4
As shown in
, the MCE exchanges private routes with VPN sites and PE 1, and adds the
private routes to the routing tables of corresponding VPN instances.
•
Route exchange between MCE and VPN site
—Create VPN instances VPN 1 and VPN 2 on
the MCE. Bind VLAN-interface 2 to VPN 1, and VLAN-interface 3 to VPN 2. The MCE adds a
received route to the routing table of the VPN instance that is bound to the receiving VLAN
interface.
•
Route exchange between MCE and PE
—The MCE connects to PE 1 through a trunk link that
permits VLAN 2 and VLAN 3. On PE 1, create VPN instances VPN 1 and VPN 2. Bind
VLAN-interface 2 to VPN 1, and VLAN-interface 3 to VPN 2. The MCE and PE add a received
route to the routing table of the VPN instance that is bound to the receiving VLAN interface.
You can configure static routes, RIP, OSPF, IS-IS, EBGP, or IBGP between an MCE and a VPN site
and between an MCE and a PE.
NOTE:
To implement dynamic IP assignment for DHCP clients in private networks, you can configure
DHCP server or DHCP relay agent on the MCE. When the MCE functions as the DHCP server, the
IP addresses assigned to different private networks cannot overlap.
MCE configuration task list
Tasks at a glance
1.
(Required.)
2.
(Required.)
Associating a VPN instance with an interface
3.
(Optional.)
Configuring route related attributes for a VPN instance
•
(Required.)
Configuring routing between an MCE and a VPN site
•
(Required.)
Configuring routing between an MCE and a PE
Configuring VPN instances
VPN instances isolate VPN routes from public network routes and routes among VPNs. You must
configure VPN instances for an MCE network.
Creating a VPN instance
A VPN instance is a collection of the VPN membership and routing rules of its associated site. A VPN
instance may not correspond to one VPN.
To create and configure a VPN instance:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create a VPN instance and
enter VPN instance view.
ip vpn-instance
vpn-instance-name
By default, no VPN instance is
created.
3.
Configure an RD for the VPN
instance.
route-distinguisher
route-distinguisher
By default, no RD is specified for a
VPN instance.