Configuring nested vpn, Configuration prerequisites – H3C Technologies H3C SR8800 User Manual

261

Which IPv4 routes are to be assigned with MPLS labels depends on the routing policy. Only routes that

satisfy the criteria are assigned with labels. All the other routes are still common IPv4 routes.
To configure a routing policy for inter-AS option C on an ASBR PE:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter routing policy view.

route-policy policy-name permit
node seq-number

N/A

3.

Configure the device to match

IPv4 routes with labels.

if-match mpls-label

N/A

4.

Configure the device to assign
labels to IPv4 routes.

apply mpls-label

By default, an IPv4 route does not
carry any label.

NOTE:

For information about routing policy configuration, see

Layer 3—IP Routing Configuration Guide.

Configuring nested VPN

For a network with many VPNs, if you want to implement layered management of VPNs and to conceal
the deployment of internal VPNs, nested VPN is a good solution. By using nested VPN, you can

implement layered management of internal VPNs easily with a low cost and simple management

operation.

Configuration prerequisites

Configure the basic MPLS L3VPN capability (see “

Configuring basic MPLS L3VPN

”).

Configuring nested VPN

To configure nested VPN:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter BGP view.

bgp as-number N/A

3.

Enter BGP VPN instance view. ipv4-family vpn-instance

vpn-instance-name

N/A

4.

Configure a CE peer or peer
group.

peer { group-name |
peer-address } as-number number N/A

5.

Return to BGP view.

quit

N/A

6.

Enter BGP-VPNv4 subaddress
family view.

ipv4-family vpnv4

N/A

7.

Enable nested VPN.

nesting-vpn

Disabled by default.