The device supports L3VPN service activation by device or interface. If L3VPN service resources have been purchased based on the number of ports in the current project, you must allocate these resources to specified ports.
A basic BGP/MPLS IP VPN applies to the scenario in which there is only one carrier or the backbone networks of multiple carriers belong to the same AS, and each device plays only one role, either PE, P, or CE. After a basic BGP/MPLS IP VPN is configured, different sites in a VPN can communicate with each other.
Using an RR helps reduce the number of MP-IBGP connections between PEs. The RR not only reduces the burden on PEs, but also facilitates network maintenance and management.
In hub and spoke networking, an access control device is specified in the VPN, and users communicate with each other through the access control device.
In a scenario in which the backbone network spans two ASs, ASBRs need to advertise VPNv4 routes through MP-EBGP and ASBRs also need to function as PEs.
In a scenario in which the backbone network spans two ASs, ASBRs need to advertise VPNv4 routes through MP-EBGP. When multiple PEs exist in the ASs, you can configure an ASBR as an RR to lower configuration complexity.
After LDP LSPs are established for the labeled BGP routes of the public network, multi-hop EBGP connections are established between PEs of different ASs to exchange VPNv4 routes.
To allow PEs in different ASs to exchange VPNv4 routes, inter-AS VPN Option C can be configured so that multi-hop EBGP connections are established between the PEs. An independent labeled address family can also be used to negotiate the label capability.
After LDP LSPs are established for the labeled BGP routes of the public network, multi-hop EBGP connections are established between PEs of different ASs to exchange VPNv4 routes. An independent labeled address family can also be used to negotiate the label capability.
After LDP LSPs are established for labeled BGP routes of the public network, IBGP peer relationships do not need to be established within the Level 2 carrier network, and the Level 2 carrier can provide BGP/MPLS IP VPN services.
In the networking of carrier's carrier, a user of the carrier providing BGP/MPLS IP VPN services is also a carrier that provides BGP/MPLS IP VPN services. This section describes how to use a separate labeled address family (BGP-labeled address family or BGP-labeled-VPN instance IPv4 address family) to configure inter-AS BGP LSPs. This configuration implements the carrier's carrier function.
After LDP LSPs are established for labeled BGP routes of the public network, IBGP peer relationships do not need to be established within the Level 2 carrier network, and the Level 2 carrier can provide BGP/MPLS IP VPN services. This section describes how to use a separate labeled address family (BGP-labeled address family or BGP-labeled-VPN instance IPv4 address family) to configure inter-AS BGP LSPs. This configuration implements the carrier's carrier function.
After route recursion to remotely leaked VPN routes is enabled, a route can inherit the label and tunnel ID of a route leaked from the remote end. Then, the device can forward data through the tunnel to which the route recurses.
By default, non-labeled public BGP routes can recurse to outbound interfaces and next hops, but not to LSPs. You can configure the system to be able to recurse non-labeled public BGP routes to LSPs.
On an HVPN, PEs play different roles and provide different functions. These PEs form a hierarchical architecture to provide functions that are provided by one PE on a non-hierarchical VPN. HVPNs lower the performance requirements for PEs.
IPv4 route import between VPN and public network instances enables IPv4 VPN users to communicate with IPv4 public network users, whereas IPv4 route import between VPN instances enables IPv4 users in different VPNs to communicate.
If a CE is multi-homed to two PEs, you can configure VPN FRR to ensure that VPN services are switched to a standby link if the active link between PEs fails.
After BGP peer relationships are established in the BGP-VPN-Target (VT) address family, VPN ORF filters the routes to be advertised to PEs based on the VPN target of each VPN instance bound to each PE.
This section describes how to configure private network IP FRR. At a VPN site where multiple CEs connect to the same PE, this feature can immediately switch traffic to another PE-CE link when the next hop of the active route is unreachable.
This section describes how to configure IP+VPNv4 hybrid FRR. On a network where a CE is dual-homed to two PEs, if the link between the master PE and the CE is unreachable, the master PE switches traffic to the link between the backup PE and the CE for transmission. IP+VPNv4 hybrid FRR improves network reliability.
Configuring VPN MPLS/VPN SRv6 dual-stack tunnels on networks where IPv4 and IPv6 services coexist prevents potential traffic interruption when IPv4 services are directly migrated to IPv6.
In an H-VPN scenario in which VPNv4 FRR is configured, if the primary LSP between an ASBR or SPE and its next hop is unreachable, traffic quickly switches to the secondary LSP.
This section provides several VPN configuration examples. In each configuration example, the networking requirements, configuration notes, configuration roadmap, configuration procedures, and configuration files are provided.