beautypg.com

Configuring hovpn, Configuring mpls l3vpn, Overview – H3C Technologies H3C S12500-X Series Switches User Manual

Page 143

background image

132

To build a nested VPN network, perform the following configurations:

Configurations between customer PE and customer CE—Configure VPN instances on the customer
PE and configure route exchange between customer PE and customer CE.

Configurations between customer PE and provider CE—Configure BGP VPNv4 route exchange

between them.

Configurations between provider CE and provider PE—Configure VPN instances and enable
nested VPN on the provider PE and configure BGP VPNv4 route exchange between the provider CE

and provider PE. To make sure the provider CE can receive all VPNv4 routes, configure the undo

policy vpn-target command on the provider CE to not filter VPNv4 routes by RTs.

Configurations between provider PEs—Configure BGP VPNv4 route exchange between them.

Nested VPN allows a customer PE to directly exchange VPNv4 routes with a provider PE, without

needing to deploy a provider CE. In this case, the customer PE also acts as the provider CE. Therefore,
you must configure provider CE settings on it.
Configurations on the customer CE, customer PE, and provider CE are similar to basic MPLS L3VPN

configurations. This task describes the configurations on the provider PE.
When you configure nested VPN, follow these guidelines:

The address spaces of sub-VPNs of a VPN cannot overlap.

Do not assign nested VPN peers addresses that public network peers use.

Nested VPN does not support multi-hop EBGP. A provider PE and a provider CE must use the
addresses of the directly connected interfaces to establish a neighbor relationship.

To configure nested VPN:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter BGP view.

bgp as-number N/A

3.

Enter BGP-VPN VPNv4
address family view.

address-family vpnv4

N/A

4.

Enable nested VPN.

nesting-vpn

By default, nested VPN is disabled.

5.

Return to BGP view.

quit

N/A

6.

Enter BGP-VPN instance view. ip vpn-instance vpn-instance-name N/A

7.

Specify the peer CE or the
peer group of the peer CE.

peer { group-name |
peer-address } as-number

as-number

By default, no peer is specified.

8.

Enter BGP-VPN VPNv4
address family view.

address-family vpnv4

N/A

9.

Enable BGP VPNv4 route

exchange with the peer CE or
the peer group of the peer CE.

peer { group-name |
peer-address } enable

By default, BGP does not exchange
VPNv4 routes with any peer.

Configuring HoVPN

HoVPN is suited to build hierarchical VPNs, reducing performance requirements for PEs.
Before you configure HoVPN, complete basic MPLS L3VPN settings on UPE and SPE.