PLANET XGS3-24042 User Manual

81-31

Figure 81-4 Basic VPN Networking Resolution

In the above figure, the VPN Target distributed by PE for VPN1 is 100:1; and that for VPN2 is 200:1. The sites

of VPN1 can intercommunicate with each other, so do the two of VPN2. But the intercommunication between

sites in VPN1 and those in VPN2 arise forbidden.

Hub&Spoke VPN

To use a central access control device in VPN to control the intercommunication of other users, Hub&Spoke

networking resolution is a good choice, so that the central device can monitor and filter the

intercommunication between the devices at two ends.

Two VPN target is needed in this networking, one for “Hub”, the other for “Spoke”.

All sites should follow the following rules to configure VPN Target for VPN instances on PE:



Spoke-PE: Export Target is “Spoke”, Import Target is “Hub”



Hub-PE: two interfaces or sub-interfaces are needed, one for receiving routes from Spoke-PE, the

Import Target of whose VPN instance is “Spoke”; the other for advertising routes to Spoke-PE, the

Export Target of whose VPN instance is “Hub”.

site4

site2

VPN1

site3

CE

VPN2

CE

PE

VPN2

CE

VPN1

site1

CE

PE

P

VPN1:

Import: 1:1

Export: 1:1

VPN2:

Import: 2:1

Export: 2:1

VPN1:

Import: 1:1

Export: 1:1

VPN2:

Import: 2:1

Export: 2:1