How to realize that MPLS users L2 of provate network connects NE40 and accesses public network?
1. Topology: NE40 (PE)－－switch (L2)－－PC PC gateway is located on Ethernet1/0/1of NE40. This port binds VPN_A of VPN instance.
2. Service Demands: PC belongs to VPN_A and can access network.
3. Version: NE40 VRP3.10 Release 2317
Instance realization is as follows:
INTERNET (22.214.171.124)－－NE40 (PE)－－switch (L2)－－PC(126.96.36.199)
PC net card setting: IP: 188.8.131.52/24 Gateway: 184.108.40.206 connects on Ethernet 1/0/1 of NE40 (PE).
The main configuration is on PE. Refer to route configuration on PE: (Basic configuration of MPLS VPN is omitted, details can be referred to configuration manual of NE40 MPLSVPN)
[NE40-PE]ip route-static 0.0.0.0 0.0.0.0 220.127.116.11 preference 60
[NE40-PE]ip route-static 18.104.22.168 255.255.255.0 Ethernet 1/0/1 22.214.171.124 preference 60
(Note: the next-hop is PC address and the port is designated. Only the host IP address can be pinged. If there is lack of one configuration, actual test is not available. The network segment can be host address or network segment address)
[NE40-PE]ip route-static vpn-instance VPN_A 0.0.0.0 0.0.0.0 126.96.36.199 public preference 60
Through the configuration above, PC can access public network normaly and belongs to VPN_A.
Note: The configuration of each device is different, but the realization is the same. Here related configuration of NE40 is for referrence.
Here use public network and private network to penetrate mutually. Add one route to public network in private network routing table of VPN_A instance and add one route to PC network segment in public network routing table. For the addition route to PC network segment, how is the next-hop configured?
Note: For NE40 configuration, the next-hop should designate port and detailed IP address.