No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 13

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring IPv6 MCE

Configuring IPv6 MCE

You can configure a multi-instance routing protocol on an MCE to isolate services of different VPN users on a LAN.

Pre-configuration Tasks

Before configuring IPv6 MCE, complete the following task:

  • Configuring link layer and network layer protocols for LAN interfaces and connecting the LAN to the MCE (each service uses an interface to connect to the MCE)

Configuration Process

All the following tasks are mandatory. Perform these tasks in sequence to complete the IPv6 MCE configuration.

Configuring a VPN Instance

Context

Perform the following configurations on the MCE.

The configurations must be performed on PEs. PEs from different vendors may use different configuration commands and methods. For details, see related manuals.

Procedure

  1. Create a VPN instance.
    1. Run:

      ip vpn-instance vpn-instance-name

      A VPN instance is created, and the VPN instance view is displayed.

      A VPN instance name is case-sensitive. For example, "vpn1" and "VPN1" identify different VPN instances.

    2. (Optional) Run:

      description description-information

      A description is configured for the VPN instance.

      Similar to a host name or an interface description, the VPN instance description helps users memorize the VPN instance.

    3. Run:

      ipv6-family

      The IPv6 address family is enabled for the VPN instance, and the VPN instance IPv6 address family view is displayed.

    4. Run:

      route-distinguisher route-distinguisher

      An RD is configured for a VPN instance IPv6 address family.

      A VPN instance IPv6 address family takes effect only after being configured with an RD. Different VPN instances on a PE must use different RDs.

      A configured RD can be deleted, but cannot be modified. If an RD is deleted, all the configuration of the VPN instance IPv6 address family is deleted.

    5. (Optional) Run:

      vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

      An IPv6 VPN target extended community is configured for the VPN instance IPv6 address family.

      A VPN target is a BGP extended community attribute. It is used to control the receiving and advertisement of VPN routing information. When different VPN sites connected to the MCE need to communicate, you can configure VPN targets. If VPN sites do not need to communicate, you do not need to configure VPN targets on the MCE.

    6. (Optional) Run:

      prefix limit number { alert-percent [ route-unchanged ] | simply-alert }

      The allowed maximum number of route prefixes is set for the VPN instance IPv6 address family.

      This setting prevents a PE from importing too many route prefixes from its connected switch and the peer PE.

      If the prefix limit command is run, the system displays a message when the number of routes added to the routing table of the VPN instance IPv6 address family exceeds the limit. After the prefix limit command is run to increase the allowed maximum number of routes in a VPN instance IPv6 address family or the undo prefix limit command is run to cancel the limit, the system receives excess routes to construct a private IP routing table.

      When the number of route prefixes exceeds the limit, direct and static routes can still be added to the routing table of the VPN instance IPv6 address family.

    7. Run:

      commit

      The configuration is committed.

  2. Bind a VPN instance to an interface.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. On an Ethernet interface, run:

      undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

      If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

    4. Run:

      ip binding vpn-instance vpn-instance-name

      A VPN instance is bound to the interface.

      By default, an interface is a public network interface and is not associated with any VPN instance.

      After an interface is bound to a VPN instance, Layer 3 features such as IP addresses and routing protocols on the interface are deleted.

    5. Run:

      ipv6 enable

      IPv6 is enabled on the interface.

    6. Run:

      ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

      An IPv6 address is configured for the interface.

    7. Run:

      commit

      The configuration is committed.

Configure Route Exchange Between an MCE Device and VPN Sites

Context

Routing protocols that can be used between an MCE device and VPN sites are IPv6 static routing, RIPng, OSPFv3, IS-IS IPv6, and BGP4+. Choose one of the following configurations as needed:

The following configurations are performed on the MCE device. On the devices in the site, you only need to configure the corresponding routing protocol.

Configure IPv6 Static Routes Between an MCE Device and a Site

Perform the following configurations on the MCE device. You only need to configure a IPv6 static route to the MCE device in the site. The site configuration is not provided here.

For detailed configuration of static routes, see Configuring IPv6 Static Routes in the CX11x&CX31x&CX91x Series Switch Modules Configuration Guide – IP Routing.

Table 9-15 MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Configure an ipv6 static route to the site.

ipv6 route-static vpn-instance vpn-instance-name dest-ipv6-address prefix-length { [ interface-type interface-number ] nexthop-ipv6-address | nexthop-ipv6-address [ public ] } [ preference preference | tag tag ] *

You must specify the next hop address on the MCE device.

Commit the configuration.

commit

-

Configure RIPng Between an MCE Device and a Site

Perform the following configurations on the MCE device.

For detailed RIPng configuration, see RIPng Configuration in the CX11x&CX31x&CX91x Series Switch Modules Configuration Guide - IP Routing.

Table 9-16 MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Create a RIPng process running between the MCE device and the site and enter the RIPng view.

ripng process-id vpn-instance vpn-instance-name

A RIPng process can be bound to only one VPN instance. If a RIPng process is not bound to any VPN instance before it is started, this process becomes a public network process and can no longer be bound to a VPN instance.

(Optional) Import the routes to the remote sites advertised by the PE device in to the RIPng routing table.

import-route { { ripng | isis | ospfv3 } [ process-id ] | bgp | direct | static } [ cost cost | route-policy route-policy-name ] *

Perform this step if another routing protocol is running between the MCE and PE devices in the VPN instance.

Return to system view.

quit

-

Enter the view of the interface to which the VPN instance is bound.

interface interface-type interface-number

-

(Ethernet interface) Switch the Ethernet interface to Layer 3 mode.

undo portswitch

By default, an Ethernet interface works in Layer 2 mode.

If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.
NOTE:

If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

Enable RIPng on the interface.

ripng process-id enable

-

Commit the configuration.

commit

-

Configure OSPFv3 Between an MCE Device and a Site

Perform the following configurations on the MCE device. Configure OSPFv3 in the site. The site configuration is not provided here.

For detailed OSPFv3 configuration, see OSPFv3 Configuration in the CX11x&CX31x&CX91x Series Switch Modules Configuration Guide - IP Routing.

Table 9-17 MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Create an OSPFv3 process running between the MCE device and the site and enter the OSPFv3 view.

ospfv3 process-id vpn-instance vpn-instance-name

-

Configure the OSPFv3 router ID.

router-id router-id

-

(Optional) Import the routes to the remote sites advertised by the PE device into the OSPFv3 routing table.

import-route { bgp [ permit-ibgp ] | direct | ripng help-process-id | static | isis help-process-id | ospfv3 help-process-id } [ cost cost | type type | tag tag | route-policy route-policy-name ] *

Perform this step if another routing protocol is running between the MCE and PE devices in the VPN instance.

Return to system view.

quit

-

Enter the view of the interface to which the VPN instance is bound.

interface interface-type interface-number

-

(Ethernet interface) Switch the Ethernet interface to Layer 3 mode.

undo portswitch

By default, an Ethernet interface works in Layer 2 mode.

If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.
NOTE:

If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

Enable OSPFv3 on the interface.

ospfv3 process-id area area-id [ instance instance-id ]

-

Commit the configuration.

commit

-

Configure IS-IS IPv6 Between an MCE Device and a Site

Perform the following configurations on the MCE device. You only need to configure IS-IS IPv6 in the site. The site configuration is not provided here.

For detailed IS-IS configuration, see IS-IS IPv6 Configuration in the CX11x&CX31x&CX91x Series Switch Modules Configuration Guide - IP Routing.

Table 9-18 MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Create an IS-IS process running between the MCE device and the site and enter the IS-IS IPv6 view.

isis process-id vpn-instance vpn-instance-name

An IS-IS process can be bound to only one VPN instance. If an IS-IS IPv6 process is not bound to any VPN instance before it is started, this process becomes a public network process and can no longer be bound to a VPN instance.

Set a network entity title (NET) for the IS-IS process.

network-entity net

A NET specifies the current IS-IS area address and the system ID of the switch modules. A maximum of three NETs can be configured for one process on each switch modules.

Enable IS-IS IPv6 on the process.

ipv6 enable [ topology { compatible [ enable-mt-spf ] | ipv6 | standard } ]

-

(Optional) Import the routes to the remote sites advertised by the PE device into the IS-IS IPv6 routing table.

Use either of the following commands:
  • ipv6 import-route { direct | { ospfv3 | ripng | isis } [ process-id ] | bgp } inherit-cost [ tag tag | route-policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ] *

  • ipv6 import-route { static | direct | { ospfv3 | ripng | isis } [ process-id ] | bgp } [ cost cost | tag tag | route-policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ] *

Perform this step if another routing protocol is running between the MCE and PE devices in the VPN instance.

Return to system view.

quit

-

Enter the view of the interface to which the VPN instance is bound.

interface interface-type interface-number

-

(Ethernet interface) Switch the Ethernet interface to Layer 3 mode.

undo portswitch

By default, an Ethernet interface works in Layer 2 mode.

If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.
NOTE:

If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

Enable IS-IS IPv6 on the interface.

isis ipv6 enable [ process-id ]

-

Commit the configuration.

commit

-

Configure BGP4+ between an MCE Device and a Site

Perform the following configurations on the MCE device.
Table 9-19 MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Enter the BGP view.

bgp { as-number-plain | as-number-dot }

-

Enter the BGP-VPN instance IPv6 address family view.

ipv6-family vpn-instance vpn-instance-name

-

Configure the device connected to the MCE device in the site as a VPN peer.

peer ipv6-address as-number as-number

-

Import the routes to the remote sites advertised by the PE device into the BGP routing table.

import-route protocol [ process-id ] [ med med | route-policy route-policy-name ] *

Perform this step if another routing protocol is running between the MCE and PE devices in the VPN instance.

Commit the configuration.

commit

-

Perform the following configurations on the device connected to the MCE device in the site.
Table 9-20 Site configuration

Action

Command

Description

Enter the system view.

system-view

-

Enter the BGP view.

bgp { as-number-plain | as-number-dot }

-

Configure the MCE device as an EBGP peer.

peer ipv6-address as-number as-number

-

Enter the BGP IPv6 address family view.

ipv6-family unicast

-

Configure the MCE device as a VPN peer.

peer { group-name | ipv6-address } enable

-

Import IGP routes of the VPN into the BGP routing table.

import-route protocol [ process-id ] [ med med | route-policy route-policy-name ] *

The site must advertise routes to its attached VPN network segments to the MCE device.

Commit the configuration.

commit

-

Configure Route Exchange Between an MCE Device and a PE Device

Context

Routing protocols that can be used between an MCE device and a PE device are IPv6 static routing, RIPng, OSPFv3, IS-IS IPv6, and BGP4+. Choose one of the following configurations as needed:

Configure IPv6 Static Routes Between an MCE Device and a PE Device

Perform the following configurations on the MCE device.

Table 9-21 MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Configure a IPv6 static route to the PE device.

ipv6 route-static vpn-instance vpn-instance-name dest-ipv6-address prefix-length vpn-instance vpn-destination-name nexthop-ipv6-address [ preference preference | tag tag ] * [ description text ]

-

Commit the configuration.

commit

-

Configure RIPng Between an MCE Device and a PE Device

Perform the following configurations on the MCE device.
Table 9-22 MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Create a RIPng process running between the MCE and PE devices and enter the RIPng view.

ripng process-id vpn-instance vpn-instance-name

A RIPng process can be bound to only one VPN instance. If a RIPng process is not bound to any VPN instance before it is started, this process becomes a public network process and can no longer be bound to a VPN instance.

(Optional) Import VPN routes of the site into the RIPng routing table.

import-route { { ripng | isis | ospfv3 } [ process-id ] | bgp | direct | static } [ cost cost | route-policy route-policy-name ] *

Perform this step if another routing protocol is running between the MCE device and VPN sites in the VPN instance.

Return to system view.

quit

-

Enter the view of the interface to which the VPN instance is bound.

interface interface-type interface-number

-

(Ethernet interface) Switch the Ethernet interface to Layer 3 mode.

undo portswitch

By default, an Ethernet interface works in Layer 2 mode.

If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.
NOTE:

If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

Enable RIPng on the interface.

ripng process-id enable

-

Commit the configuration.

commit

-

Configure OSPFv3 Between an MCE Device and a PE Device

Perform the following configurations on the MCE device.

Table 9-23 MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Create an OSPFv3 process running between the MCE and PE devices and enter the OSPFv3 view.

ospfv3 [ process-id ] [ vpn-instance vpn-instance-name ]

-

Configure the OSPFv3 router ID.

router-id router-id

-

(Optional) Import VPN routes of the site into the OSPF routing table.

import-route { bgp [ permit-ibgp ] | direct | ripng help-process-id | static | isis help-process-id | ospfv3 help-process-id } [ cost cost | type type | tag tag | route-policy route-policy-name ] *

Perform this step if another routing protocol is running between the MCE device and VPN sites in the VPN instance.

Return to system view.

quit

-

Enter the view of the interface to which the VPN instance is bound.

interface interface-type interface-number

-

(Ethernet interface) Switch the Ethernet interface to Layer 3 mode.

undo portswitch

By default, an Ethernet interface works in Layer 2 mode.

If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.
NOTE:

If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

Enable OSPFv3 on the interface which the VPN instance is bound.

ospfv3 process-id area area-id [ instance instance-id ]

-

Commit the configuration.

commit

-

Configure IS-IS IPv6 Between an MCE Device and a PE Device

Perform the following configurations on the MCE device.

Table 9-24 MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Create an IS-IS process running between the MCE and PE devices and enter the IS-IS view.

isis process-id vpn-instance vpn-instance-name

An IS-IS process can be bound to only one VPN instance. If an IS-IS process is not bound to any VPN instance before it is started, this process becomes a public network process and can no longer be bound to a VPN instance.

Set a network entity title (NET) for the IS-IS process.

network-entity net

A NET specifies the current IS-IS area address and the system ID of the switch modules. A maximum of three NETs can be configured for one process on each switch modules.

Enable IPv6 for the IS-IS process.

ipv6 enable [ topology { compatible [ enable-mt-spf ] | ipv6 | standard } ]

-

(Optional) Import VPN routes of the site into the IS-IS routing table.

Use either of the following commands:
  • ipv6 import-route { direct | { ospfv3 | ripng | isis } [ process-id ] | bgp } inherit-cost [ tag tag | route-policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ] *

  • ipv6 import-route { static | direct | { ospfv3 | ripng | isis } [ process-id ] | bgp } [ cost cost | tag tag | route-policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ] *

Perform this step if another routing protocol is running between the MCE device and VPN sites in the VPN instance.

Return to system view.

quit

-

Enter the view of the interface to which the VPN instance is bound.

interface interface-type interface-number

-

(Ethernet interface) Switch the Ethernet interface to Layer 3 mode.

undo portswitch

By default, an Ethernet interface works in Layer 2 mode.

If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.
NOTE:

If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

Enable IS-IS IPv6 on the interface.

isis ipv6 enable [ process-id ]

-

Commit the configuration.

commit

-

Configure BGP4+ Between an MCE Device and a PE Device

Perform the following configurations on the MCE device.
Table 9-25 MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Enter the BGP view.

bgp { as-number-plain | as-number-dot }

-

Enter the BGP-VPN instance IPv6 address family view.

ipv6-family vpn-instance vpn-instance-name

-

Configure the PE device as the EBGP peer of the MCE device.

peer ipv6-address as-number as-number

-

Import the routes to the remote sites advertised by the PE device into the BGP4+ routing table.

import-route protocol [ process-id ] [ med med | route-policy route-policy-name ] *

Perform this step if another routing protocol is running between the MCE device and VPN sites in the VPN instance.

Commit the configuration.

commit

-

Checking the Configuration

Prerequisites

The IPv6 MCE configuration is complete.

Procedure

  • Run the display ip vpn-instance vpn-instance-name command to check brief information about a specified VPN instance.
  • Run the display ip vpn-instance verbose vpn-instance-name command to check detailed information about a specified VPN instance.
  • Run the display ip vpn-instance import-vt ivt-value command to check information about the VPN instances with the specified import VPN target.
  • Run the display ip vpn-instance [ vpn-instance-name ] interface command to check brief information about the interface to which a specified VPN instance is bound.
  • Run the display ipv6 routing-table vpn-instance vpn-instance-name [ verbose ] command to check the IPv6 routing table on the MCE device. The routing table contains routes to the LAN and remote sites for each service.
Translation
Download
Updated: 2019-12-13

Document ID: EDOC1000041694

Views: 60745

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next