Filter
Top Products
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration
37-9
interface, routing table, and sends VPN routing information over MPLS network using
BGP/OSPF interaction.
If supporting OSPF multi-instance, one router can run multiple OSPF procedures,
which can be bound to different VPN instances. In practice, you can create one OSPF
instance for each service type. OSPF multi-instance can fully isolate different services
in transmission, which can solve security problems with low cost to meet the needs of
customers. Generally, OSPF multi-instance is run on PEs; The CE running OSPF
multi-instance in the LAN is called multi-VPN-instance CE. At present, isolation of LAN
services implements by VLAN function of the switch. OSPF Multi-VPN-Instance CE
provides schemes of services isolation implemented on routers.
MPLS VPN Backbone
VPN-RED
Site1
OSPF Area0
VPN- GREE N
Si t e 1
OSPF Ar e a1
VPN- GRE EN
Si t e 2
OSPF Ar e a 2
VPN- RED
Si t e 2
OSPF Ar e a 1
Area 2
OSPF 100 VPN-GREEN
Area 0
OSPF 100 VPN-RED
OSPF 200 VPN-GREEN
Area 1
CE11
CE12
CE31
CE21
CE22
PE1
PE2
PE3
Area 0
OSPF 100 VPN-RED
OSPF 200 VPN-GREEN
Area 1
MPLS VPN Backbone
VPN-RED
Site1
OSPF Area0
VPN- GREE N
Si t e 1
OSPF Ar e a1
VPN- GRE EN
Si t e 2
OSPF Ar e a 2
VPN- RED
Si t e 2
OSPF Ar e a 1
Area 2
OSPF 100 VPN-GREEN
Area 0
OSPF 100 VPN-RED
OSPF 200 VPN-GREEN
Area 1
CE11
CE12
CE31
CE21
CE22
PE1
PE2
PE3
Area 0
OSPF 100 VPN-RED
OSPF 200 VPN-GREEN
Area 1
Figure 37-6 OSPF multi-instance application in MPLS/BGP VPN PE
M
P
L
S
N
e
t
w
o
r
k
PE
R
&
D
Fi
n
a
n
c
e
s
E
n
g
i
n
e
e
r
i
ng
Multi-VPN-Instance CE
ospf 100
opsf 200
vpn-rd
ospf 300
vpn-finances
ospf 100
vpn-engineering
ospf 300
vpn-finances
opsf 200
vpn-rd
vpn-engineering
M
P
L
S
N
e
t
w
o
r
k
PE
R
&
D
Fi
n
a
n
c
e
s
E
n
g
i
n
e
e
r
i
ng
Multi-VPN-Instance CE
ospf 100
opsf 200
vpn-rd
ospf 300
vpn-finances
ospf 100
vpn-engineering
ospf 300
vpn-finances
opsf 200
vpn-rd
vpn-engineering
Figure 37-7 Multi-VPN-instance CE application in conventional LAN
37.1.6 Introduction to Multi-Role Host
The VPN attribute of the packets from a CE to its PE lies on the VPN bound with the
ingress interface. This, in fact determines that all the CEs forwarded by the PE through
the same ingress interface belong to the same VPN; but in actual network
environments, a CE may need to access multiple VPNs through one physical interface.
Though you can configure different logical interfaces to meet this need, this