Table of contents
VPN in MPLS of HCIP
definition
VPN --- dedicated for virtual network --- is a comprehensive solution provided by operators to solve virtual private line security and broadband issues
examples
interpret
Site --- It can be understood as IP addresses belonging to the same enterprise or institution and located in different geographical locations
PE --- server provider edge equipment --- On the one hand, it needs to be connected to the VPN backbone network, on the other hand, it needs to provide different services, and CE ( customer edge equipment )
P --- server provider equipment --- equipment in the MPLS VPN backbone network, not connected to CE, but to provide fast routing forwarding
C --- Client Equipment --- Does not play a substantial role in MPLS VPN
Notice:
MPLS VPN is not a single VPN technology, but a comprehensive solution combining multiple technologies
process
Control level --- The CE at site 1 learns the routing information of this site through the IGP protocol , and then transmits it to the PE device ( dynamic transmission can be used), and then the PE device transmits it to the remote PE through the backbone network device (using BGP to transfer), the remote PE then transfers the routing information to the CE device at site 2 ( dynamic and static methods are acceptable ), and then the CE device at site 2 sends the routing information to each site through the IGP protocol
Data level --- Site 2 wants to access the network segment of site 1, the data first arrives at the CE device of site 2, and then is passed to the PE device. The PE device then transmits it to the remote PE device, and then transmits it to the CE device at site 1, and then the CE device sends it to the target network segment.
Double Labeling Technology
control plane
VRF --- virtual routing and forwarding ---VPN Instance (VPN instance)---is equivalent to logically dividing the real Ethernet device into multiple simulated routers. Each VRF has its own independent routing table, FIB table dynamic routing protocol process and interface, etc.
RD value --- Routing Distinguishing Code --- Consists of 64-bit binary --- AS:NN --- The front AS represents the AS number where it is located, and the back NN represents a custom value
IPV4 routing information --- 32-bit binary composition --- After adding the RD value in front of the PV4 routing information , changing from the original 32 bits to 96 bits , it will become a VPNV4 routing.
Notice:
Because the ordinary BGPV4 version is only for IPV4 replacement, it transmits IPV4 routes, and here needs to transmit VPNV4 routes . Therefore, it needs to be applied to the MP-BGP protocol ( multi-protocol BGP protocol ), which can support multiple address families .
MP-BGP --- It can carry routing information for various address groups. If you need to transfer VPNV4 routes, you need to use MP-BGP for transfer
RT value --- routing target value --- also known as VPN Target --- 32-bit binary --- AS: NN --- carried by the community attribute of BGP
Outbound RT value --- Export RT --- PE device configures different outbound RT values for different VRFs, which are carried by the community attribute when sending out
Inbound RT value --- Different inbound RT configured by the remote PE device for different VRF spaces, compared according to the value in the community attribute, and put it back into the corresponding VRF space
data plane
When the data layer traffic passes through the backbone network, it needs to be labeled with double labels. One is the label close to the second layer, which we call the public network label; the other is the label close to the third layer, which we call the private network label. After the data arrives at the remote PE, the public network label pops up first, and then the private network label is exposed, and the mapping relationship between the private network label and VRF can be transmitted to send the data to the corresponding VRF space
Public network label --- LDP protocol distribution --- to ensure that data traffic can pass through the MPLS backbone network smoothly
Private network label --- assigned by MP-BGP protocol --- assigned when transmitting routing information, and then passed to the peer end through the community attribute --- used to distinguish different VRF spaces.