L3vpn concepts, Site, Address space overlapping – H3C Technologies H3C SecPath F1000-E User Manual
Page 65
2
Figure 1 Network diagram for L3VPN model
VPN 1
CE
Site 1
VPN 2
CE
CE
CE
Site 3
VPN 2
PE
VPN 1
Site 2
Site 4
PE
PE
P
P
P
P
CEs and PEs mark the boundary between the service providers and the customers.
In this example, CEs are security devices. After a CE establishes adjacency with a directly connected PE,
it advertises its VPN routes to the PE and learns remote VPN routes from the PE. A CE and a PE use
BGP/IGP to exchange routing information. You can also configure static routes between them.
A PE is connected with the service provider network. It uses BGP to exchange VPN routing information
with other PEs.
A P device maintains only routes to PEs. It does not need to know anything about VPN routing
information.
L3VPN Concepts
Site
Site is often mentioned in the VPN. Its meanings are described as follows:
•
A site is a group of IP systems with IP connectivity that does not rely on any service provider network
to implement.
•
The classification of a site depends on the topology relationship of the devices, rather than the
geographical positions, though the devices at a site are adjacent to each other geographically in
most cases.
•
The devices at a site can belong to multiple VPNs.
•
A site is connected to a provider network through one or more CEs. A site can contain many CEs,
but a CE can belong to only one site.
Sites connected to the same provider network can be classified into different sets by policies. Only the
sites in the same set can access each other through the provider network. Such a set is called a VPN.
Address space overlapping
Each VPN independently manages the addresses that it uses. The assembly of such addresses for a VPN
is called an address space.