No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E VPN route through layer 3 network

Publication Date:  2017-12-26 Views:  177 Downloads:  0
Issue Description

Product: NE20E

Network topology:

2G_BTS<-->carrier L3 Layer<-->NE20E<-->VPN_2G_BTS

Network Overview: In this network, both ends are customer network, and the right of router is NE20E, and the middle network belong carrier.On the left end, the customer's terminal access to carrier router and through carrier layer 3 network, and then connect to the customer's router NE20E. In the carrier,they only make sure the terminal can access to NE20E.In the customer's core network, there are running vpn distinguish three business. Taking vpn-instance VPN1 as example, the terminal network ip address is 10.10.10.0/30,the ip address of interface that connect to carrier is 10.200.10.2, the carrier port ip address is 10.200.10.1, the vpn VPN1 gateway is 10.20.20.1/29.

Problem description: Customer wants to the terminal can access to core network, but now, the terminal only can access to NE20E, can't access to core network.Taking vpn-instance VPN1 as example, the terminal can pingable 10.200.10.2,and NE20E can pingable terminal from source 10.200.10.2, but terminal can't pingable the vpn VPN1 gateway 10.20.20.1,and 10.20.20.17 can't pingable terminal too.

 

Alarm Information

None

 

Handling Process

1.This problem is how to configure the public network and VPN intercommunication issues;

2.List the network segments that need to be interoperable,

Public network segments:10.10.10.0/30

VPN-instance VPN1:10.20.20.0/29

3.Configuring static route leak:

ip route-static vpn-instance VPN1 10.10.10.0 255.255.255.252 10.200.10.1 public   /vpn to public
ip route-static 10.20.20.0 255.255.255.248  vpn-instance VPN1 10.20.20.1             /public to vpn

4.After configuring, test again, the vpn and public network route reachabcle.

 

 

Root Cause

 Public network and VPN network don't contain each other route, lead to can't pingable each other.

 

Solution

Configuring static route leak on the NE20E:

ip route-static vpn-instance VPN1 10.10.10.0 255.255.255.252 10.200.10.1 public   /vpn to public
ip route-static 10.20.20.0 255.255.255.248  vpn-instance VPN1 10.20.20.1             /public to vpn

 

Suggestions

Static route leaking is a way of public and private network intercommunication,when we can't use bgp mpls vpn solving vpn and public network intercommunication issue, we can use this way.

 

END