To do...
Enable nested VPN
Activate a nested VPN peer or
peer group, and enable the
BGP-VPNv4 route exchange
capability
Add a peer to the nested VPN
peer group
Specify to apply a routing policy
to routes received from a
nested VPN peer or peer group
The address ranges for sub-VPNs of a user VPN cannot overlap.
It is not recommended to give nested VPN peers addresses that public network peers use.
Before specifying a nested VPN peer or peer group, be sure to configure the corresponding CE
peer or peer group in BGP VPN instance view.
At present, nested VPN does not support multi-hop EBGP networking. Therefore, a service
provider PE and its peer must use the addresses of the directly connected interfaces to establish
neighbor relationship.
If a CE of a sub-VPN is directly connected to a service provider's PE, policy routing must be
configured on the PE to allow mutual access between the sub-VPN and the VPN on the backbone.
Configuring HoVPN
For hierarchical VPNs, you can adopt HoVPN to reduce the performance requirements for PEs.
Configuration Prerequisites
Before configuring HoVPN, complete these tasks:
Configuring basic MPLS L3VPN
Configuring HoVPNs
Follow these steps to configure HoVPN:
To do...
Enter system view
Enter BGP view
Use the command...
nesting-vpn
peer { group-name |
peer-address } vpn-instance
vpn-instance-name enable
peer peer-address
vpn-instance
vpn-instance-name group
group-name
peer { group-name |
peer-address } vpn-instance
vpn-instance-name
route-policy
route-policy-name import
Use the command...
system-view
bgp as-number
1-40
Remarks
Required
Disabled by default.
Required
By default, only IPv4 routes and
no BGP-VPNv4 routes can be
exchanged between nested
VPN peers/peer groups.
Optional
By default, a peer is not in any
nested VPN peer group.
Optional
By default, no routing policy is
applied to routes received from
a nested VPN peer or peer
group.
Remarks
—
—