Mpls l3vpn networking schemes, Basic vpn networking scheme, Hub and spoke networking scheme – H3C Technologies H3C S12500-X Series Switches User Manual

Page 115: Crlsp setup procedure

Advertising
background image

104

MPLS L3VPN networking schemes

In MPLS L3VPNs, route target attributes are used to control the advertisement and reception of VPN

routes between sites. They work independently and can be configured with multiple values to support

flexible VPN access control and implement multiple types of VPN networking schemes.

Basic VPN networking scheme

In the simplest case, all users in a VPN form a closed user group. They can forward traffic to each other

but cannot communicate with any user outside the VPN.
For the basic VPN networking scheme, you must assign a route target to each VPN for identifying the

export target attribute and import target attribute of the VPN. Moreover, this route target cannot be used
by any other VPNs.

Figure 32 Network diagram for basic VPN networking scheme

In

Figure 32

, the route target for VPN 1 is 100:1, while that for VPN 2 is 200:1. The two VPN 1 sites can

communicate with each other, and the two VPN 2 sites can communicate with each other. However, the

VPN 1 sites cannot communicate with the VPN 2 sites.

Hub and spoke networking scheme

The hub and spoke networking scheme is suitable for a VPN where all users must communicate with each

other through an access control device.
In a hub and spoke network as shown in

Figure 33

, configure route targets as follows:

On spoke PEs (PEs connected to spoke sites), set the export target to Spoke and the import target to
Hub.

On the hub PE (PE connected to the hub site), use two interfaces that each belong to a different VPN
instance to connect the hub CE. One VPN instance receives routes from spoke PEs and has the
import target set to Spoke, and the other VPN instance advertises routes to spoke PEs and has the

export target set to Hub.

These route targets rules produce the following results:

The hub PE can receive all VPN-IPv4 routes from spoke PEs.

CE

CE

CE

CE

PE

PE

P

Site 2

Site 1

Site 3

Site 4

VPN 1

VPN 1

VPN 2

VPN 2

VPN 1:
Import: 100:1
Export: 100:1

VPN 2:
Import: 200:1
Export: 200:1

VPN 2:
Import: 200:1
Export: 200:1

VPN 1:
Import: 100:1
Export: 100:1

Advertising
This manual is related to the following products:

H3C S5560 Series Switches, H3C S9800 Series Switches, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000, H3C S6800 Series Switches, H3C S5800 Series Switches, H3C S5820X Series Switches, H3C S5830V2 Series Switches

Popular Brands
Popular manuals