Configuring A Vpn Instance Enabled With The Ipv4 Address Family - Huawei AR1200 series Configuration Manual
Enterprise routers
Hide thumbs
Also See for AR1200 series:
- Configuration manual (342 pages) ,
- User configuration manual (232 pages) ,
- Hardware description (218 pages)
Table of Contents
Advertisement
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
Basic Networking
The AR1200 uses the Multi-protocol Extensions for Border Gateway Protocol (MP-BGP) to
achieve the VPN route exchange between PEs. The static route, Routing Information Protocol
(RIP) multi-instance, Open Shortest Path First (OSPF) multi-instance, Intermediate System-to-
Intermediate System (IS-IS) multi-instance, or external BGP (EBGP) can be used to exchange
routes between a PE and a CE. In addition, by using VPN targets to control the transmission of
VPN routes, the AR1200 can implement multiple VPN networking topologies including
Intranet, Extranet, and Hub and Spoke.
Generally, LSPs tunnels are used on the VPN backbone network. In some cases where PEs
support MPLS functions but P routers support only IP functions, GRE tunnels can be used.
Typical Networking
The AR1200 supports the following typical VPN networking scheme:
l
l
l
l
Reliability
To improve the reliability of a VPN, the following networking modes are generally adopted.
l
l
3.3 Configuring a VPN Instance Enabled with the IPv4
Address Family
A VPN instance isolates VPN routes from public network routes. Configuring a VPN instance
enabled with the IPv4 address family allows a PE to advertise IPv4 routes and forward data.
Issue 01 (2012-04-20)
Inter-AS VPN
If a VPN backbone network spans multiple ASs, the inter-AS VPN must be configured.
The inter-AS VPN can be classified as Option A, Option B, or Option C.
Hierarchy of VPN(HoVPN)
To relieve the stress on a PE, the Hierarchy of VPN (HoVPN) can be configured. A device
on the convergence layer or the access layer is selected as the Underlayer Provider Edge
(UPE), which works jointly with the PE, that is, the Superstratum Provider Edge (SPE) on
the backbone layer, to implement the functions of the PE.
Multi-VPN-Instance CE
The Multi-VPN-Instance CE can be configured to improve the routing capability of the
LAN, solve the security problem of the LAN at a low cost, and ensure that the LAN services
are safely differentiated. Currently, LAN services can be differentiated by utilizing VLAN
switches, but they have a weak routing capability.
VPN and Internet interworking
The AR1200 supports the interworking between VPNs and the Internet. This section
describes how to implement this interworking by means of configuring static routes and
Policy-based Routing (PBC) on PEs.
The backbone network is an MPLS network, on which the devices adopt hierarchical
backup and are fully connected through high-speed interfaces. If there are many PEs on
the network, the BGP route reflector is deployed to reflect IPv4 VPN routes in order to
decrease the number of Multi-Protocol internal BGP (MP IBGP) connections.
Either a mesh topology or a ring topology is used at the convergence layer based on the
requirements.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 BGP MPLS IP VPN Configuration
64
Hide quick links:
Advertisement
Table of Contents
