No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S1720, S2700, S5700, and S6720 V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Mixed Multi-hop PW

Example for Configuring a Mixed Multi-hop PW

Networking Requirements

As shown in Figure 6-23, the carrier MPLS network provides L2VPN services for users. The SPE has powerful functions, and UPE1 and UPE2 (UPE2 supports only static PWs) function as access devices and cannot directly establish a remote LDP session. UPE1 and UPE2 connect to many users with variable quantities. A VPN solution is required to provide secure VPN services and facilitate configuration and maintenance for new access users.

NOTE:

By default, link type negotiation is enabled globally on the device. If a VLANIF interface is used as an AC-side interface for L2VPN, the configuration conflicts with link type negotiation. In this case, run the lnp disable command in the system view to disable link type negotiation.

The lnp disable command has no impact on services before the device restarts. After the device restarts, the device can only forward packets from the VLANs specified by the port default vlan command at Layer 2. The port default vlan 1 command is configured by default, so only packets of VLAN 1 can be forwarded at Layer 2.

Figure 6-23  Networking diagram of configuring a mixed multi-hop PW

Configuration Roadmap

Because the SPE has powerful functions, and UPE1 and UPE2 cannot directly establish a remote LDP session, configure a multi-hop PW and PW switching on SPE. UPE2 supports only static PWs, so a mixed multi-hop PW is used.

The configuration roadmap is as follows:

  1. Configure an IGP protocol on the backbone network so that backbone network devices can communicate.

  2. Configure basic MPLS functions and establish LSP tunnels on the backbone network.

  3. Set up a remote LDP session between UPE1 and SPE.

  4. Set up static or dynamic MPLS L2VC connections on UPEs.

  5. Configure PW switching on SPE.

Procedure

  1. Configure VLANs that each interface belongs to and assign an IP address to each VLANIF interface according to Figure 6-23.

    # Configure CE1. The configuration on UPE1, P1, SPE, P2, UPE2, and CE2 is similar to the CE1, and is not mentioned here.

    <HUAWEI> system-view
    [HUAWEI] sysname CE1
    [CE1] vlan batch 10
    [CE1] interface vlanif 10
    [CE1-Vlanif10] ip address 192.168.1.1 255.255.255.0
    [CE1-Vlanif10] quit
    [CE1] interface gigabitethernet 0/0/1
    [CE1-GigabitEthernet0/0/1] port link-type trunk
    [CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
    [CE1-GigabitEthernet0/0/1] quit

  2. Configure an IGP protocol on the MPLS backbone network.

    Configure an IGP on the MPLS backbone network. This example uses OSPF.

    When configuring OSPF, advertise 32-bit IP addresses of loopback interfaces on UPE1, SPE, and UPE2.

    # Configure UPE1. The configuration on P1, SPE, P2, and UPE2 is similar to the UPE1, and is not mentioned here.

    [UPE1]  interface loopback 0
    [UPE1-LoopBack0] ip address 1.1.1.9 255.255.255.255
    [UPE1-LoopBack0] quit
    [UPE1] ospf 1
    [UPE1-ospf-1] area 0
    [UPE1-ospf-1-area-0.0.0.0] network 50.1.1.0 0.0.0.255
    [UPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [UPE1-ospf-1-area-0.0.0.0] quit
    [UPE1-ospf-1] quit
    

  3. Enable MPLS, set up tunnels, and set up a remote LDP session between UPE1 and SPE.

    Configure basic MPLS functions and tunnels on the MPLS backbone network. In this example, the LSP tunnel is used.

    You need to set up a remote LDP session between UPE1 and SPE.

    # Configure UPE1.

    [UPE1] mpls lsr-id 1.1.1.9
    [UPE1] mpls
    [UPE1-mpls] quit
    [UPE1] mpls ldp
    [UPE1-mpls-ldp] quit
    [UPE1] interface vlanif 20 
    [UPE1-Vlanif20] mpls
    [UPE1-Vlanif20] mpls ldp
    [UPE1-Vlanif20] quit
    [UPE1] mpls ldp remote-peer 3.3.3.9
    [UPE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
    [UPE1-mpls-ldp-remote-3.3.3.9] quit

    # Configure P1

    [P1] mpls lsr-id 2.2.2.9
    [P1] mpls
    [P1-mpls] quit
    [P1] mpls ldp
    [P1-mpls-ldp] quit
    [P1] interface vlanif 20 
    [P1-Vlanif20] mpls
    [P1-Vlanif20] mpls ldp
    [P1-Vlanif20] quit
    [P1] interface vlanif 30 
    [P1-Vlanif30] mpls
    [P1-Vlanif30] mpls ldp
    [P1-Vlanif30] quit

    # Configure SPE

    [SPE] mpls lsr-id 3.3.3.9
    [SPE] mpls
    [SPE-mpls] quit
    [SPE] mpls ldp
    [SPE-mpls-ldp] quit
    [SPE] interface vlanif 30
    [SPE-Vlanif30] mpls
    [SPE-Vlanif30] mpls ldp
    [SPE-Vlanif30] quit
    [SPE] interface vlanif 40
    [SPE-Vlanif40] mpls
    [SPE-Vlanif40] mpls ldp
    [SPE-Vlanif40] quit
    [SPE] mpls ldp remote-peer 1.1.1.9
    [SPE-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
    [SPE-mpls-ldp-remote-1.1.1.9] quit
    [SPE] mpls ldp remote-peer 5.5.5.9
    [SPE-mpls-ldp-remote-5.5.5.9] remote-ip 5.5.5.9
    [SPE-mpls-ldp-remote-5.5.5.9] quit

    # Configure P2

    [P2] mpls lsr-id 4.4.4.9
    [P2] mpls 
    [P2-mpls] quit
    [P2] mpls ldp
    [P2-mpls-ldp] quit
    [P2] interface vlanif 40
    [P2-Vlanif40] mpls
    [P2-Vlanif40] mpls ldp
    [P2-Vlanif40] quit
    [P2] interface vlanif 50
    [P2-Vlanif50] mpls
    [P2-Vlanif50] mpls ldp
    [P2-Vlanif50] quit

    # Configure UPE2

    [UPE2] mpls lsr-id 5.5.5.9
    [UPE2] mpls 
    [UPE2-mpls] quit
    [UPE2] mpls ldp
    [UPE2-mpls-ldp] quit 
    [UPE2] interface vlanif 50 
    [UPE2-Vlanif50] mpls
    [UPE2-Vlanif50] mpls ldp
    [UPE2-Vlanif50] quit
    [UPE2] mpls ldp remote-peer 3.3.3.9
    [UPE2-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
    [UPE2-mpls-ldp-remote-3.3.3.9] quit

  4. Create VCs.

    Enable MPLS L2VPN on UPE1, UPE2, and SPE.

    Configure a dynamic VC on UPE1 and a static VC on UPE2, and configure mixed PW switching on SPE.

    # Configure UPE1. In this example, a VLANIF interface is used as the AC-side interface, so you need to run the lnp disable command in the system view before performing the following steps. If you cannot disable link type negotiation on the live network, do not use a VLANIF interface as the AC-side interface.

    [UPE1] mpls l2vpn
    [UPE1-l2vpn] quit
    [UPE1] interface vlanif 10
    [UPE1-Vlanif10] mpls l2vc 3.3.3.9 100 
    [UPE1-Vlanif10] quit
    NOTE:

    When configuring mixed PW switching, ip-address vc-id before between specifies the dynamic PW, and ip-address vc-id after between specifies the static PW. They cannot be interchanged.

    # Configure SPE.

    [SPE] mpls l2vpn
    [SPE-l2vpn] quit
    [SPE] mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 trans 200 recv 100 encapsulation vlan

    # Configure UPE2. In this example, a VLANIF interface is used as the AC-side interface, so you need to run the lnp disable command in the system view before performing the following steps. If you cannot disable link type negotiation on the live network, do not use a VLANIF interface as the AC-side interface.

    [UPE2] mpls l2vpn
    [UPE2-l2vpn] quit
    [UPE2] pw-template pwt
    [UPE2-pw-template-pwt] peer-address 3.3.3.9
    [UPE2-pw-template-pwt] quit
    [UPE2] interface vlanif 60
    [UPE2-Vlanif60] mpls static-l2vc pw-template pwt 200 transmit-vpn-label 100 receive-vpn-label 200
    [UPE2-Vlanif60] quit

  5. Verify the configuration.

    # After the network becomes stable, view information about L2VPN connections on PEs. You can see that an L2VC is set up and the VC status is Up.

    The display on UPE1 and SPE is used as an example.

    [UPE1] display mpls l2vc interface vlanif 10
     *client interface       : Vlanif10 is up
      Administrator PW       : no
      session state          : up
      AC status              : up
      VC state               : up
      Label state            : 0
      Token state            : 0
      VC ID                  : 100
      VC type                : VLAN
      destination            : 3.3.3.9
      local group ID         : 0            remote group ID      : 0
      local VC label         : 8195        remote VC label      : 8195
      local AC OAM State     : up
      local PSN OAM State    : up
      local forwarding state : forwarding
      local status code      : 0x0 
      remote AC OAM state    : up
      remote PSN OAM state   : up
      remote forwarding state: forwarding
      remote status code     : 0x0 
      ignore standby state   : no
      BFD for PW             : unavailable
      VCCV State             : up
      manual fault           : not set
      active state           : active
      forwarding entry       : exist
      link state             : up
      local VC MTU           : 1500         remote VC MTU        : 1500
      local VCCV             : alert lsp-ping bfd
      remote VCCV            : alert lsp-ping bfd
      local control word     : disable      remote control word  : disable
      tunnel policy name     : --
      PW template name       : --
      primary or secondary   : primary
      load balance type      : flow
      Access-port            : false
      Switchover Flag        : false
      VC tunnel/token info   : 1 tunnels/tokens
        NO.0  TNL type       : lsp   , TNL ID : 0x27
        Backup TNL type      : lsp   , TNL ID : 0x0
      create time            : 0 days, 13 hours, 3 minutes, 37 seconds
      up time                : 0 days, 12 hours, 54 minutes, 46 seconds
      last change time       : 0 days, 12 hours, 54 minutes, 46 seconds
      VC last up time        : 2010/11/24 12:31:31
      VC total up time       : 0 days, 2 hours, 12 minutes, 51 seconds
      CKey                   : 16                                                     
      NKey                   : 15   
      PW redundancy mode     : frr                                                   
      AdminPw interface      : --                                                   
      AdminPw link state     : -- 
      Diffserv Mode          : uniform
      Service Class          : --
      Color                  : --
      DomainId               : --
      Domain Name            : --
    
    [SPE] display mpls switch-l2vc
    Total Switch VC : 1, 1 up, 0 down
    
    *Switch-l2vc type             : LDP<---->SVC
     Peer IP Address              : 1.1.1.9, 5.5.5.9
     VC ID                        : 100, 200
     VC Type                      : VLAN
     VC State                     : up
     Session State                : up, None
     Local(In)/Remote(Out) Label  : 8195/8195, 100/200
     InLabel Status               : 0 , 0
     Local/Remote MTU             : 1500/1500, 1500
     Local/Remote Control Word    : Disable/Disable, Disable
     Local/Remote VCCV Capability : alert ttl lsp-ping bfd /alert ttl lsp-ping bfd , alert ttl lsp-ping bfd  
     Switch-l2vc tunnel info      :
                                    1 tunnels for peer 1.1.1.9
                                    NO.0  TNL Type : lsp   , TNL ID : 0x48002000
                                    1 tunnels for peer 5.5.5.9
                                    NO.0  TNL Type : lsp   , TNL ID : 0x48002004
     CKey                         : 44, 1                                           
     NKey                         : 43, 3  
     Tunnel policy                : --, --  
     Control-Word transparent     : NO
     Create time                  : 0 days, 0 hours, 10 minutes, 59 seconds
     UP time                      : 0 days, 0 hours, 55 minutes, 45 seconds
     Last change time             : 0 days, 0 hours, 55 minutes, 45 seconds
     VC last up time              : 2010/11/24 12:31:31
     VC total up time             : 0 days, 2 hours, 12 minutes, 51 seconds
    

    CE1 and CE2 can ping each other successfully.

    The display on CE1 is used as an example.

    [CE1] ping 192.168.1.2
      PING 192.168.1.2: 56  data bytes, press CTRL_C to break
        Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time=270 ms
        Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time=220 ms
        Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time=190 ms
        Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time=190 ms
        Reply from 192.168.1.2: bytes=56 Sequence=5 ttl=255 time=160 ms
    
      --- 192.168.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 160/206/270 ms

Configuration Files

  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 192.168.1.1 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • UPE1 configuration file

    The lnp disable command has no impact on services before the device restarts. After the device restarts, the device can only forward packets from the VLANs specified by the port default vlan command at Layer 2. The port default vlan 1 command is configured by default, so only packets of VLAN 1 can be forwarded at Layer 2.

    #
    sysname UPE1
    #
    vlan batch 10 20
    #
    lnp disable
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls l2vpn
    #
    mpls ldp
    #
    mpls ldp remote-peer 3.3.3.9
     remote-ip 3.3.3.9
    #
    interface Vlanif10
     mpls l2vc 3.3.3.9 100
    #
    interface Vlanif20
     ip address 50.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface LoopBack0
     ip address 1.1.1.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 50.1.1.0 0.0.0.255
    #
    return
  • P1 configuration file

    #
    sysname P1
    #
    vlan batch 20 30
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls ldp
    #
    interface Vlanif20
     ip address 50.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif30
     ip address 20.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack0
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 50.1.1.0 0.0.0.255
    #
    return
  • SPE configuration file

    #
    sysname SPE
    #
    vlan batch 30 40
    #
    mpls lsr-id 3.3.3.9
    mpls
    #
    mpls l2vpn
    #
    mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 trans 200 recv 100 encapsulation vlan
    #
    mpls ldp
    #
    mpls ldp remote-peer 1.1.1.9
     remote-ip 1.1.1.9
    #
    mpls ldp remote-peer 5.5.5.9
     remote-ip 5.5.5.9
    #
    interface Vlanif30
     ip address 20.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     ip address 30.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack0
     ip address 3.3.3.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 30.1.1.0 0.0.0.255
    #
    return
  • P2 configuration file

    #
    sysname P2
    #
    vlan batch 40 50
    #
    mpls lsr-id 4.4.4.9
    mpls
    #
    mpls ldp
    #
    interface Vlanif40
     ip address 30.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif50
     ip address 40.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 50
    #
    interface LoopBack0
     ip address 4.4.4.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.9 0.0.0.0
      network 30.1.1.0 0.0.0.255
      network 40.1.1.0 0.0.0.255
    #
    return
  • UPE2 configuration file

    The lnp disable command has no impact on services before the device restarts. After the device restarts, the device can only forward packets from the VLANs specified by the port default vlan command at Layer 2. The port default vlan 1 command is configured by default, so only packets of VLAN 1 can be forwarded at Layer 2.

    #
    sysname UPE2
    #
    vlan batch 50 60
    #
    lnp disable
    #
    mpls lsr-id 5.5.5.9
    mpls
    #
    mpls l2vpn
    #
    pw-template pwt
     peer-address 3.3.3.9
    #
    mpls ldp
    #
    mpls ldp remote-peer 3.3.3.9
     remote-ip 3.3.3.9
    #
    interface Vlanif50
     ip address 40.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif60
     mpls static-l2vc pw-template pwt 200 transmit-vpn-label 100 receive-vpn-label 200
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 50
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 60
    #
    interface LoopBack0
     ip address 5.5.5.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 5.5.5.9 0.0.0.0
      network 40.1.1.0 0.0.0.255
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 60
    #
    interface Vlanif60
     ip address 192.168.1.2 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 60
    #
    return
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141944

Views: 111815

Downloads: 588

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next