Route Import Between VPN and Public Network
Background
In BGP/MPLS IP VPN networking, the users of a VPN can communicate with the users of another VPN provided that the two VPNs have matching VPN targets, but cannot communicate with public network users. To enable VPN users and public network users to communicate, configure route import between VPN and public network.
Implementation
After route import between VPN and public network is configured, the VPN and public network will be able to import protocol-specific routes from each other. The imported routes retain their route attributes and recursion information. The VPN or public network instance compares each imported route with local routes that have the same prefix as the imported route and then delivers the optimal route to the IP routing table to guide traffic forwarding.
The VPN and public network can import the following types of routes from each other:
- Static routes
- Direct routes
- OSPF routes
- IS-IS routes
- BGP routes (including active BGP routes preferentially selected in the IP routing table and valid BGP routes with reachable next hops)
- Vlink direct routes
Traffic forwarding relies on direct routes (Vlink direct routes) generated based on user entries. When QinQ or Dot1q VLAN tag termination sub-interfaces are used for route import between VPN and public network, Vlink direct routes cannot be imported. As a result, traffic forwarding is interrupted. To solve this problem, route import between VPN and public network newly supports import of Vlink direct routes.
Usage Scenario
Route import between VPN and public network applies to scenarios where VPN users need to communicate with public network users in BGP/MPLS IP VPN networking. On the network shown in Figure 1, CE1 resides on a VPN and Device A resides on the public network. To enable VPN users to communicate with public network users, specifically, to enable CE1 to communicate with Device A, configure route import between VPN and public network on PE1.
After PE1 receives a BGP route from Device A, PE1 imports the route to its VPN instance. After PE1 determines based on a preconfigured routing policy that the newly imported route is an optimal route, PE1 adds the route to its VPN IP forwarding table and advertises the route to CE1, its VPN BGP peer. After PE1 receives a route from CE1, PE1 imports the route to its public network instance. After PE1 determines based on a preconfigured routing policy that the newly imported route is an optimal route, PE1 adds the route to its public IP forwarding table and advertises the route to Device A. CE1 and Device A can then communicate.
Benefits
Route import between VPN and public network allows VPN users to communicate with public network users.