|
Fabien: "What I
understood is that Spoke can not communicate DIRECTLY with each other. They
have
to go through the
Hub."
Taras: No, spokes can not communicate with each other even through
hub. That is idea of hub&spoke VPN - it is VPN with PARTIAL
connectivity.
Suppose, you have a large data center and some clients of
data center. Clients want to reach data center, but they don't want have ANY
connectivity with other clients due security reasons, for
example.
As to BGP routing, I may say, that PE router on site B
(spoke Site) may receive all routes, including routes from site C. But it
does not install routes to site C in its VRF routing table. Route Target of
route from site C do not mach VRF "import" set of route target
attributes.
Taras From: l3vpn-bounces at ietf.org [mailto:l3vpn-bounces at ietf.org] On Behalf Of Fabien Verhaeghe Sent: Wednesday, January 26, 2005 4:15 PM To: L3vpn at ietf.org Subject: Re: Route Target in BGP/MPLS IP VPN Thanks for your answer Taras ,
What I understood is that Spoke can not communicate
DIRECTLY with each other. They have
to go through the Hub.
But if a packet is received at PE C (from the
CE) for a destination address which is in site B he won't
have any route that says to go through the
Hub.
I'm talking about the routing between PEs when I
make a reference to RFC1771 9.2.1. Not between CE and PE.
Fabien
----- Original Message -----
From: TYushkov at microtest.ru
Sent: Wednesday, January 26, 2005 1:29 PM
Subject: RE: Route Target in BGP/MPLS IP VPN Hi, The
main idea of Hub&spoke is the
following: spokes may communicate with hub, but spokes can NOT
communicate with each other. So,
everything seems to be ok. Site A can communicate with site B & C, and sites
B & C can't communicate with each other. As
I can understand we may use: RIPv2, OSPF and EBGP to make routing between PE and
CE. So RFC1771 9.2.1 it's not our case. Cheers. From: l3vpn-bounces at ietf.org [mailto:l3vpn-bounces at ietf.org] On Behalf Of Fabien Verhaeghe Sent: Wednesday, January 26, 2005 3:03 PM To: L3vpn at ietf.org Subject: Route Target in BGP/MPLS IP VPN Hi,
I've got a question about the use of "Route Target" in
BGP/MPLS IP VPN
Section 4.3.5 of draft-ietf-l3vpn-rfc2547bis-03.txt
states:
"Alternatively, suppose one
desired, for whatever reason, to create a
"hub and spoke" kind of VPN. This could be done by the use
of two
Route Target values, one meaning "Hub" and one meaning
"Spoke". At
the VRFs attached to the hub sites, "Hub" is the Export
Target and
"Spoke" is the Import Target. At the VRFs attached to the
spoke
site, "Hub" is the Import Target and "Spoke" is the Export Target."
If I have 3 sites A,B,C. one CE/PE pair for each site and one VRF per
CE/PE.
Site A is the hub
Site B,C are spoke
In A VRF I would have the routes to both sites B and C
In B,C VRF I would only have routes to A since with BGP routes
learned from IBGP are not
advertised to BGP peer in the same AS (RFC 1771 9.2.1).
So how can systems in site B communicate with systems in site C?
I guess I misunderstood something, and PE connected to site A will actually
advertised routes received from site C
to site B. But it seems inconsistent with RFC 1771 9.2.1.
Can someone explain to me please?
Thanks
Fabien
|