Configuring is-is between mce and vpn site – H3C Technologies H3C SR8800 User Manual
Page 279
268
By configuring OSPF process-to-VPN instance bindings on a MCE, you allow routes of different VPNs to
be exchanged between the MCE and the sites through different OSPF processes, ensuring the separation
and security of VPN routes.
To configure route exchange through OSPF:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create an OSPF process for a
VPN instance and enter OSPF
view.
ospf [ process-id | router-id
router-id | vpn-instance
vpn-instance-name ] *
Perform this configuration on the
MCE. On a VPN site, create a
normal OSPF process.
3.
Enable the multi-VPN-instance
function of OSPF.
vpn-instance-capability simple
Disabled by default.
4.
Configure the OSPF domain
ID.
domain-id domain-id [ secondary ]
Optional.
0 by default.
Perform this configuration on the
MCE. On a VPN site, perform the
common OSPF configuration.
5.
Redistribute remote site routes
advertised by the PE.
import-route protocol [ process-id
| allow-ibgp ] [ cost cost | type
type | tag tag | route-policy
route-policy-name ] *
By default, no route of any other
protocol is redistributed into OSPF.
6.
Create an OSPF area and
enter OSPF area view.
area area-id
By default, no OSPF area is
created.
7.
Enable OSPF on the interface
attached to the specified
network in the area.
network ip-address wildcard-mask
By default, an interface neither
belongs to any area nor runs
OSPF.
NOTE:
•
An OSPF process that is bound with a VPN instance does not use the public network router ID
configured in system view. Therefore, you need to configure a router ID when starting the OSPF process.
All OSPF processes for the same VPN must be configured with the same OSPF domain ID to ensure
correct route advertisement.
•
An OSPF process can belong to only one VPN instance, but one VPN instance can use multiple OSPF
processes to advertise the VPN routes.
•
After you configure an OSPF process for a VPN instance, you need to enable OSPF. The configuration
procedure is the same as that for a normal OSPF process. For more OSPF configuration information, see
Layer 3—IP Routing Configuration Guide.
Configuring IS-IS between MCE and VPN site
An IS-IS process belongs to the public network or a single VPN instance. If you create an IS-IS process
without binding it to a VPN instance, the process belongs to the public network.
By configuring IS-IS process-to-VPN instance bindings on a MCE, you allow routes of different VPNs to
be exchanged between the MCE and the sites through different IS-IS processes, ensuring the separation
and security of VPN routes.
To configure route exchange through IS-IS: