Explain the virtual site properties in the VPN configuration

In-depth explanation of the VPN configuration instance about the virtual site properties, to introduce you to the VPN configuration instance method, probably a lot of people do not know how the VPN configuration instance is, no relationship, read this article you certainly have a lot of harvest, hope this article can teach you more things.





Control Routing Distribution





in this section, we discuss ways to control the distribution of Vpn-ipv4 routes.





Target VPN Configuration instance Properties





Each site forwarding is associated with one or more target VPN properties. When a PE router produces a vpn-ipv4 route, the route is associated with one or more target VPN configuration instances properties. This information is carried by BGP as a routing attribute. Any routes associated with the target VPN configuration instance T must be distributed to each PE router that has a forwarding associated with the target VPN configuration instance.





when a PE router receives such a route, it should install it in each site forwarding related to the target VPN configuration instance (the actual installation depends on the results of the BGP decision processing). Typically, the target VPN Configuration instance property represents a series of sites. Because routing is related to a target VPN configuration instance attribute, routing can be placed in a site-forwarding position to seek a path for the traffic from the corresponding site.




The
PE router uses a target VPN configuration instance attribute collection to indicate the route from the site S, and another target VPN configuration instance property collection to determine whether to add a routing information received from another PE router to the forwarding table associated with the site S. The two sets are different and do not need to be the same. The target VPN property functions like the BGP group attribute.





However, because the latter only has two bytes of numbered space, the format is not much. Extending the BGP group attribute to provide a larger number space is fairly simple and possible, similar to our description of RD (see section 4.1), so the category field defines the length of the manager field, and the remainder of the property is a number that is obtained from the specified manager's numbered space.





When a BGP propagator receives two routes for the same Vpn-ipv4 address prefix, it chooses one of them based on BGP's rules for routing precedence. Note A route can have only one rd, but it can have multiple target VPN configuration instances. In BGP, scalability is improved if there are multiple attributes in a single way.





can remove the target VPN configuration instance by generating more routes (with more rd), but the scalability is poor. How does PE determine which target VPN attribute is associated with the way it is? There are a number of possible ways. PE can configure all routes to a site that are related to a target VPN attribute, or you can configure a partial route to a site that is related to one target VPN attribute, and the remaining to another target VPN attribute.





can also be assigned one or more target VPN properties for each trip by the CE router when distributing routes to PE (see section 6th). The latter approach transfers control of the VPN policy execution mechanism from the SP to the client side. Even with this approach, it is hoped that PE can reduce the target VPN configuration instance according to its own configuration.





or/And forcibly add some target VPN properties. Rather, this attribute should be called the routing target property instead of the VPN target property. It only identifies some sites that can use the route, and does not care if the sites make up a VPN configuration instance.





distribution routing in PE with BGP





If a VPN's two sites are connected to a PE in the same autonomous system, PE can distribute Vpn-ipv4 routing through the IBGP connection between them. Alternatively, they can have a IBGP connection to a routing reflector RR. If two of the VPN sites are in different autonomous systems (for example, they are connected to different SPS).





then a PE router uses IBGP to redistribute VPN-IPV4 routes to an autonomous system boundary router ASBR or to a routed reflector RR on a ASBR client. ASBR uses EBGP to redistribute routes to the ASBR of another autonomous system. This allows you to connect to different VPN sites for different SPS.





However, as part of the mutual trust protocol between SPS, VPN-IPV4 routing can only be accepted by EBGP connections between private peers. Vpn-ipv4 routing cannot be distributed on the public Internet or accepted by the public Internet. If the sites of many VPN configuration instances are connected to different autonomous systems, there is no need for a ASBR of all VPN routes between the different autonomous systems, and there can be multiple asbr, each ASBR only partial routing of the VPN.





when a PE router distributes a vpn-ipv4 route with BGP, it uses its own address as the "BGP Next Hop" address and assigns and distributes an MPLS tag (in fact, the PE router does not distribute Vpn-ipv4 routes but rather tagged vpn-ipv4 routes , see [8]).





when PE receives a packet with an MPLS tag on top of the label stack, PE pops up the label and sends the packet directly to the specified site of the route. This means that it only sends the package to the CE router where it learns to route. Labels can also determine the encapsulation of data links. In general, the PE that receives the tagged package does not look for the destination address of the package in the forwarding publication, but uses the label of another PE to send the package directly to CE.





of course the label specified by PE may also implicitly specify a forwarding publication. In this case, when the PE receives the package, it looks for the destination address of the package according to the label to the forwarding publication. This approach is useful in some cases, but we do not detail it in this article. Note that this method distributes MPLS tags only when there is a label Exchange path LSP between the router that installed the route and the BGP next hop of the route.





We do not make any assumptions about the process of establishing the label Interchange path LSP, which may have been established in advance or when needed. It could be a "do your best" route, or it could be a traffic-engineering route. There may be one or more LSP with different QoS characteristics between a PE router in a route and its BGP next hop.





related to the VPN configuration instance architecture is some LSP between the router and its BGP next hop. Routing reflectors are typically used to improve scalability, such as the use of a hierarchical structure of route reflectors. You do not need a route reflector to master all the Vpn-ipv4 routes of all VPNs supported by the backbone, and you can use several separate routing reflectors that do not communicate with each other, and each only supports partial VPNs.





If a PE router is not connected to any one of the destination VPNs, it does not have to receive that route. The PE or route reflector that sends the route to it should take export filtering to prevent it from continuing to send it unwanted routes. Of course, if a PE router receives a route through BGP, but it is not connected to any one of the destinations of the route, Vpn,pe should also take a filtering of the route, without installing or redistributing it.





a router that is not connected to any instance of a VPN configuration, such as a P router, without installing any VPN-IPV4 routes. Such distribution rules ensure that no one device needs to master all the VPN-IPV4 routes supported by the backbone. Therefore, the total number of VPN-IPV4 routes supported by the backbone is not limited by the capacity of any one device and can be increased without limitation.