Configuring nested vpn, Network requirements, Redistributing the loopback interface route – H3C Technologies H3C S12500-X Series Switches User Manual

Page 186

Advertising
background image

175

[PE3] display ip routing-table

Routing Tables: Public

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0

2.2.2.9/32 ISIS 15 10 10.1.1.2 Vlan12

5.5.5.9/32 ISIS 15 84 10.1.1.2 Vlan12

6.6.6.9/32 ISIS 15 84 10.1.1.2 Vlan12

10.1.1.0/24 Direct 0 0 10.1.1.1 Vlan12

10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.2/32 Direct 0 0 10.1.1.2 Vlan12

11.1.1.0/24 ISIS 15 20 10.1.1.2 Vlan12

20.1.1.0/24 ISIS 15 84 10.1.1.2 Vlan12

21.1.1.0/24 ISIS 15 84 10.1.1.2 Vlan12

21.1.1.2/32 ISIS 15 84 10.1.1.2 Vlan12

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

# Execute the display ip routing-table vpn-instance command on PE 3 and PE 4. The output shows that
the routes of the remote VPN customers are present in the VPN routing tables. Take PE 3 as an example:

[PE3] display ip routing-table vpn-instance vpn1

Routing Tables: vpn1

Destinations : 3 Routes : 3

Destination/Mask Proto Pre Cost NextHop Interface

100.1.1.0/24 Direct 0 0 100.1.1.2 Vlan11

100.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

120.1.1.0/24 BGP 255 0 6.6.6.9 NULL0

# PE 3 and PE 4 can ping each other.
# CE 3 and CE 4 can ping each other.

Configuring nested VPN

Network requirements

The service provider provides nested VPN services for users, as shown in

Figure 53

.

PE 1 and PE 2 are PE devices on the service provider backbone. Both of them support the nested
VPN function.

CE 1 and CE 2 are connected to the service provider backbone. Both of them support VPNv4
routes.

PE 3 and PE 4 are PE devices of the customer VPN. Both of them support MPLS L3VPN.

CE 3 through CE 6 are CE devices of the sub-VPNs for the customer VPN.

The key of nested VPN configuration is to understand the processing of routes of sub-VPNs on the service

provider PEs:

When receiving a VPNv4 route from a CE (CE 1 or CE 2 in this example), a service provider PE
replaces the RD of the VPNv4 route with the RD of the MPLS VPN on the service provider network

where the CE resides, adds the export target attribute of the MPLS VPN on the service provider
network to the extended community attribute list, and then forwards the VPNv4 route.

Advertising
This manual is related to the following products:

H3C S5560 Series Switches, H3C S9800 Series Switches, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000, H3C S6800 Series Switches, H3C S5800 Series Switches, H3C S5820X Series Switches, H3C S5830V2 Series Switches

Popular Brands
Popular manuals