Connecting a VPN to the Internet

Pre-configuration Tasks

Configure basic BGP/MPLS IP VPN functions. For details, see Configuring Basic BGP/MPLS IP VPN Functions.

Configuration Procedure

Step 1, step 2, and step 3 can be performed at any sequence.

Procedure

Configure a static route on the CE device.
1. Run system-view
  
  The system view is displayed.
2. Run ip route-static ip-address { mask | mask-length } { interface-type interface-number [ nexthop-address ] | nexthop-address } [ preference preference | tag tag ] ^* [ description text ]
  
  The static route to a public network destination address is configured.
  
  ip-address can be a public network address or 0.0.0.0. If the dest-ip-address is 0.0.0.0, the static route is also called the default route. The mask of a default route must be 0.0.0.0 or the mask-length of the default route must be 0. The out-interface must be the interface connected directly with the PE device, and the next-hop is the IP address of the peer PE interface connected directly with the CE device.
  
  If the CE and PE devices are connected through an Ethernet network, the next-hop must be specified.
Configure a static VPN route to the Internet on the PE device.
1. Run system-view
  
  The system view is displayed.
2. Run ip route-static vpn-instance vpn-source-name destination-address { mask | mask-length } nexthop-address public [ preference preference | tag tag ] ^* [ description text ]
  
  A static route from the VPN to the Internet is configured and the next-hop address is a public network address.
Configure a static route to the VPN on the PE device.
1. Run system-view
  
  The system view is displayed.
2. Run ip route-static ip-address { mask | mask-length } { interface-type interface-number [ nexthop-address ] | vpn-instance vpn-instance-name nexthop-address | nexthop-address } [ preference preference | tag tag ] ^* [ description text ]
  
  The static route from the public network to the VPN is configured and the next-hop address is a private network address.
  
  If the CE and PE devices are connected through an Ethernet network, the next-hop must be specified.
3. Advertise the static route to the Internet.
  For detailed configuration, see the S2720, S5700, and S6700 V200R019C10 Configuration Guide - IP Unicast Routing Configuration Guide. For example, if OSPF is running between the PE device and the Internet, perform the following steps:
  1. Run system-view
    The system view is displayed.
  2. Run ospf [ process-id ]
    The OSPF view is displayed.
  3. Run import-route static
    Static routes are imported into OSPF.

Verifying the Configuration

Run the display ip routing-table vpn-instance vpn-instance-name command to check the VPN routing table on the PE device. The command output shows that the route to the CE and the route to the destination device in the public network exist in the VPN routing table.
Run the display ip routing-table command to check the routing table on the CE and the destination device in the public network. The command output shows that the CE has the route to the destination device in the public network and the destination device in the public network has the route to the CE.
Run the ping command to check the connectivity between the CE and the destination device on the public network. The CE device and the destination device on the public network can ping each other.