199
•
The import target attribute of a spoke PE is different from the export target attribute of any other
spoke PE. Any two spoke PEs do not directly advertise VPN-IPv4 routes to each other.
Therefore, they cannot directly access each other.
Figure 52 Network diagram for hub and spoke network
A route in Site 1 is advertised to Site 2 by using the following process:
1.
Spoke-CE 1 advertises a route in Site 1 to Spoke-PE 1.
2.
Spoke-PE 1 changes the route to a VPN-IPv4 route and advertises the VPN-IPv4 route to
Hub-PE through MP-BGP.
3.
Hub-PE adds the VPN-IPv4 route into the routing table of VPN 1-in, changes it to the original
IPv4 route, and advertises the IPv4 route to Hub-CE.
4.
Hub-CE advertises the IPv4 route back to Hub-PE.
5.
Hub-PE adds the IPv4 route to the routing table of VPN 1-out, changes it to a VPN-IPv4 route,
and advertises the VPN-IPv4 route to Spoke-PE 2 through MP-BGP.
6.
Spoke-PE 2 changes the VPN-IPv4 route to the original IPv4 route, and advertises the IPv4
route to Site 2.
After spoke sites exchange routes through the hub site, they can communicate with each other
through the hub site.
Extranet networking scheme
The extranet networking scheme allows specific resources in a VPN to be accessed by users not in
the VPN.
In this networking scheme, if a VPN instance needs to access a shared site, the export target
attribute and the import target attribute of the VPN instance must be contained in the import target
attribute and the export target attribute of the VPN instance of the shared site, respectively.