Version information: NE40 VRP5.10
Note: NE40/NE08E acts as PE device and NE40 is central node. It connects many NE08E with star-type. Deploy many VPN on PE device and it is HUB-SPOKE mode. NE40 is HUB point and NE08E is SPOKE point. One super VPN is deployed on NE40 and it can communicate with VPN. It is HUB-SPOKE mode.
Phenomenon: Advertise default route in SuperVPN, and then each VPN can communicate.
1. Configure EACL on the interface of PE and CE. There are too many devices that are required to configure. It is not suggested to use.
2. Not advertise default route in SuperVPN but advertise default route in each VPN of public network demands. Firewall need use many logical interfaces to connect with NE40. Natural inter-area insulation of Firewall is made use to insulate mutual access of each VPN. It is suggested to use.
SuperVPN and other VPN use HUB-SPOKE mode. Each VPN cannot communicate through SuperVPN. They cannot learn detailed route of the peer. After default route is advertised in SuperVPN, each VPN van learn default route pointing to SuperVPN. SuperVPN has detailed route of each VPN. Each VPN can communicate with other VPN through default route. It disobeys the design.