Typical BGP/MPLS VPN Configuration Example 561[PE-B] bgp 100[PE-B-bgp] group 20[PE-B-bgp] peer 20.1.1.1 group 20[PE-B-bgp] peer 20.1.1.1 connect-interface loopback 0[PE-B-bgp] ipv4-family vpnv4[PE-B-bgp-af-vpn] peer 20 enable[PE-B-bgp-af-vpn] peer 20.1.1.1 group 20[PE-B-bgp-af-vpn] quitHub&SpokeConfiguration ExampleNetwork requirementsHub&Spoke networking is also called central server networking. The Site in thecenter is called Hub-Site, while the one not in the center is called Spoke-Site. TheHub-Site knows the routes to all other Sites in the same VPN, and the Spoke-Sitemust send its traffic first to the Hub-Site and then to the destination. Hub-Site isthe central node of Spoke-Sites.A bank has a headquarters network and subsidiary networks, and it requires thatthe subsidiaries cannot directly exchange data with each other, but they canexchange data through the headquarters network which provides uniform control.In this case, Hub&Spoke networking topology is used: CE2 and CE3 arespoke-sites, while CE1 is a hub-site in the bank data center. CE1 controlscommunication between CE2 and CE3.■ Set up IBGP adjacency between PE1 and PE2 or PE1 and PE3, but not betweenPE2 and PE3, that is, VPN routing information cannot be exchanged betweenPE2 and PE3.■ Create two VPN-instances on PE1, import VPN routes of VPN-target 100:11and 100:12, set VPN-target for VPN routes advertised as 100:2.■ Create a VPN-instance on PE2, import VPN routes of VPN-target 100:2, setVPN-target for VPN routes advertised as 100:11.■ Create a VPN-instance on PE3, import VPN routes of VPN-target 100:2, setVPN-target for VPN routes advertised as 100:12.Then PE2 and PE3 can only learn their neighbor’s routes through PE1.n In this case the configuration is focused on four points:■ Route advertisement can be controlled by VPN-target settings on different PEs.■ Routing loop is permitted only once, so that PE can receive route updatemessages with AS number included from CE.■ In Hub&Spoke networking, VPN-target of VPN-instance (VPN-instance3) whichis used to release route on the PE1 cannot be the same with any VPN-target ofVPN-instance (VPN-instance2) which is used to import route on PE1.■ In Hub&Spoke networking, route-distinguisher rd2 (100:3) of VPN-instancewhich is used to release route on the PE1 cannot be the same with theroute-distinguisher rd1 (100:1) or rd4 (100:4) of corresponding VPN-instanceson each PE2 and PE3; rd 1 and rd4 can be the same or not.
