195
•
The classification of a site depends on the topology relationship of the devices, rather than the
geographical positions. However, the devices at a site are, in most cases, adjacent to each
other geographically.
•
The devices at a site can belong to multiple VPNs, which means that a site can belong to
multiple VPNs.
•
A site is connected to a provider network through one or more CEs. A site can contain multiple
CEs, but a CE can belong to only one site.
Sites connected to the same provider network can be classified into different sets by policies. Only
the sites in the same set can access each other through the provider network. Such a set is called a
VPN.
VPN instance
VPN instances implement route isolation, data independence, and data security for VPNs.
A VPN instance has the following components:
•
A separate Label Forwarding Information Base (LFIB).
•
An IP routing table.
•
Interfaces bound to the VPN instance.
•
VPN instance administration information, including route distinguishers (RDs), route targets
(RTs), and route filtering policies.
To associate a site with a VPN instance, bind the VPN instance to the PE's interface connected to the
site. A site can be associated with only one VPN instance, and different sites can be associated with
the same VPN instance. A VPN instance contains the VPN membership and routing rules of
associated sites.
VPN-IPv4 address
Each VPN independently manages its address space. The address spaces of VPNs might overlap.
For example, if both VPN 1 and VPN 2 use the addresses on subnet 10.110.10.0/24, address space
overlapping occurs.
BGP cannot process overlapping VPN address spaces. For example, if both VPN 1 and VPN 2 use
the subnet 10.110.10.0/24 and each advertise a route destined for the subnet, BGP selects only one
of them. This results in the loss of the other route.
Multiprotocol BGP (MP-BGP) can solve this problem by advertising VPN-IPv4 addresses (also
called VPNv4 addresses).
Figure 49 VPN-IPv4 address structure
As shown in
, a VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the
RD, followed by a four-byte IPv4 prefix. The RD and the IPv4 prefix form a unique VPN-IPv4 prefix.
An RD can be in one of the following formats:
•
When the Type field is 0, the Administrator subfield occupies two bytes, the Assigned number
subfield occupies four bytes, and the RD format is
16-bit AS number
:
32-bit user-defined
number
. For example, 100:1.
•
When the Type field is 1, the Administrator subfield occupies four bytes, the Assigned number
subfield occupies two bytes, and the RD format is
32-bit IPv4 address
:
16-bit user-defined
number
. For example, 172.1.1.1:1.
Type
2 bytes
4 bytes
IPv4 address prefix
6 bytes
Route Distinguisher (8 bytes)
Assigned number subfield
Administrator subfield