What is MPLS VPN on S series switches

6

MPLS VPN on S series switches (except S1700 switches):

The BGP/MPLS IP VPN model consists of the following parts:
Customer Edge (CE): an edge device on a customer network. A CE provides interfaces that are directly connected to an SP network. A CE can be a router, switch, or host. In most cases, CEs cannot detect VPNs and do not need to support MPLS.
Provider Edge (PE): an edge device on an SP network, which is directly connected to a CE. On the MPLS network, all handlings related to the VPN are performed on a PE, so the requirement on the PE performance is high.
Provider (P): a backbone device on an SP network, which is not directly connected to CEs. A P device only needs to provide basic MPLS forwarding capabilities, without maintaining VPN information.
PEs and Ps are managed by SPs. CEs are managed by users unless the users entrust CE management to SPs.
A PE can be connected to multiple CEs. A CE can be connected to multiple PEs of the same SP or of different SPs.

Other related questions:
Do S series switches support MPLS VPN
S series switches' (except S1700 switches) support for MPLS VPN is described as follows: Model Minimum Version S3700EI V100R005 (The S3700EI is unavailable in V200R001 and later versions). Only MCE is supported. S3700HI V200R001 (applicable only to this version). Only MCE is supported. S5700EI V100R005 (The S5700EI is unavailable in V200R006 and later versions). Only MCE is supported. S5710EI V200R002 (The S5710EI is unavailable in V200R006 and later versions). V200R001 supports only MCE. S5700HI V200R002 (The S5700HI is unavailable in V200R006 and later versions). V200R001 supports only MCE. S5710HI V200R003 (The S5710HI is unavailable in V200R006 and later versions.) S5720EI V200R007C00 (The S5720EI is unavailable in V200R007C10). Only MCE is supported. S5720HI V200R007C10. V200R006, V200R007C00, and V200R008 support only MCE. S5720SI/S5720S-SI V200R008. Only MCE is supported. S6700EI 。V200R005 (The S6700EI is unavailable in V200R006 and later versions). V100R006, V200R001, V200R002, and V200R003 support only MCE. S6720EI V200R008 S7700 V100R003 S9700 V200R001 S12704 V200R008 S12708/S12712 V200R005 S9300 V100R002 S9300E V200R002 Precautions: - MPLS VPN requires a license on modular switches (S7700/9700/9300/12700 series). Separate MCEs do not require licenses. - SA series cards support only MCE. - For V200R005, X1E series cards, XGE interfaces on the ACU2, ET1D2IPS0S00, ET1D2FW00S00, ET1D2FW00S01, ET1D2FW00S02, and LE1D2FW00S01 cards do not support the BGP/MPLS IP VPN function, but support only MCE. - For V200R006, X1E series cards do not support BGP/MPLS IP VPN binding to TE tunnels. - For V200R006 and V200R007C00, X1E series cards support BGP/MPLS IP VPN, but do not support HVPN and inter-AS VPN Option B. - For V200R008, X1E series cards support BGP/MPLS IP VPN, but do not support HVPN. - For V200R007C10, X1E series cards support BGP/MPLS IP VPN, but do not support inter-AS VPN Option B. - If NAC authentication is configured on the main interface, BGP/MPLS IP VPN configured on the sub-interfaces that belong to the main interface fails.

MPLS VPN supported by USG firewalls
The USG2000, USG5000, and USG6000 support MPLS VPN.

Configuring L2 MPSL VPN and L3 MPLS VPN in backup mode on USG firewalls
The USG firewalls do not support the configuration of L2 MPSL VPN and L3 MPLS VPN in backup mode.

RD value of a VPN instance on S series switches
Traditional BGP cannot process the VPN routes that have overlapping address spaces. Assume that both VPN1 and VPN2 use addresses on the network segment 10.110.10.0/24, and each of them advertises a route destined for this network segment. The local PE identifies the two VPN routes based on VPN instances and sends them to the remote PE. Because routes from different VPNs cannot work in load-balancing mode, the remote PE adds only one of the two routes based on BGP route selection rules. As a result, the route to the other VPN is lost. To ensure that VPN routes of VPNs with overlapping address spaces are correctly processed, PE devices use MP-BGP to advertise VPN routes and use the VPN-IPv4 address family to identify the routes. RDs distinguish the IPv4 prefixes with the same address space. IPv4 addresses with RDs are VPN-IPv4 addresses (VPNv4 addresses). After receiving IPv4 routes from a CE, a PE converts the routes to globally unique VPN-IPv4 routes and advertises the routes on the public network. The following is a configuration example: # ip vpn-instance vpna ipv4-family route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity #

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top