TIPS: Understand MPLSVPN (Part 2)

Welcome to the network technology community forum, and interact with 2 million technical staff to enter the information table for the second requirement, and formulate some policies to determine what prefix belongs. This solution creates a VPN-IPv4 prefix filter for each local information table. However, prefix filters cannot be well upgraded in terms of operations, especially when there are hundreds or

Welcome to the network technology community forum and interact with 2 million technical staff> go to the second requirement and formulate policies to determine what prefix is and what information table. This solution creates a VPN-IPv4 prefix filter for each local information table. However, prefix filters cannot be well upgraded in terms of operations, especially when there are hundreds or

Welcome to the network technology community forum and interact with 2 million technical staff> enter

For the second requirement, develop some policies to determine what prefix belongs to what information table. This solution creates a VPN-IPv4 prefix filter for each local information table. However, prefix filters cannot be well upgraded in terms of operations, especially when there are hundreds or thousands of users.

Filter VPN-IPv4 addresses are not as flexible as we like. For example, user A and user B may need to establish A VPN-based intranet between them to transmit A subset of A limited public address space to each other.

Fortunately, BGP already has a policy tool dedicated to using flexible policies for a large number of prefix groups (communities. The BGP Community path attribute is a "tag" that can be used for the BGP prefix ". As the name implies, the prefix that shares the same tag is a "Community" that can use some unified policies ".

The community can also provide broad policy flexibility because a prefix can have multiple communities. Therefore, you can create a policy that can only be used after identifying a specific Community or recognizing a combination of communities.

There are two types of BGP communities: Standard community is a 32-bit value, and extended community is a 64-bit value. This leads us back to this VPN discussion.

Mpls vpn uses a 64-bit extended community attribute called "route destination" (RT ). On a specified service provider, you create an outbound policy to attach a route destination to a local connection to a VPN user at the service provider. Then, you create an inbound policy on all other service providers that own the user's website to identify one or more of your route targets, and accept the prefix to enter the user's local VPN Information table.

The difference between the route ID and the route target is the cause of confusion among many network workers, mainly because they are all 64-bit values in the same format. Both the route ID and route target have a two-byte type field, which indicates "Type 0" or "Type 1 ". The two fields after the type field represent the Administrator field and the assigned number field. The route ID of Type 0 and the route destination have a two-byte administrator field and a four-byte assigned number field. The route ID and target of type 1 have a 4-byte administrator field and a 2-byte assigned number field. In both cases, the assigned number field is any number you have specified. However, the Administrator field can also be any number you like. These two types allow you to change this field to a two-byte AS number or a four-byte IP address.

However, the main point is that although route recognition and route targets are in the same format, they are different animals and execute completely different tasks. Remember that the route Id only changes the potentially identical prefix into a unique prefix, and the route destination is a BGP community attribute that transfers the publish of accessible information to the correct information table.

[1] [2]