PE (Provider Edge) is the boundary device of the ISP (Internet Service Provider), which include routers, switches or devices that are a combination of both.
The PE device participates in routing and forwarding traffic based on the customer's address range. Data is typically transmitted between PE devices via VPN tunnels created using MPLS (Multi Protocol Layer Switching), IPSec, L2TPv3 or GRE. In this case, CE (Customer Edge) devices do not recognize that they are part of a VPN.
VPN tunnels are terminated at the PE boundary router and are usually configured as permanent.
The CE device is a customer boundary device connected to the PE device.
PE devices in this mode do not distinguish the type of traffic, VPN connections are handled by the CE device that routes and sends user traffic. Tunnels are created between the CE devices based on IPSec or GRE.
The CE devices (VPN gateway) usually have some other features for VPN clients (such as DHCP (Dynamic Host Configuration Protocol), DNS (Domain Name Server)). This solution generally puts higher demands on client authentication, as they connect anytime and anywhere.