Configuring Nested Vpn - HP HSR6800 Configuration Manual

0.00% packet loss
round-trip min/avg/max = 60/87/127 ms
CE 3 and CE 4 can ping each other:
[CE3] ping 120.1.1.1
PING 120.1.1.1: 56
Reply from 120.1.1.1: bytes=56 Sequence=1 ttl=252 time=102 ms
Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=252 time=69 ms
Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms
Reply from 120.1.1.1: bytes=56 Sequence=4 ttl=252 time=88 ms
Reply from 120.1.1.1: bytes=56 Sequence=5 ttl=252 time=87 ms
--- 120.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 69/90/105 ms

Configuring nested VPN

Network requirements
The service provider provides nested VPN services for users, as shown in
•
PE 1 and PE 2 are PE devices on the service provider backbone. Both of them support the
nested VPN function.
•
CE 1 and CE 2 are connected to the service provider backbone. Both of them support VPNv4
routes.
•
PE 3 and PE 4 are PE devices of the customer VPN. Both of them support MPLS L3VPN.
•
CE 3 through CE 6 are CE devices of sub-VPNs for the customer VPN.
The key of nested VPN configuration is to understand the processing of routes of sub-VPNs on the
service provider PEs, which is described as follows:
•
When receiving a VPNv4 route from a CE (CE 1 or CE 2 in this example), a service provider PE
replaces the RD of the VPNv4 route with the RD of the MPLS VPN on the service provider
network where the CE resides, adds the export target attribute of the MPLS VPN on the service
provider network to the extended community attribute list, and then forwards the VPNv4 route
as usual.
•
To implement exchange of sub-VPN routes between customer PEs and service provider PEs,
MP-EBGP peers must be established between service provider PEs and customer CEs.
data bytes, press CTRL_C to break
344
Figure 94.