L3VPN Hub-and-Spoke

L3VPN Hub-and-Spoke с MPLS и BGP VPNv4 для service provider multi-tenant topologies.

Сценарий

Service Provider: MPLS backbone с customer VPN
Hub-and-Spoke: Централизованный HUB site для branch offices
VRF: Изоляция customer routing tables

Topology

      ┌─────────────────────────────┐
      │   MPLS Backbone (P/PE)      │
      │                             │
      │   ┌──────────────────┐      │
      │   │  HUB PE (VyOS)   │      │
      │   │  VRF CUSTOMER-A  │      │
      │   └────────┬─────────┘      │
      │            │                │
      │  ┌─────────┼─────────┐      │
      │  │         │         │      │
      │  ▼         ▼         ▼      │
      │ PE1       PE2       PE3     │
      │ (Spoke)   (Spoke)   (Spoke) │
      └─────────────────────────────┘

VyOS HUB PE Configuration

# VRF
set vrf name CUSTOMER-A table '100'

# MP-BGP
set protocols bgp system-as '65000'
set protocols bgp address-family ipv4-unicast vrf CUSTOMER-A rd '65000:100'
set protocols bgp address-family ipv4-unicast vrf CUSTOMER-A route-target export '65000:100'
set protocols bgp address-family ipv4-unicast vrf CUSTOMER-A route-target import '65000:100'

# MPLS
set protocols mpls ldp interface 'eth0'
set protocols mpls ldp router-id '10.255.0.1'

# BGP neighbors (spokes)
set protocols bgp neighbor 10.255.0.2 remote-as '65000'
set protocols bgp neighbor 10.255.0.2 address-family vpnv4-unicast

Spoke PE Configuration

Аналогично HUB, но spoke PE импортирует только HUB routes (не другие spokes) для hub-and-spoke topology.

Ссылки

Проверено OpenNix LLC · Обновлено 18, апреля 2026

OpenVPN with LDAP Authentication L3VPN with EVPN