beautypg.com

Mpls l3vpn networking schemes, Basic vpn networking scheme, Hub and spoke networking scheme – H3C Technologies H3C S7500E Series Switches User Manual

Page 231

background image

6-6

2) PE 1 searches VPN instance entries based on the inbound interface and destination address of

the packet. Once finding a matching entry, PE 1 labels the packet with both inner and outer labels
and forwards the packet out.

3) The MPLS backbone transmits the packet to PE 2 by outer label. Note that the outer label is

removed from the packet at the penultimate hop.

4) PE 2 searches VPN instance entries according to the inner label and destination address of the

packet to determine the outbound interface and then forwards the packet out the interface to CE
2.

5) CE 2 transmits the packet to the destination by IP forwarding.

MPLS L3VPN Networking Schemes

In MPLS L3VPNs, VPN target attributes are used to control the advertisement and reception of VPN
routes between sites. They work independently and can be configured with multiple values to support
flexible VPN access control and implement multiple types of VPN networking schemes.

Basic VPN networking scheme

In the simplest case, all users in a VPN form a closed user group. They can forward traffic to each
other but cannot communicate with any user outside the VPN.

For this networking scheme, the basic VPN networking scheme, you need to assign a VPN target to
each VPN for identifying the export target attribute and import target attribute of the VPN. Moreover,
this VPN target cannot be used by any other VPNs.

Figure 6-4

Network diagram for basic VPN networking scheme

In

Figure 6-4

, for example, the VPN target for VPN 1 is 100:1 on the PEs, while that for VPN 2 is 200:1.

The two VPN 1 sites can communicate with each other, and the two VPN 2 sites can communicate
with each other. However, the VPN 1 sites cannot communicate with the VPN 2 sites.

Hub and spoke networking scheme

For a VPN where a central access control device is required and all users must communicate with
each other through the access control device, the hub and spoke networking scheme can be used to
implement the monitoring and filtering of user communications.

See also other documents in the category H3C Technologies Routers: