Multi-role host, Hovpn, Why hovpn – H3C Technologies H3C SR8800 User Manual

237

Nested VPN is flexible and easy to implement and can reduce the cost because a customer only needs

to pay for one MPLS VPN to have multiple internal VPNs connected. Nested VPN provides diversified
VPN networking methods for a customer, and allows for multi-level hierarchical access control over the

internal VPNs.

Multi-role host

The VPN attributes of the packets forwarded from a CE to a PE depend on the VPN instance bound to the

inbound interface. Therefore, all CEs whose packets are forwarded through the same inbound interface

of a PE must belong to the same VPN.
In a real networking environment, however, a CE may need to access multiple VPNs through a single
physical interface. In this case, you can set multiple logical interfaces to satisfy the requirement. But this

needs extra configurations and brings limitations to the application.
Using multi-role host, you can configure policy routing on the PE to allow packets from the CE to access

multiple VPNs.
To allow information from other VPNs to reach the CE from the PE, you must configure static routes on

other VPNs that take the interface connected to the CE as the next hop.

NOTE:

All IP addresses associated with the PE must be unique to implement the multi-role host feature.

In practice, H3C recommends centralizing the addresses of each VPN to improve the forwarding

efficiency.

HoVPN

Why HoVPN?

In MPLS L3VPN solutions, PEs are the key devices. They provide the following functions:

•

User access. This means that the PEs must have a large amount of interfaces.

•

VPN route managing and advertising, and user packet processing. These require that a PE must
have a large-capacity memory and high forwarding capability.

Most of the current network schemes use the typical hierarchical architecture. For example, the MAN

architecture contains typically three layers, namely, the core layer, distribution layer, and access layer.
From the core layer to the access layer, the performance requirements on the devices decrease while the

network expands.
MPLS L3VPN, on the contrary, is a plane model where performance requirements are the same for all PEs.

If a certain PE has limited performance or scalability, the performance or scalability of the whole network
is influenced.
Due to the specified difference, you are faced with the scalability problem when deploying PEs at any of

the three layers. Therefore, the plane model is not applicable to the large-scale VPN deployment.
To solve the scalability problem of the plane model, MPLS L3VPN must transition to the hierarchical
model.
In MPLS L3VPN, hierarchy of VPN (HoVPN) was proposed to meet that requirement. With HoVPN, the PE

functions can be distributed among multiple PEs, which take different roles for the same functions and

form a hierarchical architecture.