Mpls L3Vpn Concepts - HP 10500 SERIES Configuration Manual
Hide thumbs
Also See for 10500 SERIES:
- Security configuration manual (596 pages) ,
- Configuration manual (512 pages) ,
- Specifications (42 pages)
Table of Contents
Advertisement
After a PE learns VPN routing information from a CE, it uses BGP to exchange VPN routing information
to other PEs. A PE maintains routing information for only directly connected VPNs, rather than all VPNs
on the provider network.
A P router maintains only routes to PEs and does not deal with VPN routing information.
When VPN traffic travels over the MPLS backbone, the ingress PE functions as the ingress LSR, the egress
PE functions as the egress LSR, and P routers function as the transit LSRs.
MPLS L3VPN concepts
This section describes concepts for MPLS L3VPN.
Site
A site has the following features:
A site is a group of IP systems with IP connectivity that does not rely on any service provider network.
•
The classification of a site depends on the topology relationship of the devices, rather than the
•
geographical positions, though the devices at a site are, in most cases, adjacent to each other
geographically.
•
The devices at a site can belong to multiple VPNs, which means a site can belong to multiple VPNs.
A site is connected to a provider network through one or more CEs. A site can contain many CEs,
•
but a CE can belong to only one site.
Sites connected to the same provider network can be classified into different sets by policies. Only the
sites in the same set can access each other through the provider network. Such a set is called a VPN.
Address space overlapping
Each VPN independently manages its address space.
The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses on
subnet 10.1 10.10.0/24, address space overlapping occurs.
VPN instance
In MPLS VPN, routes of different VPNs are identified by VPN instances.
A PE creates and maintains a separate VPN instance for each directly connected site. Each VPN instance
contains the VPN membership and routing rules of the corresponding site. If a user at a site belongs to
multiple VPNs at the same time, the VPN instance of the site contains information about all VPNs.
For independence and security of VPN data, each VPN instance on a PE maintains a routing table and
a LFIB. VPN instance information includes the LFIB, the IP routing table, the interfaces bound to the VPN
instance, and administration information of the VPN instance. The administration information of a VPN
instance includes the route distinguisher (RD), route filtering policy, and member interface list.
VPN-IPv4 address
Traditional BGP cannot process VPN routes which have overlapping address spaces. If, for example,
both VPN 1 and VPN 2 use the subnet 10.1 10.10.0/24 and each advertise a route to the subnet, BGP
selects only one of them, resulting in the loss of the other route.
To solve this problem, PEs use MP-BGP in VPN-IPv4 address family mode to advertise VPN routes.
A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a four-byte
IPv4 address prefix.
229
Advertisement
Table of Contents
Troubleshooting
