HP 10500 Series Configuration Manual page 94

A site is a group of IP systems with IP connectivity that does not rely on any service provider network.
•
• The classification of a site depends on the topology relationship of the devices, rather than the
geographical positions, though the devices at a site are, in most cases, adjacent to each other
geographically.
The devices at a site can belong to multiple VPNs, which means that a site can belong to multiple
•
VPNs.
A site is connected to a provider network through one or more CEs. A site can contain multiple CEs,
•
but a CE can belong to only one site.
Sites connected to the same provider network can be classified into different sets by policies. Only the
sites in the same set can access each other through the provider network. Such a set is called a VPN.
VPN instance
VPN instances, also called virtual routing and forwarding (VRF) instances, implement route isolation,
data independence, and data security for VPNs.
A VPN instance has the following components:
• A separate Label Forwarding Information Base (LFIB).
An IP routing table.
•
Interfaces bound to the VPN instance.
•
• VPN instance administration information, including route distinguishers (RDs), route targets (RTs),
and route filtering policies.
To associate a site with a VPN instance, bind the VPN instance to the PE's interface connected to the site.
A site can be associated with only one VPN instance, and different sites can associate with the same
VPN instance. A VPN instance contains the VPN membership and routing rules of associated sites.
Address space overlapping
Each VPN independently manages its address space.
The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses on
subnet 10.1 10.10.0/24, address space overlapping occurs.
VPN-IPv4 address
BGP cannot process overlapping VPN address spaces. For example, if both VPN 1 and VPN 2 use the
subnet 10.1 10.10.0/24 and each advertise a route destined for the subnet, BGP selects only one of them,
resulting in the loss of the other route.
Multiprotocol BGP (MP-BGP) can solve this problem by advertising VPN-IPv4 prefixes.
Figure 27 VPN-IPv4 address structure
2 bytes
Type
As shown in
followed by a four-byte IPv4 prefix. The RD and the IPv4 prefix form a unique VPN-IPv4 prefix.
An RD can be in one of the following formats:
Route Distinguisher (8 bytes)
6 bytes
Administrator subfield Assigned number subfield
Figure 27, a VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD,
IPv4 address prefix
88
4 bytes