318
•
PE 1 and PE 2 are PE devices on the service provider backbone. Both of them support the nested
VPN function.
•
CE 1 and CE 2 are connected to the service provider backbone. Both of them support VPNv4
routes.
•
PE 3 and PE 4 are PE devices of the customer VPN. Both of them support MPLS L3VPN.
•
CE 3 through CE 6 are CE devices of the sub-VPNs for the customer VPN.
The key of nested VPN configuration is to understand the processing of routes of sub-VPNs on the service
provider PEs, which is described as follows:
•
When receiving a VPNv4 route from a CE (CE 1 or CE 2 in this example), a service provider PE
replaces the RD of the VPNv4 route with the RD of the MPLS VPN on the service provider network
where the CE resides, adds the export target attribute of the MPLS VPN on the service provider
network to the extended community attribute list, and then forwards the VPNv4 route as usual.
•
To implement exchange of sub-VPN routes between customer PEs and service provider PEs,
MP-EBGP peers must be established between service provider PEs and customer CEs.
Figure 83
Network diagram
Device Interface IP
address
Device
Interface
IP address
CE 1
Loop0
2.2.2.9/32
CE 2
Loop0
5.5.5.9/32
Vlan-int12 10.1.1.2/24
Vlan-int11 21.1.1.2/24
Vlan-int11
11.1.1.1/24
Vlan-int12 20.1.1.1/24
CE 3
Vlan-int11
100.1.1.1/24
CE 4
Vlan-int11 120.1.1.1/24
CE 5
Vlan-int13
110.1.1.1/24
CE 6
Vlan-int13
130.1.1.1/24
PE 1
Loop0
3.3.3.9/32
PE 2
Loop0
4.4.4.9/32
Vlan-int11
11.1.1.2/24
Vlan-int11 21.1.1.1/24
Vlan-int12 30.1.1.1/24
Vlan-int12 30.1.1.2/24
PE 3
Loop0
1.1.1.9/32
PE 4
Loop0
6.6.6.9/32
Vlan-int11
100.1.1.2/24
Vlan-int11 120.1.1.2/24
Vlan-int12 10.1.1.1/24
Vlan-int12 20.1.1.2/24
Vlan-int13
110.1.1.2/24
Vlan-int13 130.1.1.2/24
Lo
op
0
Lo
op0
Lo
op0
Lo
op0