Address space overlapping, Vpn instance, Vpn-ipv4 address – H3C Technologies H3C S7500E Series Switches User Manual

6-3

z

The classification of a site depends on the topology relationship of the devices, rather than the
geographical positions, though the devices at a site are adjacent to each other geographically in
most cases.

z

The devices at a site can belong to multiple VPNs.

z

A site is connected to a provider network through one or more CEs. A site can contain many CEs,
but a CE can belong to only one site.

Sites connected to the same provider network can be classified into different sets by policies. Only the
sites in the same set can access each other through the provider network. Such a set is called a VPN.

Address space overlapping

Each VPN independently manages the addresses that it uses. The assembly of such addresses for a
VPN is called an address space.

The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses
on network segment 10.110.10.0/24, address space overlapping occurs.

VPN instance

In MPLS VPN, routes of different VPNs are identified by VPN instance.

A PE creates and maintains a separate VPN instance for each VPN at a directly connected site. Each
VPN instance contains the VPN membership and routing rules of the corresponding site. If a user at a
site belongs to multiple VPNs at the same time, the VPN instance of the site contains information
about all the VPNs.

For independency and security of VPN data, each VPN instance on a PE maintains a relatively
independent routing table and a separate label forwarding information base (LFIB). VPN instance
information contains these items: the LFIB, IP routing table, interfaces bound to the VPN instance, and
administration information of the VPN instance. The administration information of the VPN instance
includes the route distinguisher (RD), route filtering policy, and member interface list.

VPN-IPv4 address

Traditional BGP cannot process VPN routes which have overlapping address spaces. If, for example,
both VPN 1 and VPN 2 use addresses on the segment 10.110.10.0/24 and each advertise a route to
the segment, BGP selects only one of them, which results in loss of the other route.

PEs use MP-BGP to advertise VPN routes, and use VPN-IPv4 address family to solve the problem
with traditional BGP.

A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a 4-byte
IPv4 address prefix, as shown in

Figure 6-2

.

Figure 6-2

VPN-IPv4 address structure

Administor subfield Assigned number subfield

Type

2 bytes

4 bytes

IPv4 address prefix

6 bytes

Route distinguisher (8 bytes)

When a PE receives an ordinary IPv4 route from a CE, it must advertise the VPN route to the peer PE.
The uniqueness of a VPN route is implemented by adding an RD to the route.

A service provider can independently assign RDs provided the assigned RDs are unique. Thus, a PE
can advertise different routes to VPNs even if the VPNs are from different service providers and are
using the same IPv4 address space.