Implementation of hovpn – H3C Technologies H3C SR8800 User Manual
Page 249
238
As in the typical hierarchical network model, HoVPN has different requirements on the devices at
different layers of the hierarchy.
Implementation of HoVPN
Figure 68 Basic architecture of HoVPN
As shown in
, devices directly connected to CEs are called underlayer PEs (UPEs) or user-end
PEs, whereas devices that are connected with UPEs and are in the internal network are called
superstratum PEs (SPE) or service provider-end PEs.
The hierarchical PE consists of multiple UPEs and SPEs, which function together as a traditional PE.
NOTE:
With the HoVPN solution, PE functions are implemented hierarchically. Hence, the solution is also called
hierarchy of PE (HoPE).
UPEs and SPEs play different roles:
•
A UPE allows user access. It maintains the routes of the VPN sites that are directly connected with
it, It does not maintain the routes of the remote sites in the VPN, or only maintains their summary
routes. A UPE assigns inner labels to the routes of its directly connected sites, and advertises the
labels to the SPE along with VPN routes through MP-BGP.
•
An SPE manages and advertises VPN routes. It maintains all the routes of the VPNs connected
through UPEs, including the routes of both the local and remote sites. An SPE advertises routes
along with labels to UPEs, including the default routes of VPN instances or summary routes and the
routes permitted by the routing policy. By using routing policies, you can control which nodes in a
VPN can communicate with each other.
Different roles mean different requirements:
•
An SPE is required to have large-capacity routing table, high forwarding performance, and fewer
interface resources.
•
A UPE is required to have small-capacity routing table, low forwarding performance, but higher
access capability.
HoVPN takes full use of both the high performance of SPEs and the high access capability of UPEs.