3Com Switch 8800 Family Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

561

562

563

564

565

566

567

568

569

570

Typical BGP/MPLS VPN Configuration Example 561

[PE-B] bgp 100

[PE-B-bgp] group 20

[PE-B-bgp] peer 20.1.1.1 group 20

[PE-B-bgp] peer 20.1.1.1 connect-interface loopback 0

[PE-B-bgp] ipv4-family vpnv4

[PE-B-bgp-af-vpn] peer 20 enable

[PE-B-bgp-af-vpn] peer 20.1.1.1 group 20

[PE-B-bgp-af-vpn] quit

Hub&Spoke

Configuration Example

Network requirements

Hub&Spoke networking is also called central server networking. The Site in the

center is called Hub-Site, while the one not in the center is called Spoke-Site. The

Hub-Site knows the routes to all other Sites in the same VPN, and the Spoke-Site

must send its traffic first to the Hub-Site and then to the destination. Hub-Site is

the central node of Spoke-Sites.

A bank has a headquarters network and subsidiary networks, and it requires that

the subsidiaries cannot directly exchange data with each other, but they can

exchange data through the headquarters network which provides uniform control.

In this case, Hub&Spoke networking topology is used: CE2 and CE3 are

spoke-sites, while CE1 is a hub-site in the bank data center. CE1 controls

communication between CE2 and CE3.

■ Set up IBGP adjacency between PE1 and PE2 or PE1 and PE3, but not between

PE2 and PE3, that is, VPN routing information cannot be exchanged between

PE2 and PE3.

■ Create two VPN-instances on PE1, import VPN routes of VPN-target 100:11

and 100:12, set VPN-target for VPN routes advertised as 100:2.

■ Create a VPN-instance on PE2, import VPN routes of VPN-target 100:2, set

VPN-target for VPN routes advertised as 100:11.

■ Create a VPN-instance on PE3, import VPN routes of VPN-target 100:2, set

VPN-target for VPN routes advertised as 100:12.

Then PE2 and PE3 can only learn their neighbor’s routes through PE1.

In this case the configuration is focused on four points:

■ Route advertisement can be controlled by VPN-target settings on different PEs.

■ Routing loop is permitted only once, so that PE can receive route update

messages with AS number included from CE.

■ In Hub&Spoke networking, VPN-target of VPN-instance (VPN-instance3) which

is used to release route on the PE1 cannot be the same with any VPN-target of

VPN-instance (VPN-instance2) which is used to import route on PE1.

■ In Hub&Spoke networking, route-distinguisher rd2 (100:3) of VPN-instance

which is used to release route on the PE1 cannot be the same with the

route-distinguisher rd1 (100:1) or rd4 (100:4) of corresponding VPN-instances

on each PE2 and PE3; rd 1 and rd4 can be the same or not.