Hovpn, Why hovpn, Implementation of hovpn – H3C Technologies H3C S7500E Series Switches User Manual

6-16

The nested VPN technology simplifies the complexity for a user to access a VPN, reduces the access
cost, supports diversified VPN networking methods, and implements control over the access to
internal VPNs and control over mutual access among multiple levels of VPNs.

HoVPN

Why HoVPN?

1) Hierarchical model and plane model

In MPLS L3VPN solutions, PEs are the key devices. They provide two functions:

z

User access. This means that the PEs must have a large amount of interfaces.

z

VPN route managing and advertising, and user packet processing. These require that a PE must
have a large-capacity memory and high forwarding capability.

Most of the current network schemes use the typical hierarchical architecture. For example, the MAN
architecture contains typically three layers, namely, the core layer, convergence layer, and access
layer. From the core layer to the access layer, the performance requirements on the devices reduce
while the network expands.

MPLS L3VPN, on the contrary, is a plane model where performance requirements are the same for all
PEs. If a certain PE has limited performance or scalability, the performance or scalability of the whole
network is influenced.

Due to the above difference, you are faced with the scalability problem when deploying PEs at any of
the three layers. Therefore, the plane model is not applicable to the large-scale VPN deployment.

2) HoVPN

To solve the scalability problem of the plane model, MPLS L3VPN must transition to the hierarchical
model.

In MPLS L3VPN, hierarchy of VPN (HoVPN) was proposed to meet that requirement. With HoVPN,
the PE functions can be distributed among multiple PEs, which take different roles for the same
functions and form a hierarchical architecture.

As in the typical hierarchical network model, HoVPN has different requirements on the devices at
different layers of the hierarchy.

Implementation of HoVPN

1) Basic architecture of HoVPN