HP 6125G HP 6125G & 6125G/XG Blade Switches Layer 3 - IP Routing Confi - Page 280
Multi-VPN-instance CE, How MCE works
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 280 highlights
• Export target attribute: A local PE sets this type of route target attribute for VPN-IPv4 routes learned from directly connected sites before advertising them to other PEs. • Import target attribute: A PE checks the export target attribute of VPN-IPv4 routes advertised by other PEs. If the export target attribute matches the import target attribute of the VPN instance, the PE adds the routes to the VPN routing table. In other words, route target attributes define which sites can receive VPN-IPv4 routes, and from which sites that a PE can receive routes. Similar to RDs, route target attributes can be of the following formats: • 16-bit AS number:32-bit user-defined number. For example, 100:1. • 32-bit IPv4 address:16-bit user-defined number. For example, 172.1.1.1:1. • 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1. Multi-VPN-instance CE Using tunnels, MPLS L3VPN implements private network data transmission over the public network. However, the traditional MPLS L3VPN architecture requires each VPN instance exclusively use a CE to connect with a PE, as shown in Figure 85. For better services and higher security, a private network is usually divided into multiple VPNs to isolate services. To meet these requirements, you can configure a CE for each VPN, which increases users' device expenses and maintenance costs. Or, you can configure multiple VPNs to use the same CE and the same routing table, which sacrifices data security. Using the Multi-VPN-Instance CE (MCE) function of the switch, you can remove the contradiction of low cost and high security in multi-VPN networks. With MCE configured, a CE can bind each VPN in a network with a VLAN interface on the CE, and create and maintain a separate routing table (multi-VRF) for each VPN. This separates the forwarding paths of packets of different VPNs and, in conjunction with the PE, can correctly advertise the routes of each VPN to the peer PE, ensuring the normal transmission of VPN packets over the public network. How MCE works Figure 87 shows how an MCE maintains the routing entries of multiple VPNs and how an MCE exchanges VPN routes with PEs. 270