This section provides several VPN configuration examples.
In each configuration example, the networking requirements, configuration
notes, configuration roadmap, configuration procedures, and configuration
files are provided.
Sites in the same VPNs have the same AS number. When establishing an EBGP neighbor relationship between a PE and a CE, you must enable AS number substitution on the PE. Otherwise, the local CE discards the VPN route with the local AS number. As a result, users of the same VPN cannot communicate with each other.
By configuring the BGP SoO attribute, you can prevent routes sent from a VPN site from returning to the same site after these routes travel across the backbone network. This avoids routing loops in the VPN site.
If a great number of MP-IBGP connections exist between PEs, you can configure RRs to reduce the number of MP-IBGP connections and the workload of PEs, optimizing the VPN backbone layer.
If a PE and its connected CEs are in the same AS, you can deploy a BGP RR to reduce the number of IBGP connections between the CEs and facilitate maintenance and management.
In hub and spoke networking, an access control device is specified in the VPN, and users communicate with each other through the access control device.
In hub and spoke networking, an access control device is specified in the VPN, and users communicate with each other through the access control device.
In hub and spoke networking, an access control device is specified in the VPN, and users communicate with each other through the access control device.
In hub and spoke networking, an access control device is specified in the VPN, and users communicate with each other through the access control device.
In a traffic cleaning scenario, you can configure the function of route import between VPN and public network on a device to import public network routes to the VPN. This guides the reinjected traffic forwarding.
Load balancing can be configured if there are multiple tunnels between PE peers on the backbone network. This implementation can fully utilize network resources and enhance the reliability of VPN services on the backbone network.
This section provides an example for configuring inter-AS VPN Option B in basic networking. A single-hop MP-EBGP peer relationship is established between ASBRs to exchange VPNv4 routes.
A single-hop MP-EBGP peer relationship can be established between the ASBRs to implement inter-AS VPN Option B, and an RR can be configured in an AS to reflect VPNv4 routes.
In a scenario in which the backbone network spans two ASs, ASBRs need to advertise VPNv4 routes through MP-EBGP and ASBRs also need to function as PEs.
In a scenario in which the backbone network spans two ASs, ASBRs need to advertise VPNv4 routes through MP-EBGP. When multiple PEs exist in the ASs, you can configure an ASBR as an RR to simplify configurations.
If no MP-IBGP peer relationship is established between PEs and ASBRs, you can use LDP to allocate labels for BGP and implement the inter-AS VPN OptionC solution.
If no MP-IBGP peer relationship is established between PEs and ASBRs, you can use LDP to allocate labels for BGP and implement the inter-AS VPN OptionC solution.
This section provides an example for configuring intra-AS carrier's carrier in the scenario where a Level 1 carrier and Level 2 carriers belong to the same AS. The Level 2 carrier can provide BGP/MPLS IP VPN services.
This section provides an example for configuring the inter-AS carrier's carrier in the scenario where a Level 1 carrier and Level 2 carriers belong to different ASs. After this configuration, the Level 2 carriers can provide BGP/MPLS IP VPN services.
If a Level 1 carrier and Level 2 carriers belong to different ASs and no MP-IBGP peer relationships are established between the Level 1 carrier CEs and Level 2 carrier PEs, you can configure LDP to distribute labels to BGP routes so that the Level 2 carriers can provide BGP/MPLS IP VPN services.
This section provides an example for configuring the inter-AS carrier's carrier in the scenario where a Level 1 carrier and Level 2 carriers belong to different ASs. After this configuration, the Level 2 carriers can provide BGP/MPLS IP VPN services.
If a Level 1 carrier and Level 2 carriers belong to different ASs and no MP-IBGP peer relationships are established between the Level 1 carrier CEs and Level 2 carrier PEs, you can configure LDP to distribute labels to BGP routes so that the Level 2 carriers can provide BGP/MPLS IP VPN services.
This section provides an example for configuring VPN ORF, which helps reduce the number of unwanted routes to be sent and improve bandwidth utilization.
Private network IP FRR can be deployed on a private network where multiple CEs at a VPN site access the same PE. If a route from the PE to a CE is unreachable, this feature quickly switches traffic to a link from the PE to another CE.
On a network where a CE is dual-homed to two PEs, IP+VPNv4 hybrid FRR can be configured on PEs to protect the link between either PE and the CE. If the link between onePE and the CE fails, traffic destined for the CE can be switched to the other PE for transmission.
In CE dual-homing networking, after a static route on a CE is bound to a BFD session, the static route can detect link faults or refresh itself based on the BFD session status. This implementation ensures quick VPN traffic convergence.