No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S1720, S2700, S5700, and S6720 V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Kompella VPLS

Example for Configuring Kompella VPLS

Networking Requirements

Figure 7-32 shows a backbone network built by an enterprise. There are a large number of branch sites on the backbone network (only two sites are shown in this example). The network environment often changes. Site1 connects to PE1 through CE1 and then connects to the backbone network. Site2 connects to PE2 through CE2 and then connects to the backbone network. Users at Site1 and Site2 need to communicate at Layer 2 and user information needs to be reserved when Layer 2 packets are transmitted over the backbone network.

Figure 7-32  Networking diagram for configuring Kompella VPLS

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure transparent transmission of Layer 2 packets over the backbone network using VPLS to enable users at Site1 and Site2 to communicate at Layer 2 and reserve user information when Layer 2 packets are transmitted over the backbone network.

  2. Use Kompella VPLS to implement Layer 2 communication between CEs on an enterprise network with many sites and complex network environments.

  3. Configure the IGP routing protocol on the backbone network to implement data transmission on the public network between PEs.

  4. Configure basic MPLS functions and LDP on the backbone network to support VPLS.

  5. Establish tunnels for transmitting data between PEs to prevent data from being known by the public network.

  6. Enable MPLS L2VPN on PEs to implement VPLS.

  7. Enable BGP peers to exchange VPLS information between PEs, create a VSI on each PE, specify BGP as the signaling protocol, specify the RD, VPN target, and site of the VSI, and bind AC interfaces to VSIs to implement Kompella VPLS.

Procedure

  1. Configure VLANs that interfaces belong to.

    Configure the VLAN that each interface belongs to and assign IP addresses to interfaces on Switch.

    # Configure CE1. The configuration on PE1, P, PE2, and CE2 is similar to the CE1, and is not mentioned here.

    <HUAWEI> system-view
    [HUAWEI] sysname CE1
    [CE1] vlan 10
    [CE1-vlan10] quit
    [CE1] interface vlanif 10
    [CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
    [CE1-Vlanif10] quit
    [CE1] interface gigabitethernet 0/0/1
    [CE1-GigabitEthernet0/0/1] port link-type trunk
    [CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
    [CE1-GigabitEthernet0/0/1] quit
    NOTE:

    Do not add AC-side physical interfaces and PW-side physical interfaces of a PE to the same VLAN; otherwise, a loop may occur.

  2. Configure the IGP protocol. OSPF is used in this example.

    When configuring OSPF, advertise the 32-bit address of the loopback interface (LSR IDs) on PE1, P and PE2.

    Configure OSPF on PE1, P, and PE2.

    # Configure PE1. The configuration on P and PE2 is similar to the PE1, and is not mentioned here.

    [PE1] interface loopback 1
    [PE1-LoopBack1] ip address 1.1.1.9 255.255.255.255
    [PE1-LoopBack1] quit
    [PE1] ospf 1
    [PE1-ospf-1] area 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] network 168.1.1.0 0.0.0.255
    [PE1-ospf-1-area-0.0.0.0] quit
    [PE1-ospf-1] quit
    

    After the configuration is complete, run the display ip routing-table command on PE1, P, and PE2. You can view the routes learned by PE1, P, and PE2 from each other.

  3. Configure basic MPLS functions and LDP.

    Configure basic MPLS functions and LDP on PE1, P, and PE2.

    # Configure PE1. The configuration on P and PE2 is similar to the PE1, and is not mentioned here.

    [PE1] mpls lsr-id 1.1.1.9
    [PE1] mpls
    [PE1-mpls] quit
    [PE1] mpls ldp
    [PE1-mpls-ldp] quit
    [PE1] interface vlanif 20
    [PE1-Vlanif20] mpls
    [PE1-Vlanif20] mpls ldp
    [PE1-Vlanif20] quit
    

    After the configuration is complete, run the display mpls ldp peer command on PE1, P, and PE2, and you can see that peer relationships are established between PE1 and P and between PE2 and P. Run the display mpls ldp session command on PE1 and PE2, and you can see that an LDP session is set up between PE1 and PE2. Run the display mpls lsp command to view the LSP status.

  4. Establish BGP peers and enable them to exchange VPLS information.

    # Configure PE1.

    [PE1] bgp 100
    [PE1-bgp] peer 3.3.3.9 as-number 100
    [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
    [PE1-bgp] vpls-family
    [PE1-bgp-af-vpls] peer 3.3.3.9 enable
    [PE1-bgp-af-vpls] quit
    [PE1-bgp] quit

    # Configure PE2.

    [PE2] bgp 100
    [PE2-bgp] peer 1.1.1.9 as-number 100
    [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
    [PE2-bgp] vpls-family
    [PE2-bgp-af-vpls] peer 1.1.1.9 enable
    [PE2-bgp-af-vpls] quit
    [PE2-bgp] quit

  5. Enable MPLS L2VPN on PEs.

    # Configure PE1.

    [PE1] mpls l2vpn
    [PE1-l2vpn] quit

    # Configure PE2.

    [PE2] mpls l2vpn
    [PE2-l2vpn] quit

  6. Configure VSIs on the PEs.

    NOTE:

    Site IDs at both ends of a VSI must be different.

    # Configure PE1.

    [PE1] vsi bgp1 auto
    [PE1-vsi-bgp1] pwsignal bgp
    [PE1-vsi-bgp1-bgp] route-distinguisher 168.1.1.1:1
    [PE1-vsi-bgp1-bgp] vpn-target 100:1 import-extcommunity
    [PE1-vsi-bgp1-bgp] vpn-target 100:1 export-extcommunity
    [PE1-vsi-bgp1-bgp] site 1 range 5 default-offset 0
    [PE1-vsi-bgp1-bgp] quit
    [PE1-vsi-bgp1] quit

    # Configure PE2.

    [PE2] vsi bgp1 auto
    [PE2-vsi-bgp1] pwsignal bgp
    [PE2-vsi-bgp1-bgp] route-distinguisher 169.1.1.2:1
    [PE2-vsi-bgp1-bgp] vpn-target 100:1 import-extcommunity
    [PE2-vsi-bgp1-bgp] vpn-target 100:1 export-extcommunity
    [PE2-vsi-bgp1-bgp] site 2 range 5 default-offset 0
    [PE2-vsi-bgp1-bgp] quit
    [PE2-vsi-bgp1] quit

  7. Bind VSIs to the AC interfaces on PEs.

    # Bind a VSI to VLANIF10 on PE1.

    [PE1] interface vlanif 10
    [PE1-Vlanif10] l2 binding vsi bgp1
    [PE1-Vlanif10] quit

    # Bind a VSI to VLANIF40 on PE2.

    [PE2] interface vlanif 40
    [PE2-Vlanif40] l2 binding vsi bgp1
    [PE2-Vlanif40] quit

  8. Verify the configuration.

    # After the network becomes stable, run the display vsi name bgp1 verbose command on PE1. You can see that a VSI named bgp1 has established a PW to PE2, and the status of the VSI is Up.

    [PE1] display vsi name bgp1 verbose
     
     ***VSI Name               : bgp1
        Administrator VSI      : no
        Isolate Spoken         : disable
        VSI Index              : 0
        PW Signaling           : bgp
        Member Discovery Style : auto
        PW MAC Learn Style     : unqualify
        Encapsulation Type     : vlan
        MTU                    : 1500
        Diffserv Mode          : uniform
        Mpls Exp               : --
        DomainId               : 255
        Domain Name            : 
        Ignore AcState         : disable
        P2P VSI                : disable
        Create Time            : 0 days, 0 hours, 1 minutes, 3 seconds
        VSI State              : up
     
        BGP RD                 : 168.1.1.1:1
        SiteID/Range/Offset    : 1/5/0
        Import vpn target      : 100:1                  
        Export vpn target      : 100:1                  
        Remote Label Block     : 35840/5/0 
        Local Label Block      : 0/35840/5/0 
    
        Interface Name         : Vlanif10
        State                  : up
        Access Port            : false
        Last Up Time           : 2014/11/10 20:34:49
        Total Up Time          : 0 days, 0 hours, 1 minutes, 3 seconds
    
      **PW Information:
    
       *Peer Ip Address        : 3.3.3.9
        PW State               : up
        Local VC Label         : 35842
        Remote VC Label        : 35841
        PW Type                : label 
        Local  VCCV            : alert lsp-ping bfd
        Remote VCCV            : alert lsp-ping bfd
        Tunnel ID              : 0x31 
        Broadcast Tunnel ID    : 0x31 
        Broad BackupTunnel ID  : 0x0 
        Ckey                   : 0xe
        Nkey                   : 0xd
        Main PW Token          : 0x31 
        Slave PW Token         : 0x0 
        Tnl Type               : LSP 
        OutInterface           : Vlanif20 
        Backup OutInterface    :  
        Stp Enable             : 0 
        PW Last Up Time        : 2014/11/10 20:35:51
        PW Total Up Time       : 0 days, 0 hours, 9 minutes, 1 seconds
    

    CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.

    [CE1] ping 10.1.1.2
      PING 10.1.1.2: 56  data bytes, press CTRL_C to break                          
        Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=1 ms                  
        Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms                  
        Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms                  
        Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms                  
        Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=1 ms                  
                                                                                    
      --- 10.1.1.2 ping statistics ---                                              
        5 packet(s) transmitted                                                     
        5 packet(s) received                                                        
        0.00% packet loss                                                           
        round-trip min/avg/max = 1/1/1 ms                                           
                                                                                    

Configuration Files

  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.1.1 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 40
    #
    interface Vlanif40
     ip address 10.1.1.2 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    return
  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 20
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls l2vpn
    #
    vsi bgp1 auto
     pwsignal bgp
      route-distinguisher 168.1.1.1:1
      vpn-target 100:1 import-extcommunity
      vpn-target 100:1 export-extcommunity
      site 1 range 5 default-offset 0
    #
    mpls ldp
    #
    interface Vlanif10
     l2 binding vsi bgp1
    #
    interface Vlanif20
     ip address 168.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100 
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     # 
     ipv4-family unicast
      undo synchronization
      peer 3.3.3.9 enable
     #
     vpls-family
      policy vpn-target
      peer 3.3.3.9 enable
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 168.1.1.0 0.0.0.255
    #
    return
  • P configuration file

    #
    sysname P
    #
    vlan batch 20 30
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls ldp
    #
    interface Vlanif20
     ip address 168.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif30
     ip address 169.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 168.1.1.0 0.0.0.255
      network 169.1.1.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    vlan batch 30 40
    #
    mpls lsr-id 3.3.3.9
    mpls
    #
    mpls l2vpn
    #
    vsi bgp1 auto
     pwsignal bgp
      route-distinguisher 169.1.1.2:1
      vpn-target 100:1 import-extcommunity
      vpn-target 100:1 export-extcommunity 
      site 2 range 5 default-offset 0
    #
    mpls ldp
    #
    interface Vlanif30
     ip address 169.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     l2 binding vsi bgp1
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     # 
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.9 enable
     #
     vpls-family
      policy vpn-target
      peer 1.1.1.9 enable
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 169.1.1.0 0.0.0.255
    #
    return
Translation
Download
Updated: 2019-04-18

Document ID: EDOC1000141944

Views: 72287

Downloads: 507

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next