Manualshelf

R2511-HP MSR Router Series MPLS Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
131132133134135136137138139140
126
Multi-VPN-instance CE
BGP/MPLS VPN transmits private network data through MPLS tunnels over the public network. However,
the traditional MPLS L3VPN architecture requires that each VPN instance use an exclusive CE to connect
to a PE, as shown in Figure 38.
F
or better services and higher security, a private network is usually divided into multiple VPNs to isolate
services. To meet these requirements, you can configure a CE for each VPN, which increases device
expense and maintenance costs. Or, you can configure multiple VPNs to use the same CE and the same
routing table, which sacrifices data security.
Using the Multi-VPN-Instance CE (MCE) function, you can remove the contradiction of low cost and high
security in multi-VPN networks. MCE allows you to bind each VPN to a VLAN interface. The MCE creates
and maintains a separate routing table for each VPN. This separates the forwarding paths of packets of
different VPNs and, in conjunction with the PE, can correctly advertise the routes of each VPN to the peer
PE, ensuring the normal transmission of VPN packets over the public network.
Figure 56 des
cribes how an MCE maintains the routing tables for multiple VPNs and exchanges VPN
routes with PEs.
Figure 56 Network diagram for the MCE function
Establish a tunnel between the two sites of each VPN.
Create a routing table for VPN 1 and VPN 2 on the MCE device, and bind VLAN-interface 2 to VPN 1
and VLAN-interface 3 to VPN 2. When receiving a route, the MCE device determines the source of the
routing information according to the number of the receiving interface, and then adds it to the
corresponding routing table.
You must also bind PE 1's interfaces/subinterfaces connected to the MCE to the VPNs in the same way.
The MCE connects to PE 1 through a trunk link, which permits packets of VLAN 2 and VLAN 3 with VLAN
tags carried. In this way, PE 1 determines the VPN that a received packet belongs to according to the
VLAN tag of the packet and sends the packet through the corresponding tunnel.
You can configure static routes, RIP, OSPF, IS-IS, EBGP, or IBGP between MCE and VPN site and between
MCE and PE.
NOTE:
To implement dynamic IP assi
g
nment for DHCP clients in private networks, you can confi
g
ure DHCP server
or DHCP relay agent on the MCE. The IP address spaces for different private networks cannot overlap.