Extranet networking scheme – H3C Technologies H3C SecPath F1000-E User Manual
Page 68
5
Figure 3 Network diagram for hub and spoke networking scheme
In
, the spoke sites communicate with each other through the hub site. The arrows in the figure
indicate the advertising path of routes from Site 2 to Site 1:
•
The hub PE can receive all the VPN-IPv4 routes advertised by spoke PEs.
•
All spoke PEs can receive the VPN-IPv4 routes advertised by the hub PE.
•
The hub PE advertises the routes learnt from a spoke PE to the other spoke PEs. Thus, the spoke sites
can communicate with each other through the hub site.
•
The import target attribute of any spoke PE is distinct from the export VPN targets of the other spoke
PEs. Therefore, any two spoke PEs can neither directly advertise VPN-IPv4 routes to each other nor
directly access each other.
Extranet networking scheme
The extranet networking scheme can be used when some resources in a VPN are to be accessed by users
that are not in the VPN.
In this kind of networking scheme, if a VPN needs to access a shared site, the export target attribute and
the import target attribute of the VPN must be contained respectively in the import target attribute and the
export target attribute of the VPN instance of the shared site.