beautypg.com

Mpls l3vpn concepts, Site, Address space overlapping – H3C Technologies H3C S5820V2 Series Switches User Manual

Page 8: Vpn instance, Vpn-ipv4 address

background image

2

After a CE establishes an adjacency with a directly connected PE, it advertises its VPN routes to the PE

and learns remote VPN routes from the PE. A CE and a PE can use BGP, an IGP, or static routing to
exchange routing information.
After a PE learns VPN routing information from a CE, it uses BGP to advertise the VPN routing information

to other PEs. A PE maintains routing information for only directly connected VPNs, rather than all VPNs

on the provider network.
A P router maintains only routes to PEs and does not deal with VPN routing information.
When VPN traffic travels over the MPLS backbone, the ingress PE functions as the ingress Label Switching

Router (LSR), the egress PE functions as the egress LSR, and P routers function as the transit LSRs.

MPLS L3VPN concepts

Site

A site has the following features:

A site is a group of IP systems with IP connectivity that does not rely on any service provider network.

The classification of a site depends on the topology relationship of the devices, rather than the
geographical positions, though the devices at a site are, in most cases, adjacent to each other

geographically.

The devices at a site can belong to multiple VPNs, which means a site can belong to multiple VPNs.

A site is connected to a provider network through one or more CEs. A site can contain many CEs,
but a CE can belong to only one site.

Sites connected to the same provider network can be classified into different sets by policies. Only the

sites in the same set can access each other through the provider network. Such a set is called a VPN.

Address space overlapping

Each VPN independently manages its address space.
The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses on
subnet 10.110.10.0/24, address space overlapping occurs.

VPN instance

In MPLS VPN, routes of different VPNs are identified by VPN instance.
A PE creates and maintains a separate VPN instance for each directly connected site. Each VPN instance

contains the VPN membership and routing rules of the corresponding site. If a user at a site belongs to
multiple VPNs at the same time, the VPN instance of the site contains information about all the VPNs.
For independence and security of VPN data, each VPN instance on a PE maintains a routing table and

a label forwarding information base (LFIB). VPN instance information contains the following items: the

LFIB, IP routing table, interfaces bound to the VPN instance, and administration information of the VPN
instance. The administration information of the VPN instance includes the route distinguisher (RD), route

filtering policy, and member interface list.

VPN-IPv4 address

Traditional BGP cannot process overlapping VPN routes. For example, if both VPN 1 and VPN 2 use the

subnet 10.110.10.0/24 and each advertise a route to the subnet, BGP selects only one of them, resulting
in the loss of the other route.
To solve this problem, PEs use MP-BGP in VPN-IPv4 address family mode to advertise VPN routes.

This manual is related to the following products: