Odc010003 Mpls l3 VPN Principle Issue1_4
-
Upload
randy-dookheran -
Category
Documents
-
view
234 -
download
3
Transcript of Odc010003 Mpls l3 VPN Principle Issue1_4
-
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
1/43
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved
www.huawei.com
Internal
ODC010003 MPLS L3
VPN Principle
ISSUE 1.4
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.huawei.com/http://www.pdffactory.com/http://www.pdffactory.com/http://www.huawei.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
2/43
HUAWEI TECHNOLOGIES CO., LTD. Page 2All rights reserved
This slides will introduce MPLS L3 VPN
system structure, label distribution, data
forwarding and typical application.
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
3/43
HUAWEI TECHNOLOGIES CO., LTD. Page 3All rights reserved
Upon completion this course, you will be able to:
[ Describe VPN Classification
[ Describe MPLS L3 VPN Concept
[ Describe Label Distribution and Data
Forwarding
[ Describe MPLS L3 VPN Typical
Application
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
4/43
HUAWEI TECHNOLOGIES CO., LTD. Page 4All rights reserved
Chapter 1 VPN ClassificationChapter 1 VPN Classification
Chapter 2 MPLS L3 VPN PrincipleChapter 2 MPLS L3 VPN Principle
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
5/43
HUAWEI TECHNOLOGIES CO., LTD. Page 5All rights reserved
VPN Classification
VPN: Virtual Private NetworkVPN: Virtual Private Network
CPE-Based VPN Network-Based VPN
VLL VPRN VPDN VPLS
MPLS/BGP VPN
IP-VPN
VPN
VR-VPN
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
6/43
HUAWEI TECHNOLOGIES CO., LTD. Page 6All rights reserved
VPN Tunnel
l Tunnel: It is a technology that uses a type of protocol to transmit another type
of protocol. Mainly the tunnel protocol serves to implement this function. The
tunnel technology involves three types of protocols: tunneling protocol, bearer
protocol under the tunnel protocol, and the protocol borne on the tunnel
protocol.
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
7/43
HUAWEI TECHNOLOGIES CO., LTD. Page 7All rights reserved
VPN Type (1)
l Virtual Leased Line (VLL): It provides point-to-point connection service
between two pieces of CPE equipment for the user via the edge node of the
operator.
l Virtual Private Dial Network (VPDN): The remote user dials to the public IP
network via PSTN/ISDN, and the data packet passes through the public
network via a tunnel for the destination network.
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
8/43
HUAWEI TECHNOLOGIES CO., LTD. Page 8All rights reserved
VPN Type (2)
l Virtual Private LAN Segments (VPLS): VPLS is a virtual!
method to establish LAN via the public IP resources. The
networking is based on the MAC layer forwarding, and it is
completely transparent to the network layer protocol. It is a L2
VPN.
l Virtual Private Routed Network (VPRN): VPRN is defined as a
kind of emulation for multi-site wide area route network
services via the public IP network, and the data packet of VPN
is forwarded at the network layer.
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
9/43
HUAWEI TECHNOLOGIES CO., LTD. Page 9All rights reserved
Example: Constructing VPN via GRE Tunnel
l To construct such a network, just make configuration on the access router
of each network.
l It is unnecessary for the operator network to know the internal route of VPN.l Different VPNs can employ the same address space.
l The forwarding efficiency is low.
10.0.1.1/2410.0.0.0/24
10.0.0.0/24
129.0.0.2/30
129.0.0.1/30
129.0.1.1/30
129.0.1.2/30
Public IPnetwork
129.0.2.2/30
129.0.2.1/30
129.0.3.1/30
129.0.3.2/30
GRE tunnel
GRE tunnel
10.0.1.1/24
10.0.1.2/24
10.0.1.2/24
Rt1 Rt2
HQ1
HQ2
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
10/43
HUAWEI TECHNOLOGIES CO., LTD. Page 10All rights reserved
Exercise-1
1. Which VPN technologies belong to layer 3 VPN ( )
A GRE
B L2TP
C BGP/MPLS
D VPLS
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
11/43
HUAWEI TECHNOLOGIES CO., LTD. Page 11All rights reserved
Chapter 1 VPN ClassificationChapter 1 VPN Classification
Chapter 2 MPLS L3 VPN PrincipleChapter 2 MPLS L3 VPN Principle
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
12/43
HUAWEI TECHNOLOGIES CO., LTD. Page 12All rights reserved
MPLS VPN Network Structure
VPN_A
VPN_A
VPN_B
10.3.0.0
10.1.0.0
11.5.0.0
CE
CE
CE
VPN_A
VPN_B
VPN_B
10.1.0.0
10.2.0.0
11.6.0.0
CE
PE
PECE
CE
VPN_A
10.2.0.0
CE
VPN_A
VPN_B
VPN_B
10.1.0.0
10.2.0.0
11.6.0.0
CE
PE
PECE
CE
VPN_A
10.2.0.0
CE
VPN_A
10.2.0.0
CE
iBGP sessions
P
P
P
P
PE
PE
l CE (Custom Edge Router): The user equipment directly connected with the service
provider.
l PE (Provider Edge Router): The edge router on the backbone network, connected with CE
and mainly responsible for access of the VPN service.
l P (Provider Router): The core router on the backbone network, mainly responsible for the
routing and fast forwarding functions.
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
13/43
HUAWEI TECHNOLOGIES CO., LTD. Page 13All rights reserved
Question
l One PE connect with several CEs which belong to different VPNs,
as VPNs may have overlapping address space, how to identify
each VPN"s information?
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
14/43
HUAWEI TECHNOLOGIES CO., LTD. Page 14All rights reserved
Relationship Between PE and CE
l PE and CE routers exchange information via the EBGP, RIP or static route. CE runs the
standard routing protocol.
l PE maintains separate routing tables of the public network and private network.
[ Routing table of public network, including the routes of all PE and P routers, generated by
the backbone network IGP of VPN.[ VRF (VPN routing & forwarding), including tables of routing & forwarding to one or multiple
directly connected CEs.
PE
C
PE
CE
CE
Site - 2Site - 2
Site - 1Site - 1
EBGP, RIP, Static
VPNA
VPNB
VRF for VPNA
VRF for VPNBGlobal route
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
15/43
HUAWEI TECHNOLOGIES CO., LTD. Page 15All rights reserved
VRF Detaill VRF can be regarded as a virtual router
l PE maintains a separate forwarding table for each site.
l Each site has a unique VRF.
l If (and only if) two sites have identical forwarding table, they share a VRF.
l The interface/sub-interface connected with CE is mapped to VRF.
l The routes in VRF will be distributed to the sites (usually connected on other PEs)
belonging to the same VPN.
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
16/43
HUAWEI TECHNOLOGIES CO., LTD. Page 16All rights reserved
Distribution of VRF Routes
l The PE router distributes the local VPN route information via the backbone
network. the transmitting via BGP
PE PECE Router CE Router
P Router
Site SiteiBGP
Question: PE and PE set up IBGP session and exchange routing information, while
some VPN may have the same private IP address space, when BGP transfer therouting information on the public network, there get address overlapping problem,
how to solve it?
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
17/43
HUAWEI TECHNOLOGIES CO., LTD. Page 17All rights reserved
VPNv4 and IPv4 Address Families
Route Distinguisher (8 bytes) IPv4 address
VPNV4 address structure:
4-byte assigned number
2-byte assigned number4-byte IP address1
2-byte ASN0
Assigned Number
Field
Administrator FieldTYPE (2-
byte)
RD structure:
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
18/43
HUAWEI TECHNOLOGIES CO., LTD. Page 18All rights reserved
Question
l PE and PE set up IBGP session and exchange routing
information by BGP, by adding RD prefix , now the VPN "s
address is VPNv4 address family, BGP-4 only supports
IPv4 ,BGP can"t recognise such routing information, how to
solve it?
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
19/43
HUAWEI TECHNOLOGIES CO., LTD. Page 19All rights reserved
MBGP
l MBGP (Multiprotocol Extensions for BGP-4 )
[ BGP-4 only supports IPv4, and is extended to MBGP to
transfer the route information of more protocols (IPv6,
IPX,etc.).
[ To maintain compatibility, only two BGP attributes areadded for MBGP: MP_REACH_NLRI and
MP_UNREACH_NLRI. The two attributes can be used in
the BGP Update message to notify or cancel the network
reachability information.
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
20/43
HUAWEI TECHNOLOGIES CO., LTD. Page 20All rights reserved
MBGP: MP_REACH_NLRI
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
21/43
HUAWEI TECHNOLOGIES CO., LTD. Page 21All rights reserved
MBGP: MP_UNREACH_NLRI
l Used for withdrawing one or multiple unfeasible routes
l An UPDATE packet that contains the MP_UNREACH_NLRI
does not carry any other path attributes
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
22/43
HUAWEI TECHNOLOGIES CO., LTD. Page 22All rights reserved
Question
l When PE received the routing information from other PEs
carried by MBGP, PE how to separate the routing information
which belongs to different VPN?
Remember RD? Can we use it?
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
23/43
HUAWEI TECHNOLOGIES CO., LTD. Page 23All rights reserved
Route Target
l Route Target attribute (RT) is one of the MBGP extension community
attributes
l There are two types of RT, the values of the type field are 0x0002 or
0x0102.
Assigned Number (4 bytes)
Assigned Number(2 bytes)IP address(4 bytes)0x0102
AS number(2bytes)0x0002
Assigned Number FieldAdministrator FieldTYPE(2 bytes
RT structure:
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
24/43
HUAWEI TECHNOLOGIES CO., LTD. Page 24All rights reserved
Route Target
l RT is used to separate VPN routing information advertisement
l There are two sets of Route Target attributes: Export Targets
and Import Targets
[ Export Targets is added to the route received from a
direct-connected Site in advertising local routes to remotePE routers.
[ Import Targets is used to decide which routes can be
imported into the routing table of this Site in receiving
routes from remote PE routers.
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
25/43
HUAWEI TECHNOLOGIES CO., LTD. Page 25All rights reserved
Typical Network Topology-1
Each site only belongs to one VPN: IntranetEach site only belongs to one VPN: Intranet
site1 site3
site2
site10
site20 site3
0
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
26/43
HUAWEI TECHNOLOGIES CO., LTD. Page 26All rights reserved
Typical Network Topology-2
site1
site4
site5
site2 site3
Intranet
Extranet
Site may belongs to multipleSite may belongs to multiple VPNsVPNs: Extranet: Extranet
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
27/43
HUAWEI TECHNOLOGIES CO., LTD. Page 27All rights reserved
Application of RT
l RT Export Target and import Target can be configured with several attributes
b
aim:a
ex:b
im:b
ex:a
im:a
ex:a
aim:a
ex:ac
b
im:a,c
ex:a,b
im:b
ex:c
aTrandition Mode
Hub-spoke mode
Extranet
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
28/43
HUAWEI TECHNOLOGIES CO., LTD. Page 28All rights reserved
Function of RT
P RouterP Router
MPLS/VPN BackboneMPLS/VPN BackboneVPN AVPN A
VPN B
SITESITE--22
VPN B
MP-iBGPSITESITE--11 SITESITE--33
SITESITE--44
Site-1routes RT=VPN A
Site-2routes RT=VPN B
Site-3routes RT=VPN A
Site-4routes RT=VPN B
VPNBSite2-routes
Site4-routes
VPNASite1-routes
Site3-routes
VPNBSite2-routes
Site4-routes
VPNASite1-routes
Site3-routes
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
29/43
HUAWEI TECHNOLOGIES CO., LTD. Page 29All rights reserved
Question
l After the completion of exchanging routing information between PEs,
now site3 want to access site1, the right PE look for the VRF table
and find out the nexthop!left PE, forward the packet to the left PE
using MPLS. When the packet arrived the left PE, the public MPLS
label is removed, which VPN the packet belongs to? And how to get
the correct nexthop?
P RouterP Router
VPN AVPN A
VPN B
SITESITE--22
VPN B
SITESITE--11 SITESITE--33
SITESITE--44
VPNBSite2-routesSite4-routes
VPNASite1-routesSite3-routes
VPNBSite2-routesSite4-routes
VPNASite1-routesSite3-routes
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
30/43
HUAWEI TECHNOLOGIES CO., LTD. Page 30All rights reserved
Network Layer Reachability Information:
l Multiple labels can be attached. The first 20 bits of each label refer to the label domain,
while of the last 4 bits, the first three refer to the EXP domain and the last one
indicates whether it is the stack base.
l Note that this label must be assigned by the LSR referred to in the Next-Hop of the
MP_REACH_NLRI attribute.
l There are two methods to cancel the route information (meanwhile to release label
binding).
[ Re-distribute a different route (and a new Label) for the same destination.
[ Use the Withdraw message to include the destination in MP_UNREACH_NLRI.
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
31/43
HUAWEI TECHNOLOGIES CO., LTD. Page 31All rights reserved
l NLRI" Network Layer Reachability Information, include address family,private label and RT )
l Followed is RT list#
RD:64bitIP prefixprefix24 bits"like MPLS label but without TTL portionlable
NLRI:
PEs ipv4 address"usually is loopback addressnext-hop:VPN-IPV4 address familyaddress#family
MP_REACH_NLRI
##
Extended_Communities"RT2
Extended_Communities"RT1
Network Layer Reachability Information:
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
32/43
HUAWEI TECHNOLOGIES CO., LTD. Page 32All rights reserved
VRF Route Distribute Step 1:Importing VRF Routes to
MP-iBGP
l Importing VRF route to MP-iBGP: PE router converts the route (in the VRF
routing table) received from CE into the VPN-V4 route; labels it with RD and
RT based on the configuration; changes the next hop as PE itself (loopback);assigns the label based on the interface; finally sends the MP-iBGP update
packet to all PE neighbors.
PE
CE-1
MP-iBGP
PE
BGP, RIPv2 updatefor 149.27.2.0/24,NH=CE-1
VPN-v4 update:RD:1:27:149.27.2.0/24,Next-hop=PE-1RT=VPN-ALabel=(28)
CE-2
Beijing Shanghai
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
33/43
HUAWEI TECHNOLOGIES CO., LTD. Page 33All rights reserved
VRF Route Distribute Step 2: Importing MP-iBGP
Routes to VRF
l Each VRF has configurations of import route-target and export route-target.
l When the transmitting PE sends MP-iBGP updates, the export attribute is attached in
the packet.
l When receiving MP-iBGP updates of VPN-IPv4, the receiving PE will judge whetherthe received export is equal to the import of the local VRF. If yes, it will be added to
the corresponding VRF routing table; otherwise, it will be discarded.
PE
CE-1
MP-iBGP
PEVPN-v4 update:RD:1:27:149.27.2.0/24,Next-hop=PE-1RT=VPN-ALabel=(28)
CE-2
PE receives the update packet, converts
VPN-v4 into the IPv4 address, and
distributes it to VFR VPN-A (RT=VPN-A)
routing table, then transmit it to CE withroute protocol between PE and CE.
Beijing Shanghai
ip vrfVPN-B
vpn -target import VPN-A
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
34/43
HUAWEI TECHNOLOGIES CO., LTD. Page 34All rights reserved
Basic Intranet Model
P RouterP Router
MPLS/VPN BackboneMPLS/VPN BackboneVPN AVPN A
VPN A
SITESITE--22
VPN A
SiteSite--1 routes1 routes
SiteSite--2 routes2 routes
SiteSite--3 routes3 routes
SiteSite--4 routes4 routes
MP-iBGP
SiteSite--3 & Site3 & Site--4 routes4 routes
RT=VPNRT=VPN--AASiteSite--1 & Site1 & Site--2 routes2 routes
RT=VPNRT=VPN--AA
SiteSite--1 routes1 routes
SiteSite--2 routes2 routes
SiteSite--3 routes3 routes
SiteSite--4 routes4 routes
SITESITE--11 SITESITE--33
SITESITE--44
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
35/43
HUAWEI TECHNOLOGIES CO., LTD. Page 35All rights reserved
MPLS/VPN Label Distribution
P routerP router
In Label FEC Out Label
- 197.26.15.1/32 -
In Label FEC Out Label
41 197.26.15.1/32 POP
In Label FEC Out Label
197.26.15.1/32 41
Use labelimplicit-null for
destination 197.26.15.1/32
Use label41for destination
197.26.15.1/32
VPN-v4 update:
RD:1:27 :149.27.2.0/24,
NH= 197.26.15.1
RT=VPN-A -
Label=(28)
PE-1
ShanghaiBeijing
149.27.2.0/24
-
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
36/43
HUAWEI TECHNOLOGIES CO., LTD. Page 36All rights reserved
MPLS/VPN Packet Forwarding-1
In Label FEC Out Label
- 197.26.15.1/32 41
149.27.2.27
PE-1
149.27.2.272841
VPN-A VRF
149.27.2.0/24,
NH=197.26.15.1
Label=(28)
ShanghaiBeijing
149.27.2.0/24
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
37/43
HUAWEI TECHNOLOGIES CO., LTD. Page 37All rights reserved
MPLS/VPN Packet Forwarding-2
In Label FEC Out Label
41 197.26.15.1/32 POP
Beijing
149.27.2.27
PE-1
Shanghai149.27.2.0/24
149.27.2.272841
VPN-A VRF
149.27.2.0/24,
NH=197.26.15.1
Label=(28)
149.27.2.2728
In Label FEC Out Label
28(V) 149.27.2.0/24 -
VPN-A VRF
149.27.2.0/24,
NH=beijing
149.27.2.27
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
38/43
HUAWEI TECHNOLOGIES CO., LTD. Page 38All rights reserved
MPLS
PEA
PB
PEC
MP-BGPIBGP Peer
CE A1 CE B1
CE A2 CE B2VPN-v4 update:RD:1:27:149.27.2.0/24,Next-hop=PE-CRT=VPN-A, Label=(28)
VPN-v4 update:
RD:1:27:149.27.2.0/24,
Next-hop=PE-C
RT=VPN-A, Label=(28)
BGP, OSPF, RIPv2 update
for 149.27.2.0/24,NH=PE-A
BGP, OSPF, RIPv2 update
for 149.27.2.0/24,NH=CE-A2
149.27.2.0/24IN 28 NH: CE A2
149.27.2.0/24 Out 28 NH: PE-C
Demo- Private Label Distribution
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
39/43
HUAWEI TECHNOLOGIES CO., LTD. Page 39All rights reserved
MPLS
PEAPB
PEC
20
1.1.1.1/32
1.1.1.1/32
1.1.1.1/32
IGP
IGPIn 20 out 3
3out 20149.27.2.0/24 Out 28 NH: PE-C
149.27.2.0/24IN 28 NH: CE A2
Demo- Public Label Distribution
l The loopback IP address of PE-C is 1.1.1.1/32
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
40/43
HUAWEI TECHNOLOGIES CO., LTD. Page 40All rights reserved
MPLS
PEA
PB
PECCE A1 CE B1
CE A2 CE B2
Ping 149.27.2.1
20 28
31.1.1.1/32 out 20
1.1.1.1/32In 20 out 3
1.1.1.1/32
149.27.2.0/24IN 28 NH: CE A2
149.27.2.0/24 Out 28 NH: PEC
BGP, OSPF, RIPv2 update
for 149.27.2.0/24,NH=PE-A
Demo- Packet Forwarding
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
41/43
HUAWEI TECHNOLOGIES CO., LTD. Page 41All rights reserved
Exercise-2
1. Describe the structure of RD and RT
2. Describe the procedure of VRF route distribution
3. Describe the procedure of VPN packet forwarding
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
42/43
HUAWEI TECHNOLOGIES CO., LTD. Page 42All rights reserved
l VPN Classification
l MPLS L3 VPN Label Distribution
l MPLS L3 VPN Forwarding Process
Summary
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.pdffactory.com/http://www.pdffactory.com/ -
8/13/2019 Odc010003 Mpls l3 VPN Principle Issue1_4
43/43
www.huawei.com
Thank You
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
http://www.huawei.com/http://www.pdffactory.com/http://www.pdffactory.com/http://www.huawei.com/