Multi-Vpn-Instance - H3C S5800 Series Configuration Manual

An RD can be in one of the following three formats distinguished by the Type field:
When the value of the Type field is 0, the Administrator subfield occupies two bytes, the Assigned
number subfield occupies four bytes, and the RD format is 16-bit AS number:32-bit user-defined
number. For example, 100:1.
When the value of the Type field is 1, the Administrator subfield occupies four bytes, the Assigned
number subfield occupies two bytes, and the RD format is 32-bit IPv4 address:16-bit user-defined
number. For example, 172.1.1.1:1.
When the value of the Type field is 2, the Administrator subfield occupies four bytes, the Assigned
number subfield occupies two bytes, and the RD format is 32-bit AS number:16-bit user-defined
number, where the minimum value of the AS number is 65536. For example, 65536:1.
For the global uniqueness of an RD, you are not recommended to set the Administrator subfield to any
private AS number or private IP address.
VPN target attributes
MPLS L3VPN uses the BGP extended community attributes called VPN target attributes, or route
target attributes, to control the advertisement of VPN routing information.
A VPN instance on a PE supports two types of VPN target attributes:
Export target attribute: A local PE sets this type of VPN target attribute for VPN-IPv4 routes learnt
from directly connected sites before advertising them to other PEs.
Import target attribute: A PE checks the export target attribute of VPN-IPv4 routes advertised by
other PEs. If the export target attribute matches the import target attribute of the VPN instance, the
PE adds the routes to the VPN routing table.
In other words, VPN target attributes define which sites can receive VPN-IPv4 routes, and from which
sites that a PE can receive routes.
Like RDs, VPN target attributes can be of three formats:
16-bit AS number:32-bit user-defined number. For example, 100:1.
32-bit IPv4 address:16-bit user-defined number. For example, 172.1.1.1:1.
32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is
65536. For example, 65536:1.
Multi-VPN-Instance CE
Using tunnels, MPLS L3VPN implements private network data transmission over the public network.
However, the traditional MPLS L3VPN architecture requires that each VPN instance exclusively use a
CE to connect with a PE, as shown in
Nowadays, for finer services and higher security, a private network is usually divided into multiple
VPNs to isolate services. To meet the requirements, you can configure a CE for each VPN, which,
apparently, will increase users' device expense and maintenance cost. Or, you can configure multiple
VPNs to use the same CE and the same routing table, which cannot ensure the data security.
Using the Multi-VPN-Instance CE (MCE) function of the Ethernet switches, you can remove the
contradiction of low cost and high security in multi-VPN networks. With MCE configured, a CE can bind
each VPN in a network with a VLAN interface on the CE, and create and maintain a separate routing
table (multi-VRF) for each VPN. This separates the forwarding paths of packets of different VPNs and,
in conjunction with the PE, can correctly advertise the routes of each VPN to the peer PE, ensuring the
normal transmission of VPN packets over the public network.
Figure 14-1.
14-4