No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S V800R010C10SPC500 Feature Description - VPN 01

This is NE20E-S V800R010C10SPC500 Feature Description - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
CEs Connecting to the MPLS VPN over GRE Tunnels

CEs Connecting to the MPLS VPN over GRE Tunnels

To connect a CE to an MPLS VPN, you must use a physical link to directly connect the CE to a PE on the MPLS backbone network. Specifically, the CE and PE must be on the same network. In this networking, you must associate the VPN with the physical interface connecting the PE to the CE.

As shown in Figure 3-11, not all CEs and PEs can be directly connected over physical links in actual networking. For example, for multiple organizations that connect to the Internet or IP backbone network, their CEs and PEs are geographically dispersed and cannot directly access the PEs on the MPLS backbone network. These organizations cannot directly access the sites inside the MPLS VPN through the Internet or IP backbone network.

Figure 3-11 CEs accessing the MPLS VPN backbone network through the IP backbone network

To connect a CE to the MPLS VPN and ensure data transmission security, use the public network or a private network to connect the CE to a PE on the MPLS backbone network and establish a GRE tunnel between the CE and PE. The GRE tunnel can be regarded as a physical interface. You can associate the VPN with the interface on the PE.

When a GRE tunnel is used to access an MPLS VPN, GRE can be implemented in the following modes:

  • GRE of the private network: The GRE tunnel is associated with a certain VPN instance; the source and destination addresses of the GRE tunnel belong to this VPN instance.

  • GRE across the public network: The GRE tunnel is associated with a certain VPN instance; the source and destination addresses of the GRE tunnel are public network addresses, which do not belong to this VPN instance.

  • GRE across the VPN: The GRE tunnel is associated with a certain VPN instance, such as VPN1; the source interface of the GRE tunnel is bound to another VPN instance, such as VPN2. The GRE tunnel passes through VPN2.

GRE of the Private Network

Figure 3-12 GRE of the private network

On the network shown in Figure 3-12, the source and destination addresses of the GRE tunnel belong to the private network. Establishing another tunnel to PE1 on the VPN is not cost-effective, and therefore you are advised to use R1 as a CE.

GRE Across the Public Network

In this networking, a CE and a PE must have interfaces that belong to the public network. The interfaces must use public network IP addresses. The CE must have routes to PEs in its public network routing table, whereas the PE must have routes to CEs in its public network routing table.

Figure 3-13 GRE across the public network

To transmit private network traffic from CEs to PEs over the tunnel, the outbound interface of the route to the remote site segment must be the GRE tunnel interface, and the next hop must be the IP address of the tunnel interface.

GRE Across the VPN

GRE across the VPN is different from GRE across the public network. In GRE across the VPN, CEs connect to PEs over a VPN such as VPN2 rather than the public network. Specifically, both the outbound interface of the private network traffic from CEs to PEs and the outbound interface of the private network traffic returned from PEs to CEs belong to VPN2.

Figure 3-14 GRE across the VPN

For example, in Figure 3-14, PE1 and PE2 are the edge devices of the first carrier on the MPLS backbone network. VPN2 is a VPN of the second carrier network. CE1 and CE2 are devices of customers.

To deploy a VPN based on the MPLS network in such a networking environment, such as VPN1, you can create a GRE tunnel across VPN2 between PE1 and CE1. CE1 and PE1 are then logically directly connected.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055135

Views: 10324

Downloads: 19

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next