3Com 8807 Configuration Manual page 534

534 C 49: BGP/MPLS VPN C
HAPTER
Nested BGP/MPLS VPN
Implementation
ONFIGURATION
Exterior-layer label, known as LSP initialization label, distributed by MPLS LDP, is at
the top of the label stack and indicates an LSP from the ingress PE to egress PE. By
the switching of exterior-layer label, VPN packets can be forwarded along the LSP
to the peer PE.
Figure 130 illustrates the details:
Figure 130 Forwarding VPN packets
1.1.1.2 1.1.1.2
CE1 CE1
PE1 PE1
site1 site1
1.1.1.1/24 1.1.1.1/24
1 Site 1 sends an IPv4 packet with the destination address 1.1.1.2 of to CE1. CE1
looks up the IP routing table for a matched entry and sends the packet to PE1
according to the matched entry.
2 Depending on the interface the packet reaches and the destination of it, PE1 looks
up the VPN-instance entry to obtain interior-layer label, exterior-layer label, BGP
next hop (PE2), and output interfaces. After the establishment of labels, PE1
forwards MPLS packets to the first P of LSP through output interface.
3 Each P router on LSP forwards MPLS packets using exterior-layer label to the
penultimate-hop router, namely the P router before PE2. The penultimate-hop
router extracts the exterior-layer and sends MPLS packet to PE2.
4 PE2 looks up in the MPLS forwarding table according to the interior-layer label and
destination address to determine the egress interface for labeling operation and
the packet. It then extracts the interior-layer label and forwards through the egress
interface the IPv4 packet to CE2.
5 CE2 looks up in the routing table and sends the packet in normal IPv4 packet
forwarding mode to the site2.
When implementing a nested BGP/MPLS VPN, pay attention to the following
items:
No address overlap is allowed between user's internal sub-VPNs.
■
To ensure the VPN routing information is correctly advertised over the
■
backbone network, the VPN-Targets of the user VPN and the internal sub-VPNs
cannot be overlapped and must be specified by the service provider.
The provider PE and the customer PE must be directly connected and cannot
■
exchange VPNv4 route in Multihop-EBGP mode.
Before configuring a nested BGP/MPLS VPN, you must complete the following
tasks:
Configuring IGP on the MPLS backbone network (including provider PE and P
■
routers) to implement the IP connectivity on the backbone network.
Layer1 Layer1
Layer2 Layer2
Layer2 Layer2
1.1.1.2 1.1.1.2
1.1.1.2 1.1.1.2
P P
P P
1.1.1.2 1.1.1.2
CE2 CE2
PE2 PE2
site2 site2
1.1.1.2/24 1.1.1.2/24