No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S1720, S2700, S5700, and S6720 V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Hub and Spoke Networking Application

Hub and Spoke Networking Application

Service Overview

Large financial enterprises, such as banks use the Hub and Spoke networking mode to ensure financial data security. Hub and Spoke networking allows branches to exchange data only through their headquarters. Data transmission between branches is therefore under effective supervision.

In Hub and Spoke networking, the site where the access control device of the headquarters is located is called a Hub site; other sites where branches are located are called Spoke sites. At the Hub site, a device that connects to the VPN backbone network is called a Hub-CE device. At a Spoke site, a device that connects to the VPN backbone network is called a Spoke-CE device. On the VPN backbone network, a device that connects to the Hub site is called a Hub-PE device, and a device that connects to a Spoke site is called a Spoke-PE device.

A Spoke site advertises routes to the Hub site. The Hub site then advertises the routes to other Spoke sites. Spoke sites do not advertise routes to each other. The Hub site controls communication between all the Spoke sites.

Networking Description

In Hub and Spoke networking, the following solutions can be used:

  • EBGP running between the Hub-CE and Hub-PE devices, and between Spoke-PE and Spoke-CE devices

  • IGP running between the Hub-CE and Hub-PE devices, and between Spoke-PE and Spoke-CE devices

  • EBGP running between the Hub-CE and Hub-PE devices, and IGP running between Spoke-PE and Spoke-CE devices

The following describes these networking solutions in detail:

  • EBGP running between the Hub-CE and Hub-PE devices, and between Spoke-PE and Spoke-CE devices

    In Figure 3-30, a route advertised by a Spoke-CE device is forwarded to the Hub-CE and Hub-PE device before being transmitted to other Spoke-PE devices. If EBGP runs between the Hub-PE and the Hub-CE device, the Hub-PE device performs an AS-Loop check on the route. When the Hub-PE device detects its own AS number in the route, it discards the route. To implement Hub and Spoke networking, the Hub-PE device must be configured to allow repeated AS numbers.

    Figure 3-30  EBGP running between the Hub-CE and Hub-PE devices, and between Spoke-PE and Spoke-CE devices

  • IGP running between the Hub-CE and Hub-PE devices, and between Spoke-PE and Spoke-CE devices

    As shown in Figure 3-31, all PE and CE devices exchange routes using an IGP, and IGP routes do not contain the AS_Path attribute. The AS_Path field of BGP VPNv4 routes is therefore empty.

    Figure 3-31  IGP running between the Hub-CE and Hub-PE devices, and between Spoke-PE and Spoke-CE devices

  • EBGP running between the Hub-CE and Hub-PE devices, and IGP running between Spoke-PE and Spoke-CE devices

    In Figure 3-32, the network topology is similar to that shown in Figure 3-30. The AS_Path attribute of the routes forwarded by the Hub-CE device to the Hub-PE device contains the AS number of the Hub-PE device. The Hub-PE device must therefore be configured to allow repeated AS numbers.

    Figure 3-32  EBGP running between the Hub-CE and Hub-PE devices, and IGP running between Spoke-PE and Spoke-CE devices

Translation
Download
Updated: 2019-04-18

Document ID: EDOC1000141944

Views: 86747

Downloads: 521

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next