Extranet networking scheme – H3C Technologies H3C S7500E Series Switches User Manual
Page 232
6-7
This networking scheme requires two VPN targets: one for the "hub" and the other for the "spoke".
The VPN target setting rules for VPN instances of all sites on PEs are as follows:
z
On spoke PEs (that is, the PEs connected with spoke sites), set the export target attribute to
Spoke and the import target attribute to Hub.
z
On the hub PE (that is, the PE connected to the hub site), specify two interfaces or sub-interfaces,
one for receiving routes from spoke PEs, and the other for advertising routes to spoke PEs. Set
the import target attribute of the VPN instance for the former to Spoke, and the export target
attribute of the VPN instance for the latter to Hub.
Figure 6-5
Network diagram for hub and spoke networking scheme
In
, the spoke sites communicate with each other through the hub site. The arrows in the
figure indicate the advertising path of routes from Site 2 to Site 1:
z
The hub PE can receive all the VPN-IPv4 routes advertised by spoke PEs.
z
All spoke PEs can receive the VPN-IPv4 routes advertised by the hub PE.
z
The hub PE advertises the routes learnt from a spoke PE to the other spoke PEs. Thus, the spoke
sites can communicate with each other through the hub site.
z
The import target attribute of any spoke PE is distinct from the export VPN targets of the other
spoke PEs. Therefore, any two spoke PEs can neither directly advertise VPN-IPv4 routes to each
other nor directly access each other.
Extranet networking scheme
The extranet networking scheme can be used when some resources in a VPN are to be accessed by
users that are not in the VPN.
In this kind of networking scheme, if a VPN needs to access a shared site, the export target attribute
and the import target attribute of the VPN must be contained respectively in the import target attribute
and the export target attribute of the VPN instance of the shared site.