287
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
120.1.1.0/24 BGP 255 0 6.6.6.9 POS1/1/1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
4.
Verify that PE 3 and PE 4 can ping each other. (Details not shown.)
5.
Verify that CE 3 and CE 4 can ping each other. (Details not shown.)
Configuring nested VPN
Network requirements
The service provider provides nested VPN services for users, as shown in
•
PE 1 and PE 2 are PE devices on the service provider backbone. Both of them support the
nested VPN feature.
•
CE 1 and CE 2 are provider CEs connected to the service provider backbone. Both of them
support VPNv4 routes.
•
PE 3 and PE 4 are PE devices of the customer VPN. Both of them support MPLS L3VPN.
•
CE 3 through CE 6 are CE devices of sub-VPNs in the customer VPN.
The key of nested VPN configuration is to understand the processing of routes of sub-VPNs on the
service provider PEs:
•
When receiving a VPNv4 route from a provider CE (CE 1 or CE 2, in this example), a provider
PE performs the following operations:
a.
Replaces the RD of the VPNv4 route with the RD of the MPLS VPN on the service provider
network.
b.
Adds the export target attribute of the MPLS VPN on the service provider network to the
extended community attribute list.
c.
Forwards the VPNv4 route.
•
To implement exchange of sub-VPN routes between customer PEs and service provider PEs,
MP-EBGP peers must be established between provider PEs and provider CEs.
Figure 79 Network diagram
PE 1
CE 3
AS 65410
SUB_VPN 1
PE 2
Customer VPN
PE 3
CE 6
AS 65421
SUB_VPN 2
PE 4
POS1/1/1
POS1/1/0
Carrier VPN
Customer VPN
Loop0
Loop0
POS1/1/0
POS1/1/1
POS1/1/1
POS1/1/0
Loop0
Loop0
CE 1
CE 2
Lo
op0
Loop0
Loop
0
POS1/1/0
POS1/1/1
GE1/1/1
GE1/1/1
GE1/1/1
GE1/1/2
POS1/1/1
POS1/1/1
AS 100
AS 200
VPN 1
AS 200
VPN 1
CE 5
AS 65411
SUB_VPN 2
GE1/1/1
GE1/1/2
CE 4
AS 65420
SUB_VPN 1
GE1/1/1
GE1/1/1