Mpls L3Vpn Concepts - HP HSR6800 Configuration Manual
Hide thumbs
Also See for HSR6800:
- Command reference manual (170 pages) ,
- Installation manual (146 pages) ,
- Configuration manual (95 pages)
Table of Contents
Advertisement
When VPN traffic travels over the MPLS backbone, the ingress PE functions as the ingress Label
Switching Router (LSR), the egress PE functions as the egress LSR, and P routers function as the
transit LSRs.
MPLS L3VPN concepts
Site
A site has the following features:
•
A site is a group of IP systems with IP connectivity that does not rely on any service provider
network.
•
The classification of a site depends on the topology relationship of the devices, rather than the
geographical positions, though the devices at a site are, in most cases, adjacent to each other
geographically.
•
The devices at a site can belong to multiple VPNs, which means that a site can belong to
multiple VPNs.
•
A site is connected to a provider network through one or more CEs. A site can contain many
CEs, but a CE can belong to only one site.
Sites connected to the same provider network can be classified into different sets by policies. Only
the sites in the same set can access each other through the provider network. Such a set is called a
VPN.
Address space overlapping
Each VPN independently manages its address space.
The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses
on subnet 10.110.10.0/24, address space overlapping occurs.
VPN instance
In MPLS VPN, routes of different VPNs are identified by VPN instances.
A PE creates and maintains a separate VPN instance for each directly connected site. Each VPN
instance contains the VPN membership and routing rules of the corresponding site. If a user at a site
belongs to multiple VPNs at the same time, the VPN instance of the site contains information about
all the VPNs.
For independence and security of VPN data, each VPN instance on a PE maintains a routing table
and a label forwarding information base (LFIB). VPN instance information contains the following
items: the LFIB, IP routing table, interfaces bound to the VPN instance, and administration
information for the VPN instance. The administration information for a VPN instance includes the
route distinguisher (RD), route filtering policy, and member interface list.
VPN-IPv4 address
Traditional BGP cannot process VPN routes which have overlapping address spaces. If, for example,
both VPN 1 and VPN 2 use the subnet 10.110.10.0/24 and each advertise a route to the subnet, BGP
selects only one of them, resulting in the loss of the other route.
To solve this problem, PEs use Multiprotocol BGP (MP-BGP) in VPN-IPv4 address family mode to
advertise VPN routes.
A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a
four-byte IPv4 address prefix.
238
Advertisement
Table of Contents
Troubleshooting
