266
implement layered management of internal VPNs easily with a low cost and simple management
operation.
Before you configure nested VPN, configure basic MPLS L3VPN settings. For configuration information,
see "Configuring basic MPLS L3VPN."
Configuration restrictions and guidelines
• The address ranges for sub-VPNs of a VPN cannot overlap.
• Do not give nested VPN peers addresses that public network peers use.
• Before specifying a nested VPN peer or peer group, configure the corresponding CE peer or peer
group in BGP VPN instance view.
• If a CE of a sub-VPN is directly connected to a service provider's PE, policy routing must be
configured on the PE to allow mutual access between the sub-VPN and the VPN on the backbone.
Configuration procedure
To configure nested VPN:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enter BGP VPN instance view.
ipv4-family vpn-instance
vpn-instance-name
N/A
4. Configure a CE peer or peer
group.
peer { group-name |
peer-address } as-number number
N/A
5. Return to BGP view.
quit N/A
6. Enter BGP-VPNv4 subaddress
family view.
ipv4-family vpnv4 N/A
7. Enable nested VPN.
nesting-vpn Disabled by default.
8. Activate a nested VPN peer or
peer group, and enable the
BGP-VPNv4 route exchange
capability.
peer { group-name |
peer-address } vpn-instance
vpn-instance-name enable
By default, only IPv4 routes and no
BGP-VPNv4 routes can be
exchanged between nested VPN
peers/peer groups.
9. Add a peer to the nested VPN
peer group.
peer peer-address vpn-instance
vpn-instance-name group
group-name
Optional.
By default, a peer is not in any
nested VPN peer group.
10. Apply a routing policy to
routes received from a nested
VPN peer or peer group.
peer { group-name |
peer-address } vpn-instance
vpn-instance-name route-policy
route-policy-name import
Optional.
By default, no routing policy is
applied to routes received from a
nested VPN peer or peer group.
NOTE:
Nested VPN does not support multi-hop EBGP. A service provider PE and its peer must use the addresses
of the directly connected interfaces to establish a neighbor relationship.
To Next Page
Loading...
