Extranet networking scheme, Inter-as vpn – H3C Technologies H3C S6800 Series Switches User Manual

167

After spoke sites exchange routes through the hub site, they can communicate with each other through

the hub site.

Extranet networking scheme

The extranet networking scheme allows specific resources in a VPN to be accessed by users not in the

VPN.
In this networking scheme, if a VPN instance needs to access a shared site, the export target attribute

and the import target attribute of the VPN instance must be contained in the import target attribute and
the export target attribute of the VPN instance of the shared site, respectively.

Figure 45 Network diagram for extranet networking scheme

As shown in

Figure 45

, route targets configured on PEs produce the following results:

•

PE 3 can receive VPN-IPv4 routes from PE 1 and PE 2.

•

PE 1 and PE 2 can receive VPN-IPv4 routes advertised by PE 3.

•

Site 1 and Site 3 of VPN 1 can communicate with each other, and Site 2 of VPN 2 and Site 3 of
VPN 1 can communicate with each other.

•

PE 3 advertises neither the VPN-IPv4 routes received from PE 1 to PE 2 nor the VPN-IPv4 routes
received from PE 2 to PE 1 (routes learned from an IBGP neighbor are not advertised to any other

IBGP neighbor). Therefore, Site 1 of VPN 1 and Site 2 of VPN 2 cannot communicate with each

other.

Inter-AS VPN

In an inter-AS VPN networking scenario, multiple sites of a VPN are connected to multiple ISPs in different
ASs, or to multiple ASs of an ISP.
The following inter-AS VPN solutions are available:

•

VRF-to-VRF connections between ASBRs—This solution is also called inter-AS option A.

•

EBGP redistribution of labeled VPN-IPv4 routes between ASBRs—ASBRs advertise VPN-IPv4 routes
to each other through MP-EBGP. This solution is also called inter-AS option B.

文件中找不到关系

ID 为 rId67 的图像部件。