Configuring Multi-Role Host

To allow a CE to access multiple VPNs at the same time, you need to configure the multi-role host feature on the PE.
All configurations for the multi-role host feature are on the PE to which the CEs are attached.

Note:

•  Support for multi-role host depends on the device model.
• For configuration and commands about policy routing, refer to IP Unicast Policy Routing Configuration and IP Unicast Policy Routing Commands in the IP Services Volume.

Configuration Prerequisites

Before configuring the multi-role host feature, complete these tasks:

• Creating VPN instances for the VPNs
• Configuring basic MPLS L3VPN

Configuring Policy Routing

Follow these steps to configure policy routing:

Applying Policy Routing

Follow these steps to apply policy routing:

Configuring a Static Route

For detailed configuration steps, refer to Configuring Route Advertisement between PE and CE.

You can configure a private network static route on a PE, specifying the egress of another private network or public network as the egress of the static route. Thus, packets from the multi-role host for accessing a certain VPN can return based on the routing table that does not belong to the VPN.

Configuring HoVPN

For hierarchical VPNs, you can adopt HoVPN to reduce the performance requirements for PEs.

Configuration Prerequisites

Before configuring HoVPN, complete these tasks:

Configuring basic MPLS L3VPN

1.8.2 Configuring HoVPNs

Follow these steps to configure HoVPN:

With the peer default-route-advertise vpn-instance command configured, the SPE always advertises a default route using the local address as the next hop address to the UPE, regardless of whether the default route is present in the local routing table or not.

Note:

• The default routes of a VPN instance can be advertised to only a BGP peer or peer group that is UPE.
• It is not recommended to configure the peer default-route-advertise vpn-instance command and the peer upe route-policy command at the same time.
• It is not recommended for an SPE to be connected to a CE directly. If an SPE must be directly connected with a CE, the VPN instance on the SPE and that on the UPE must be configured with different RDs.