Table of Contents
Advertisement
Operation Manual – MCE
H3C S3610&S5510 Series Ethernet Switches
The devices at a site can belong to multiple VPNs, namely, a site can belong to
multiple VPNs.
A site is connected to a provider network through one or more CEs. A site can
contain many CEs, but a CE can belong to only one site.
Sites connected to the same provider network can be classified into different sets by
policies. Only the sites in the same set can access each other through the provider
network. Such a set is called a VPN.
II. Address space overlapping
Each VPN independently manages the addresses that it uses. The assembly of such
addresses for a VPN is called an address space.
The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use
the addresses in network segment 10.110.10.0/24, address space overlapping occurs.
III. VPN instance
In MPLS VPN, route separation between VPNs is implemented by VPN instance.
A PE creates and maintains a separate VPN instance for each directly connected site.
Each VPN instance contains the VPN membership and routing rules of the
corresponding site. If a user at a site belongs to multiple VPNs at the same time, the
VPN instance of the site contains information about all the VPNs.
For independency and security of VPN data, each VPN instance on a PE maintains a
relatively independent routing table and a separate label forwarding information base
(LFIB). VPN instance information contains these items: the LFIB, IP routing table,
interfaces bound to the VPN instance, and administration information of the VPN
instance. The administration information of the VPN instance includes the route
distinguisher (RD), route filtering policy, and member interface list.
Note:
LFIBs of VPN instances exist on only PEs supporting MPLS. No LFIBs of VPN
instances exist on MCE-capable devices.
IV. VPN-IPv4 address
Traditional BGP cannot process VPN routes which have overlapping address spaces. If,
for example, both VPN 1 and VPN 2 use addresses in the segment 10.110.10.0/24 and
advertise a route to the segment, BGP selects only one of them, which results in loss of
the other route.
PEs use MP-BGP to advertise VPN routes, and use VPN-IPv4 address family to solve
the problem with traditional BGP.
1-3
Chapter 1 MCE Overview
Advertisement
Chapters
Table of Contents
Troubleshooting
