No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an MCE

Configuring an MCE

Multi-vpn-instance can be configured for routing protocols on a CE to isolate different types of services on a LAN.

Usage Scenario

VPN services are becoming increasingly refined and the demand for VPN service security is growing. Carriers must isolate different types of VPN services on networks to meet this demand. The traditional BGP/MPLS VPN technology isolates VPN services by deploying one CE for each VPN, which is expensive and complicates network deployment. If multiple VPNs use the same CE to access upper-layer devices, these VPNs share the same routing and forwarding table, and data security for these VPNs cannot be ensured. The MCE technology addresses the conflict between network costs and data security problems caused by multiple VPNs sharing the same CE.

On the network shown in Figure 5-10, the R&D and sales departments of Company X share the same LAN in City A. The two departments use the same CE to access the VPN backbone network. You can configure OSPF multi-VPN-instance on the CE in City A and the PE to which the CE is connected to achieve the following objectives:
  • The sales departments in cities A and B can communicate with each other.
  • The R&D departments in cities A and C can communicate with each other.
  • The R&D departments are isolated from the sales departments.
Similar to OSPF multi-vpn-instance on a PE, each OSPF instance on the CE in City A serves as a virtual CE for each type of service. This CE is called an MCE. The MCE can isolate different types of services at low costs, ensuring service security.
Figure 5-10 MCE networking

Pre-configuration Tasks

Before configuring an MCE, complete the following tasks:

  • Configure a VPN instance for each service on the MCE and the PE to which the MCE is connected (for details, see Configuring a VPN Instance)

  • Configure link and network layer protocols for LAN interfaces, and connect the LAN interface for each type of service to the MCE.

  • Bind the MCE's interfaces and the PE's interfaces connecting to the MCE to VPN instances (for details, see Binding Interfaces to a VPN Instance), and configure IP addresses for these interfaces.

Configuration Procedures

Figure 5-11 Flowchart for configuring an MCE
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 36816

Downloads: 61

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next