206
Nested VPN is flexible and easy to implement and can reduce the cost because a customer only needs
to pay for one MPLS VPN to have multiple internal VPNs connected. Nested VPN provides diversified
VPN networking methods for a customer, and allows for multi-level hierarchical access control over the
internal VPNs.
Multi-role host
The VPN attributes of the packets forwarded from a CE to a PE depend on the VPN instance bound to the
inbound interface. Therefore, all CEs whose packets are forwarded through the same inbound interface
of a PE must belong to the same VPN.
In a real networking environment, however, a CE may need to access multiple VPNs through a single
physical interface. In this case, you can set multiple logical interfaces to satisfy the requirement. But this
needs extra configurations and brings limitations to the application.
Using multi-role host, you can configure static routing on the PE to allow packets from the CE to access
multiple VPNs.
To allow information from other VPNs to reach the CE from the PE, you must configure static routes on
other VPNs that take the interface connected to the CE as the next hop.
NOTE:
All IP addresses associated with the PE must be unique to implement the multi-role host feature.
In practice, HP recommends centralizing the addresses of each VPN to improve the forwarding
efficiency.
HoVPN
Why HoVPN?
In MPLS L3VPN solutions, PEs are the key devices. They provide two functions:
•
User access. This means that the PEs must have a large amount of interfaces.
•
VPN route managing and advertising, and user packet processing. These require that a PE must
have a large-capacity memory and high forwarding capability.
Most of the current network schemes use the typical hierarchical architecture. For example, the MAN
architecture contains typically three layers, namely, the core layer, distribution layer, and access layer.
From the core layer to the access layer, the performance requirements on the devices decrease while the
network expands.
MPLS L3VPN, on the contrary, is a plane model where performance requirements are the same for all PEs.
If a certain PE has limited performance or scalability, the performance or scalability of the whole network
is influenced.
Due to the previous difference, you are faced with the scalability problem when deploying PEs at any of
the three layers. Therefore, the plane model is not applicable to the large-scale VPN deployment.
To solve the scalability problem of the plane model, MPLS L3VPN must transition to the hierarchical
model. In MPLS L3VPN, hierarchy of VPN (HoVPN) was proposed to meet that requirement. With HoVPN,
the PE functions can be distributed among multiple PEs, which take different roles for the same functions
and form a hierarchical architecture.
As in the typical hierarchical network model, HoVPN has different requirements on the devices at
different layers of the hierarchy.