Hi,
By default, Junos allocates separate VPN labels per next-hop.
For example , if you have two routes with next-hop 10.10.10.1 and 1 route with next-hop 20.20.20.1 the label allocation at the ingress PE will look like below ( by default - without vrf-table-label)
Route next-hop allocated label
10.0.1.0/24 10.10.10.1 222111
192.168.1.0/24 10.10.10.1 222111
192.168.2.0/24 20.20.20.1 111123
Juniper forwarding mechanism is bit different, when a labeled packet arrives to the PE with the VPN label, the PE will not check the IP header. It will send the packet straight away to the output interface.
This behavior is fine with P2P links, because there will be a single host as next-hop and the routes learnt through different interfaces will have different labels.
But, in multi-access networks, sending the packet through the output interface ( without knowing the Layer2 next-hop information) will not work. Therefore the PE needs to check the IP header first to find out the layer 3 next-hop and then ARP to resolve the Layer 2 address of the next-hop.
Vrf-Table-LAbel (VTL) is a feature which instructs the PE to advertise a single unique VPN label for all routes in the respective routing-instance. This label is bound to a software created logical interface.
with VTL configured
Route next-hop allocated label
10.0.1.0/24 10.10.10.1 16
192.168.1.0/24 10.10.10.1 16
192.168.2.0/24 20.20.20.1 16
All packets come with this label (16) will be handled by this logical interface first, and hence the VPN label will be popped, resulting IP packet will be treated by the regular forwarding mechanism.
ie: Layer 3 lookup , ARP resolution for next-hop, then forwarding through Physical media.
This is the reason for using VTL in routing instance with Multi-access ( Ethernet) interfaces.
I hope this clarifies your query.
Regards,
Moses