No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Feature Description - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Feature Description - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).



The multi-VPN-instance customer edge (MCE) technology provides logically independent VPN instances and address spaces on a CE, allowing multiple VPN users to share the same CE. The MCE technology provides an economical and easy-to-use solution to solve problems concerned with VPN service isolation and security.

VPN services are becoming increasingly refined, and the demand for VPN service security is growing. Carriers must isolate different types of VPN services on networks to meet this demand. As shown in Figure 5-13, the traditional BGP/MPLS IP VPN technology isolates VPN services by deploying one CE for each VPN, bringing in high costs and complicated network deployment. If multiple VPNs use the same CE to access upper-layer devices, these VPNs will share the same routing and forwarding table, and data security for these VPNs cannot be ensured. The MCE technology addresses conflicts between network costs and data security problems caused by multiple VPNs sharing the same CE.

Figure 5-13 Networking diagram for VPN service isolation using BGP/MPLS IP VPN


The MCE technology creates a VPN instance for each VPN service to be isolated. Each VPN uses an independent routing protocol to communicate with the MCE to which these VPNs are connected. A VPN instance is bound to each link between the MCE and the PE to which the MCE is bound. As a result, an independent channel is established for each VPN service, and different VPN services are isolated.

As shown in Figure 5-14, three VPN instances are configured on the MCE: VPN1, VPN2, and VPN3. To be specific, three independent VPN routing and forwarding tables are created on the MCE. VPN1 is bound to the link between the MCE and Site1 and a link between the MCE and PE, VPN2 is bound to the link between the MCE and Site2 and a link between the MCE and PE, and VPN3 is bound to the link between the MCE and Site3 and a link between the MCE and PE. These configurations allow VPN services to be isolated using only one MCE.

Figure 5-14 MCE networking


The MCE technology enables CEs to provide PE functions. MCEs avoid the practice of deploying one CE for each VPN although; whereas isolating VPN services, significantly reducing maintenance costs and expenditure on devices.

Updated: 2019-01-14

Document ID: EDOC1100058940

Views: 18886

Downloads: 34

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next