HP Intelligent Management Center Licenses User Manual
Page 35
The classification of CEs and PEs mainly depends on the range for the management of the provider
and the customers, and CEs and PEs mark the boundary between them. The following are the basic
concepts of BGP/MPLS VPN:
•
Site
Site is often mentioned in the VPN. Its meanings are described as follows:
1.
A site is a group of IP systems with IP connectivity being implemented without relying on any
service provider network.
2.
The classification of a site depends on the topology relationship of the devices, rather than
the geographical positions, though the devices at a site are adjacent to each other
geographically in most cases.
3.
The devices at a site can belong to multiple VPNs. In other words, a site can belong to multiple
VPNs.
4.
A site is connected to a provider network through one or more CEs. A site can contain many
CEs, but a CE can belong to only one site.
•
Sites connected to the same provider network can be classified into different sets by policies.
Only the sites in the same set can access each other through the provider network. Such a set
is called a VPN.
Address space overlapping
•
Each VPN independently manages the addresses that it uses. The assembly of such addresses
for a VPN is called an address space. The address spaces of VPNs may overlap. For example,
if both VPN 1 and VPN 2 use the addresses on network segment 10.110.10.0/24, address
space overlapping occurs.
VPN instance
•
In MPLS VPN, routes of different VPNs are identified by VPN instance. A PE creates and
maintains a separate VPN instance for each VPN at a directly connected site. Each VPN
instance contains the VPN membership and routing rules of the corresponding site. If a user
at a site belongs to multiple VPNs at the same time, the VPN instance of the site contains
information about all the VPNs. For independency and security of VPN data, each VPN
instance on a PE maintains a relatively independent routing table and a separate label
forwarding information base (LFIB). VPN instance information contains these items: the LFIB,
IP routing table, interfaces bound to the VPN instance, and administration information of the
VPN instance. The administration information of the VPN instance includes the route
distinguisher (RD), route filtering policy, and member interface list.
VPN-IPv4 address
•
Traditional BGP cannot process VPN routes which have overlapping address spaces. If, for
example, both VPN 1 and VPN 2 use addresses on the segment 10.110.10.0/24 and each
advertise a route to the segment, BGP selects only one of them, which results in loss of the
other route. PEs use MP-BGP to advertise VPN routes, and use VPN-IPv4 address family to
solve the problem with traditional BGP.
A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by
a 4-byte IPv4 address prefix, as shown in the following figure:
When a PE receives an ordinary IPv4 route from a CE, it must advertise the VPN route to the peer
PE. The uniqueness of a VPN route is implemented by adding an RD to the route.
MPLS Overview
35