Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Creating an External Network
Context
In the resource model design for the fabric network, external networks are created on the border node so that terminals on the campus network can access the Internet. Three types of external network resources are defined: L3 shared egress, L3 exclusive egress, and L2 shared egress. If the user gateway is located in the fabric, the L3 shared egress or L3 exclusive egress is used.
- L3 shared egress: Multiple VNs on the fabric network share an L3 egress to communicate with the egress device. The L3 shared egress helps save VLAN and IP resources for interconnection and applies to scenarios where there are low requirements on security control policies between VNs.
- L3 exclusive egress: Each VN on the fabric network exclusively uses an L3 egress to communicate with the egress device. In this case, multiple security zones are typically configured on the firewall, each corresponding to one L3 exclusive egress. Thus, the traffic between service subnets of different VNs is isolated when reaching the firewall. To enable inter-VN communication through the firewall, you can configure security policies between security zones. Configuring security policies can also control the application ports used for communication and limit the bandwidth.
Configuration Tasks
Description |
Operation Procedure |
|---|---|
Creating an external network |
|