Table of Contents
Advertisement
Overlapping VPNs
Copyright © 2010, Juniper Networks, Inc.
Figure 84: Site Connectivity in a Hub-and-Spoke VPN
Figure 85 on page 411 shows how to configure the VRF import and export route targets
to build a hub-and-spoke VPN. Each spoke VRF has the same export route target, 100:12.
The hub VRF has its import route target set to 100:12, so it accepts only routes from the
spoke VRFs. Each spoke VRF has the same import route target, 100:11. Every route
advertised by any spoke has an attached route target of 100:12. Because that route target
does not match the import route target of any spoke, the spokes cannot accept any
routes from another spoke. However, the hub VRF has an export route target of 100:11,
so routes advertised by the hub do match the import target of each spoke and are
accepted by all of the spokes.
Figure 85: Route Target Configuration for a Hub-and-Spoke VPN
In an overlapping VPN, a site is a member of more than one VPN. For example, in Figure
86 on page 412, the middle site is a member of both VPN A and VPN B. In other words,
that site can communicate with all other VPN A sites and all other VPN B sites. An
overlapping VPN is often used to provide centralized services. The central site might
contain DNS servers or WWW servers or management stations that need to be reachable
from multiple VPNs. Overlapping IPv4 and IPv6 VPNs are supported by the same
route-target mechanism.
Chapter 6: Configuring BGP-MPLS Applications
411
Advertisement
Table of Contents
Troubleshooting
