are safely differentiated. Currently, LAN services can be differentiated by utilizing VLAN
switches, but they have a weak routing capability.
l VPN and Internet interworking
The S7700 implements interworking between VPNs and the Internet by configuring static
routes on PEs.
Reliability
To improve the reliability of a VPN, generally, the following networking modes are adopted.
l The backbone network is an MPLS network, on which the devices adopt hierarchical
backup and are fully connected through high-speed interfaces. If there are many PEs on
the network, the BGP route reflector is deployed to reflect IPv4 VPN routes in order to
decrease the number of Multi-Protocol internal BGP (MP IBGP) connections.
l Either a mesh topology or a ring topology is used at the convergence layer based on the
requirements.
l The dual-homed CE or multi-homed CE is deployed on the access layer.
The S7700 supports VPN FRR in a VPN network where the dual-homed CE reside. After a PE
fails, VPN FRR ensures that the VPN service from CE to CE is quickly switched to the remaining
PEs.
The IP FRR feature can be configured to ensure that VPN traffic can rapidly switch to another
link between the PE and the other CE, when two CEs at a site access a PE, and a link between
one CE and the PE fails.
VPN Graceful Restart (GR), a feature that can improve the reliability of a VPN, can also be
deployed. After the deployment of VPN GR, the VPN traffic is not interrupted in the master/
slave switchover process on the switch (PE, P, or CE). This reduces the impact of a single point
failure on VPN services.
Interfaces Bound to VPN Instances
A VPN instance needs to be bound to the interface on the PE that is connected to the CE. After
being bound, the interface functions as the private network interface. The packets entering the
VPN instance through this interface are forwarded according to forwarding information in the
VPN instance. By default, an interface is a public network interface and is not bound to any VPN
instance.
The S7700 can bind VLANIF interfaces, XGE sub-interfaces, GE sub-interfaces, Ethernet sub-
interfaces, Eth-Trunk sub-interfaces, Ethernet port (Ethernet 0/0/0) , and GRE tunnel interfaces
to VPN instances. On the S7700, IP addresses cannot be assigned to GE interfaces, Eth-Trunk
interfaces, and Ethernet interfaces (excluding management network ports) and these interfaces
cannot be bound to VPN instances.
For details on how to bind sub-interfaces to VPN instances, see Configuring a Sub-interface to
Access an L3VPN in the Quidway S7700 Smart Routing Switch Configuration Guide -
Ethernet.
3.3 Configuring a VPN Instance
A VPN instance isolates VPN routes from public network routes.
Quidway S7700 Smart Routing Switch
Configuration Guide - VPN 3 BGP MPLS IP VPN Configuration
Issue 01 (2011-07-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
99
To Next Page
Loading...
