beautypg.com

Extranet networking scheme – H3C Technologies H3C SecPath F1000-E User Manual

Page 68

background image

5

Figure 3 Network diagram for hub and spoke networking scheme


In

Figure 3

, the spoke sites communicate with each other through the hub site. The arrows in the figure

indicate the advertising path of routes from Site 2 to Site 1:

The hub PE can receive all the VPN-IPv4 routes advertised by spoke PEs.

All spoke PEs can receive the VPN-IPv4 routes advertised by the hub PE.

The hub PE advertises the routes learnt from a spoke PE to the other spoke PEs. Thus, the spoke sites
can communicate with each other through the hub site.

The import target attribute of any spoke PE is distinct from the export VPN targets of the other spoke
PEs. Therefore, any two spoke PEs can neither directly advertise VPN-IPv4 routes to each other nor

directly access each other.

Extranet networking scheme

The extranet networking scheme can be used when some resources in a VPN are to be accessed by users

that are not in the VPN.
In this kind of networking scheme, if a VPN needs to access a shared site, the export target attribute and

the import target attribute of the VPN must be contained respectively in the import target attribute and the

export target attribute of the VPN instance of the shared site.