3com 8807 Guia Do Utilizador
BGP/MPLS VPN Overview
531
manage their internal VPN division, and the service provider can be saved from
participating into users’ internal VPN management.
participating into users’ internal VPN management.
The following figure shows the network model for nested VPN:
Figure 128 Network model for nested BGP/MPLS VPN
Basic concepts in BGP/MPLS VPN
1 VPN-instance
VPN-instance is an important concept in VPN routing in MPLS. In an MPLS VPN
implementation, each site corresponds to a specific VPN-instance on PE (their
association is implemented by binding VPN-instance to the VALN interface). If
subscribers on one site belong to multiple VPNs, then the corresponding
VPN-instance includes information about all these VPNs.
implementation, each site corresponds to a specific VPN-instance on PE (their
association is implemented by binding VPN-instance to the VALN interface). If
subscribers on one site belong to multiple VPNs, then the corresponding
VPN-instance includes information about all these VPNs.
Specifically, such information should be included in VPN-instance: label forwarding
table, IP routing table, the interfaces bound with VPN-instance, and the
management information (RD, route filtering policy, member interface list, and so
on). It includes the VPN membership and routing rules of this site.
table, IP routing table, the interfaces bound with VPN-instance, and the
management information (RD, route filtering policy, member interface list, and so
on). It includes the VPN membership and routing rules of this site.
PE is responsible for updating and maintaining the relationship between
VPN-instance and VPN. To avoid data leakage from the VPN and illegal data
entering into the VPN, each VPN-instance on the PE has an independent set of
routing table and label forwarding table, in which the forwarding information of
the message is saved
VPN-instance and VPN. To avoid data leakage from the VPN and illegal data
entering into the VPN, each VPN-instance on the PE has an independent set of
routing table and label forwarding table, in which the forwarding information of
the message is saved
2 MBGP
MBGP (multiprotocol extensions for BGP-4, see RFC2283) propagates VPN
membership information and routes between PE routers. It features backward
compatibility: It not only supports traditional IPv4 address family, but also supports
other address families, for example, VPN-IPv4 address family. MP-BGP ensures that
VPN private routes are only advertised within VPNs, as well as implementing
communication between MPLS VPN members.
membership information and routes between PE routers. It features backward
compatibility: It not only supports traditional IPv4 address family, but also supports
other address families, for example, VPN-IPv4 address family. MP-BGP ensures that
VPN private routes are only advertised within VPNs, as well as implementing
communication between MPLS VPN members.
3 VPN-IPv4 address
VPN3
VPN2
VPN1
VPN1
provider PE
provider PE
customer PE
CE1
CE2
CE3
CE4
VPN2
VPN1
CE5
VPN3
CE6
customer VPN
CE7
P
customer PE
customer VPN