network (WAN) solutions that in the recent past they could get only by choosing Frame Relay or T1 dedicated links. To achieve the security that is required for corporate users, virtual private networks (VPNs) can be used to guarantee that traffic is securely tunneled over the Internet.

To solve these scaling problems, a border gateway protocol/multiprotocol label switching (BGP/MPLS) VPN standard is now being adopted to provide Layer 3 VPN solutions using BGP to carry route information over a MPLS core. This Layer 3 MPLS-VPN solution achieves all of the security of the Layer 2 approach, while adding enhanced scalability inherent in the use of Layer 3 routing technology. 

As stated previously, the intermediate routers in the backbone do not need to maintain any information about the VPNs. So how are packets forwarded from one VPN to another? The answer is to use MPLS with a two-level label stack. PE routers insert 32-bit address prefixes into the Internal Gateway Protocol Routing tables of the backbone. By doing this, MPLS at each node in the SP backbone can assign a label to the corresponding route in each PE router. To certify that this is interoperable, LDP (Label Distribution Protocol) is used for setting up the label switched paths across the SP backbone.

A variety of mechanisms can be used for the CE equipment to deliver routing information to the PE router. This includes the use of static routes and BGP. BGP has many advantages for CE to PE communications. The main advantage is that it does not require multiple instances on the PE since it is explicitly designed for this function.