165
4.
PE 2 performs the following operations:
a.
Uses the inner label to find the matching VPN instance to which the destination address of the
packet belongs.
b.
Looks up the routing table of the VPN instance for the output interface.
c.
Removes the inner label and forwards the packet out of the interface to CE 2.
5.
CE 2 transmits the packet to the destination through IP forwarding.
When two sites of a VPN are connected to the same PE, the PE directly forwards packets between the two
sites through the VPN routing table without adding any tag or label.
MPLS L3VPN networking schemes
In MPLS L3VPNs, route target attributes are used to control the advertisement and reception of VPN
routes between sites. They work independently and can be configured with multiple values to support
flexible VPN access control and implement multiple types of VPN networking schemes.
Basic VPN networking scheme
In the simplest case, all users in a VPN form a closed user group. They can forward traffic to each other
but cannot communicate with any user outside the VPN.
For the basic VPN networking scheme, you must assign a route target to each VPN for identifying the
export target attribute and import target attribute of the VPN. Moreover, this route target cannot be used
by any other VPNs.
Figure 43
Network diagram for basic VPN networking scheme
As shown in
, the route target for VPN 1 is 100:1, while that for VPN 2 is 200:1. The two VPN
1 sites can communicate with each other, and the two VPN 2 sites can communicate with each other.
However, the VPN 1 sites cannot communicate with the VPN 2 sites.
Hub and spoke networking scheme
The hub and spoke networking scheme is suitable for a VPN where all users must communicate with each
other through an access control device.
CE
CE
CE
CE
PE
PE
P
Site 2
Site 1
Site 3
Site 4
VPN 1
VPN 1
VPN 2
VPN 2
VPN 1:
Import: 100:1
Export: 100:1
VPN 2:
Import: 200:1
Export: 200:1
VPN 2:
Import: 200:1
Export: 200:1
VPN 1:
Import: 100:1
Export: 100:1