Hi there, everyone!
In this post I'll be introducing to you the MPLS VPN Hub-and-spoke network design method. Hope it can prove to be useful.
Source: http://ip-mpls.com/mpls/mpls-hub-and-spoke-topology/
BACKGROUND INFORMATION
The Hub-and-spoke networking can be used to enable an access control device on a VPN to control the mutual access of other users. The site where the access control device locates is called a Hub site, and other sites are called Spoke sites. At the Hub site, a device that accesses the VPN backbone network is called a Hub-CE; at a Spoke site, a device that accesses the VPN backbone network is called a Spoke-CE. On the VPN backbone network, a device that accesses the Hub site is called a Hub-PE; a device that accesses a Spoke site is called a Spoke-PE.
A Spoke site advertises routes to the Hub site, and the Hub site then advertises the routes to other Spoke sites. No direct route exists between the Spoke sites. The Hub site controls the communication between the Spoke sites.
In the Hub-and-spoke networking model, two VPN targets are configured to stand for Hub and Spoke respectively. The configuration of a VPN target on a PE must comply with the following rules:
the export target and the import target of the Spoke-PE at a Spoke site are Spoke and Hub respectively. The import target of a Spoke-PE is different from the export targets of other Spoke-PEs;
a Hub-PE requires two interfaces or sub-interfaces. One interface or sub-interface receives routes from Spoke-PEs, and the import target of the VPN instance on the interface is Spoke. The other interface or sub-interface advertises the routes to Spoke-PEs, and the export target of the VPN instance on the interface is Hub.
Figure 1-1. VPN Hub-and-spoke topology
TYPES OF SPOKE
As shown in the above figure, there are two Spoke PEs and Spoke CEs, and one Hub PE/CE.
We can configure the Hub-and-spoke as per below:
the Spoke PE import RT is the Hub PE export RT, and the export RT is the Hub PE import RT;
between the Hub PE and Hub CE running the static routing, the Hub PE configure the default static routing to the Hub CE and import it to the BGP. The Hub CE also configure one default static routing to the Hub PE;
the Spoke PE1 and Spoke PE2 can learn the default routing from the BGP;
the Spoke CE and Spoke PE can configure the static or dynamic routing, ensure the Spoke CE can learn the default routing from the Spoke PE. Then the Spoke CE1 and Spoke CE2 can communicate with each other.
CONFIGURING SPOKE PE
The Spoke PE configuration template is as per below.
Figure 1-2. Spoke PE configuration example
# ip vpn-instance blue ipv4-family route-distinguisher 65001:3 vpn-target 65001:1000 export-extcommunity vpn-target 65001:2000 import-extcommunity # bgp 65001 ipv4-family vpn-instance blue # |
CONFIGURING HUB PE
The Hub PE configuration template is as per below.
Table 1-3. Hub PE configuration example
# ip vpn-instance blue ipv4-family route-distinguisher 65001:4 apply-label per-route pop-go vpn-target 65001:2000 export-extcommunity vpn-target 65001:1000 import-extcommunity # bgp 65001 ipv4-family vpn-instance blue default-route imported import-route direct import-route static # interface GigabitEthernet0/3/4.1000 vlan-type dot1q 1000 ip binding vpn-instance blue ip address 10.1.1.1 255.255.255.0 # ip route-static vpn-instance blue 0.0.0.0 0.0.0.0 10.1.1.2 # |
CONFIGURING HUB CE
The HUB CE configuration template is as per below.
Table 1-3 Hub CE configuration example
# ip vpn-instance blue ipv4-family route-distinguisher 65001:4 apply-label per-route pop-go vpn-target 65001:2000 export-extcommunity vpn-target 65001:1000 import-extcommunity # interface GigabitEthernet1/0/0.1000 dot1q termination vid 1000 ip binding vpn-instance blue ip address 10.1.1.2 255.255.255.0 # ip route-static vpn-instance blue 0.0.0.0 0.0.0.0 10.1.1.1 # |
This would be all on MPLS VPN Hub-and-spoke network design. If you guys encounter any issues or have any questions, please comment below. I'll help to answer your inquiries. Thanks!
