Operation Manual – MCE
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 MCE Overview
1-5
z
Export target attribute: A local PE sets this type of VPN target attribute for
VPN-IPv4 routes learnt from directly connected sites before advertising them to
other PEs.
z
Import target attribute: A PE checks the export target attribute of VPN-IPv4 routes
advertised by other PEs. If the export target attribute matches the import target
attribute of the VPN instance, the PE adds the routes to the VPN routing table.
In other words, VPN target attributes define which sites can receive a VPN-IPv4 route,
and from which sites a PE can receive routes.
Like RDs, VPN target attributes can be of two types of formats:
z
16-bit AS number:32-bit user-defined number. For example, 100:1.
z
32-bit IPv4 address:16-bit user-defined number. For example, 172.1.1.1:1.
1.1.3 Introduction to MCE
With BGP/MPLS VPN, data of private networks can be transmitted in the public
network securely through tunnels. However, in a typical BGP/MPLS VPN network,
each VPN is connected to the PE through a CE, as shown in
.
With the users’ increasing demand for service segmentation and security, a private
network may be divided into multiple VPNs, and the users of different VPN are usually
isolated from each other. In a private network containing multiple VPNs, users may be
in such a dilemma: equipment investment and the maintenance cost increment caused
by assigning a CE for each of the VPNs; and potential data security risks introduced by
sharing one CE among multiple VPNs (because the same routing entry may be used in
multiple VPNs in this case).
An S3610&S5510 switch with MCE enabled can solve this problem. By binding the
VLAN interfaces to the VPNs in a network on an S3610&S5510 switch of this kind, you
can create and maintain a routing table for each of the VPNs. In this way, packets of
different VPNs in the private network can be isolated. Moreover, with the cooperation of
the PE, the routes of each VPN can be advertised to the corresponding remote PE
properly, so that packets of each VPN in the private network can be transmitted
securely through the public network.
1.1.4 How MCE Works
illustrates how MCE creates and maintains routing entries of multiple VPNs
and how the MCE exchanges VPN routes with PEs.