R3303-HP HSR6800 Routers MPLS Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis

261

262

263

264

265

266

267

268

269

270

262

Nested VPN is flexible and easy to implement and can reduce the cost because a customer only needs

to pay for one MPLS VPN to have multiple internal VPNs connected. Nested VPN provides diversified

VPN networking methods for a customer, and allows for multi-level hierarchical access control over the

internal VPNs.

Multi-role host

The VPN attributes of the packets forwarded from a CE to a PE depend on the VPN instance bound to the

inbound interface. Therefore, all CEs whose packets are forwarded through the same inbound interface

of a PE must belong to the same VPN.

In a real network, however, a CE may need to access multiple VPNs through a single physical interface.

In this case, you can set multiple logical interfaces to meet the requirement. But this needs extra

configurations and brings limitations to the application.

The multi-role host feature is a better solution for a CE to access multiple VPNs. To use this feature,

perform the following configurations on the PE connecting that CE:

• Bind the interface connected to the CE to a VPN.

• Configure policy-based routing to allow the PE to route the packets from the CE first through the

routing table of the bound VPN and then if no matching route exists, through the routing table of

another VPN. This makes sure that the CE can access not only the bound VPN but also other VPNs.

• Configure static routes for the VPNs other than the bound VPN, with the CE as the next hop, so the

PE can forward the packets from these VPNs back to the CE.

IMPORTANT:

The IP addresses in all VPNs that the CE can access must not overlap.

HoVPN

In MPLS L3VPN solutions, PEs are the key devices, which provide the following functions:

• User access. This means that the PEs must have a large amount of interfaces.

• VPN route managing and advertising, and user packet processing, requiring that a PE must have a

large-capacity memory and high forwarding capability.

Most of the current network schemes use the typical hierarchical architecture. For example, the MAN

architecture contains typically three layers, namely, the core layer, distribution layer, and access layer.

From the core layer to the access layer, the performance requirements on the devices decrease while the

network expands.

MPLS L3VPN, on the contrary, is a plane model where performance requirements are the same for all PEs.

If a certain PE has limited performance or scalability, the performance or scalability of the whole network

is influenced.

Due to the difference, you are faced with the scalability problem when deploying PEs at any of the three

layers. Therefore, the plane model is not applicable to the large-scale VPN deployment.

To solve the scalability problem of the plane model, MPLS L3VPN must transition to the hierarchical

model.

In MPLS L3VPN, hierarchy of VPN (HoVPN) was proposed to meet that requirement. With HoVPN, the PE

functions can be distributed among multiple PEs, which take different roles for the same functions and

form a hierarchical architecture.