Propagation of routing information, Benefits, Configuring rsvp authentication – H3C Technologies H3C S12500-X Series Switches User Manual

Page 123

112

Figure 41 Network diagram for nested VPN

Propagation of routing information

In a nested VPN network, routing information is propagated by using the following process:

A provider PE and its CEs exchange VPNv4 routes, which carry information about customer VPNs.

After receiving a VPNv4 route, a provider PE keeps the customer's internal VPN information, and
appends the customer's MPLS VPN attributes on the service provider network. It replaces the RD of

the VPNv4 route with the RD of the customer's MPLS VPN on the service provider network. It also

adds the export route-target (ERT) attribute of the customer's MPLS VPN on the service provider
network to the extended community attribute list of the route. The internal VPN information for the

customer is maintained on the provider PE.

The provider PE advertises VPNv4 routes carrying the comprehensive VPN information to the other
PEs of the service provider.

After another provider PE receives the VPNv4 routes, it matches the VPNv4 routes to the import
targets of its local VPNs. Each local VPN accepts routes of its own and advertises them to provider

CEs. If a provider CE (such as CE 7 and CE 8 in

Figure 41

) is connected to a provider PE through

an IPv4 connection, the PE advertises IPv4 routes to the CE. If it is a VPNv4 connection (a customer

MPLS VPN network), the PE advertises VPNv4 routes to the CE.

After receiving VPNv4 routes from the provider CE, a customer PE matches those routes to local
import targets. Each customer VPN accepts only its own routes and advertises them to connected

customer CEs (such as CE 3, CE 4, CE 5, and CE 6 in

Figure 41

Benefits

The nested VPN technology provides the following benefits:

•

Support for VPN aggregation. It can aggregate a customer's internal VPNs into one VPN on the
service provider's MPLS VPN network.

•

Support for both symmetric networking and asymmetric networking. Sites of the same VPN can
have the same number or different numbers of internal VPNs.

•

Support for multiple-level nesting of internal VPNs.

Provider PE

CE 3

CE 4

Provider MPLS
VPN backbone

VPN A-1

VPN A-2

CE 7

Provider PE

VPN A-2

CE 8

Customer MPLS

VPN

Customer PE

CE 5

CE 6

VPN A-1

VPN A-2

Customer MPLS

VPN network

Customer PE

CE 1

CE 2

VPN A

This manual is related to the following products:

H3C S5560 Series Switches H3C S9800 Series Switches H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000 H3C S6800 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S5830V2 Series Switches