No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S1720, S2700, S5700, and S6720 V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring BGP AD VPLS

Example for Configuring BGP AD VPLS

Networking Requirements

Figure 7-33 shows a backbone network built by an enterprise. There are a large number of branch sites on the backbone network (only three sites are shown in this example). The network environment often changes. Site1 connects to PE1 through CE1 and then connects to the backbone network. Site2 connects to PE2 through CE2 and then connects to the backbone network. Site3 connects to PE3 through CE3 and then connects to the backbone network. Users at Site1, Site2, and Site3 need to communicate at Layer 2 and user information needs to be reserved when Layer 2 packets are transmitted over the backbone network.

NOTE:

In this scenario, to avoid loops, ensure that all connected interfaces have STP disabled and connected interfaces are removed from VLAN 1. If STP is enabled and VLANIF interfaces of switches are used to construct a Layer 3 ring network, an interface on the network will be blocked. As a result, Layer 3 services on the network cannot run normally.

Figure 7-33  Networking diagram for configuring BGP AD VPLS

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure transparent transmission of Layer 2 packets over the backbone network using VPLS to enable users at Site1, Site2, and Site3 to communicate at Layer 2 and reserve user information when Layer 2 packets are transmitted over the backbone network.

  2. Use BGP AD VPLS to implement Layer 2 communication between CEs on an enterprise network with many sites and complex network environments.

  3. Configure the IGP routing protocol on the backbone network to implement data transmission on the public network between PEs.

  4. Configure basic MPLS functions and LDP on the backbone network to support VPLS.

  5. Establish tunnels for transmitting data between PEs to prevent data from being known by the public network.

  6. Enable MPLS L2VPN on PEs to implement VPLS.

  7. Enable BGP peers to exchange VPLS information between PEs, create a VSI on each PE, specify BGP as the signaling protocol, specify the RD, VPN target, and site of the VSI, and bind AC interfaces to VSIs to implement BGP AD VPLS.

Procedure

  1. Configure VLANs that interfaces belong to.

    Configure the VLAN that each interface belongs to and assign IP addresses to interfaces on Switch.

    # Configure CE1. The configuration on PE1, PE2, PE3, CE2, and CE3 is similar to the CE1, and is not mentioned here.

    <HUAWEI> system-view
    [HUAWEI] sysname CE1
    [CE1] vlan 10
    [CE1-vlan10] quit
    [CE1] interface vlanif 10
    [CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
    [CE1-Vlanif10] quit
    [CE1] interface gigabitethernet 0/0/1
    [CE1-GigabitEthernet0/0/1] port link-type trunk
    [CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
    [CE1-GigabitEthernet0/0/1] quit
    NOTE:

    Do not add AC-side physical interfaces and PW-side physical interfaces of a PE to the same VLAN; otherwise, a loop may occur.

  2. Configure the IGP protocol. OSPF is used in this example.

    When configuring OSPF, advertise the 32-bit address of the loopback interface (LSR IDs) on PE1, PE2, and PE3.

    Configure OSPF on PE1, PE2, and PE3.

    # Configure PE1. The configuration on PE2 and PE3 is similar to the PE1, and is not mentioned here.

    [PE1] interface loopback 1
    [PE1-LoopBack1] ip address 1.1.1.9 255.255.255.255
    [PE1-LoopBack1] quit
    [PE1] ospf 1
    [PE1-ospf-1] area 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] network 168.1.1.0 0.0.0.255
    [PE1-ospf-1-area-0.0.0.0] network 168.1.2.0 0.0.0.255
    [PE1-ospf-1-area-0.0.0.0] quit
    [PE1-ospf-1] quit
    

    After the configuration is complete, run the display ip routing-table command on PE1, PE2, and PE3. You can view the routes learned by PE1, PE2, and PE3 from each other.

  3. Configure basic MPLS functions and LDP.

    Configure basic MPLS functions and LDP on PE1, PE2, and PE3.

    # Configure PE1. The configuration on PE2 and PE3 is similar to the PE1, and is not mentioned here.

    [PE1] mpls lsr-id 1.1.1.9
    [PE1] mpls
    [PE1-mpls] quit
    [PE1] mpls ldp
    [PE1-mpls-ldp] quit
    [PE1] interface vlanif 20
    [PE1-Vlanif20] mpls
    [PE1-Vlanif20] mpls ldp
    [PE1-Vlanif20] quit
    [PE1] interface vlanif 30
    [PE1-Vlanif30] mpls
    [PE1-Vlanif30] mpls ldp
    [PE1-Vlanif30] quit
    

    After the configuration is complete, run the display mpls ldp peer command on PE1, PE2, and PE3. you can see that the peer relationship is established between each pair of PE1, PE2, and PE3. Run the display mpls ldp session command on PE1, PE2, and PE3, and you can see that an LDP session is set up between each pair of PE1, PE2, and PE3. Run the display mpls lsp command to view the LSP status.

  4. Enable BGP peers to exchange VPLS member information.

    # Configure PE1.

    [PE1] bgp 100
    [PE1-bgp] peer 2.2.2.9 as-number 100
    [PE1-bgp] peer 2.2.2.9 connect-interface loopback 1
    [PE1-bgp] peer 3.3.3.9 as-number 100
    [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
    [PE1-bgp] l2vpn-ad-family
    [PE1-bgp-af-l2vpn-ad] peer 2.2.2.9 enable
    [PE1-bgp-af-l2vpn-ad] peer 3.3.3.9 enable
    [PE1-bgp-af-l2vpn-ad] quit
    [PE1-bgp] quit

    # Configure PE2.

    [PE2] bgp 100
    [PE2-bgp] peer 1.1.1.9 as-number 100
    [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
    [PE2-bgp] peer 3.3.3.9 as-number 100
    [PE2-bgp] peer 3.3.3.9 connect-interface loopback 1
    [PE2-bgp] l2vpn-ad-family
    [PE2-bgp-af-l2vpn-ad] peer 1.1.1.9 enable
    [PE2-bgp-af-l2vpn-ad] peer 3.3.3.9 enable
    [PE2-bgp-af-l2vpn-ad] quit
    [PE2-bgp] quit

    # Configure PE3.

    [PE3] bgp 100
    [PE3-bgp] peer 1.1.1.9 as-number 100
    [PE3-bgp] peer 1.1.1.9 connect-interface loopback 1
    [PE3-bgp] peer 2.2.2.9 as-number 100
    [PE3-bgp] peer 2.2.2.9 connect-interface loopback 1
    [PE3-bgp] l2vpn-ad-family
    [PE3-bgp-af-l2vpn-ad] peer 1.1.1.9 enable
    [PE3-bgp-af-l2vpn-ad] peer 2.2.2.9 enable
    [PE3-bgp-af-l2vpn-ad] quit
    [PE3-bgp] quit
    

  5. Enable MPLS L2VPN on PEs.

    # Configure PE1.

    [PE1] mpls l2vpn
    [PE1-l2vpn] quit

    # Configure PE2.

    [PE2] mpls l2vpn
    [PE2-l2vpn] quit

    # Configure PE3.

    [PE3] mpls l2vpn
    [PE3-l2vpn] quit

  6. Configure VSIs on the PEs.

    # Configure PE1.

    [PE1] vsi vplsad1
    [PE1-vsi-vplsad1] bgp-ad
    [PE1-vsi-vplsad1-bgpad] vpls-id 168.1.1.1:1
    [PE1-vsi-vplsad1-bgpad] vpn-target 100:1 import-extcommunity
    [PE1-vsi-vplsad1-bgpad] vpn-target 100:1 export-extcommunity
    [PE1-vsi-vplsad1-bgpad] quit
    [PE1-vsi-vplsad1] quit

    # Configure PE2.

    [PE2] vsi vplsad1
    [PE2-vsi-vplsad1] bgp-ad
    [PE2-vsi-vplsad1-bgpad] vpls-id 168.1.1.1:1
    [PE2-vsi-vplsad1-bgpad] vpn-target 100:1 import-extcommunity
    [PE2-vsi-vplsad1-bgpad] vpn-target 100:1 export-extcommunity
    [PE2-vsi-vplsad1-bgpad] quit
    [PE2-vsi-vplsad1] quit

    # Configure PE3.

    [PE3] vsi vplsad1
    [PE3-vsi-vplsad1] bgp-ad
    [PE3-vsi-vplsad1-bgpad] vpls-id 168.1.1.1:1
    [PE3-vsi-vplsad1-bgpad] vpn-target 100:1 import-extcommunity
    [PE3-vsi-vplsad1-bgpad] vpn-target 100:1 export-extcommunity
    [PE3-vsi-vplsad1-bgpad] quit
    [PE3-vsi-vplsad1] quit

  7. Bind VSIs to the AC interfaces on PEs.

    # Bind a VSI to VLANIF10 on PE1.

    [PE1] interface vlanif 10
    [PE1-Vlanif10] l2 binding vsi vplsad1
    [PE1-Vlanif10] quit

    # Bind a VSI to VLANIF50 on PE2.

    [PE2] interface vlanif 50
    [PE2-Vlanif50] l2 binding vsi vplsad1
    [PE2-Vlanif50] quit

    # Bind a VSI to VLANIF60 on PE3.

    [PE3] interface vlanif 60
    [PE3-Vlanif60] l2 binding vsi vplsad1
    [PE3-Vlanif60] quit

  8. Verify the configuration.

    # After the network becomes stable, run the display vsi name vplsad1 verbose command on PE1, and you can see that the VSI named vplsad1 has established a PW to PE2 and a PW to PE3, and the status of the VSI is Up. A PW is also established between PE2 and PE3, and the status of the VSI is Up.

    [PE1] display vsi name vplsad1 verbose
    
     ***VSI Name               : vplsad1
        Administrator VSI      : no
        Isolate Spoken         : disable
        VSI Index              : 0
        PW Signaling           : bgpad
        Member Discovery Style : --
        PW MAC Learn Style     : unqualify
        Encapsulation Type     : vlan
        MTU                    : 1500
        Diffserv Mode          : uniform
        Mpls Exp               : --
        DomainId               : 255
        Domain Name            :
        Ignore AcState         : disable
        P2P VSI                : disable
        Create Time            : 0 days, 18 hours, 5 minutes, 30 seconds
        VSI State              : up
    
        VPLS ID                : 168.1.1.1:1
        RD                     : 168.1.1.1:1
        Import vpn target      : 100:1
        Export vpn target      : 100:1
        BGPAD VSI ID           : 1.1.1.9
    
       *Peer Router ID         : 2.2.2.9
        VPLS ID                : 168.1.1.1:1
        SAII                   : 1.1.1.9
        TAII                   : 2.2.2.9
        VC Label               : 1024
        Peer Type              : dynamic
        Session                : up
        Tunnel ID              : 0x80003f
        Broadcast Tunnel ID    : 0x80003f
        CKey                   : 2
        NKey                   : 1
    
       *Peer Router ID         : 3.3.3.9
        VPLS ID                : 168.1.1.1:1
        SAII                   : 1.1.1.9
        TAII                   : 3.3.3.9
        VC Label               : 1025
        Peer Type              : dynamic
        Session                : up
        Tunnel ID              : 0x800033
        Broadcast Tunnel ID    : 0x800033
        CKey                   : 4
        NKey                   : 3
    
        Interface Name         : Vlanif10
        State                  : up
        Access Port            : false
        Last Up Time           : 2012/07/06 15:54:46
        Total Up Time          : 0 days, 0 hours, 58 minutes, 24 seconds
    
       **PW Information:
    
       *Peer Ip Address        : 2.2.2.9
        PW State               : up
        Local VC Label         : 1024
        Remote VC Label        : 1024
        PW Type                : label
        Local  VCCV            : alert lsp-ping bfd
        Remote VCCV            : alert lsp-ping bfd
        Tunnel ID              : 0x80003f
        Broadcast Tunnel ID    : 0x80003f
        Broad BackupTunnel ID  : 0x0
        Ckey                   : 0x2
        Nkey                   : 0x1
        Main PW Token          : 0x80003f
        Slave PW Token         : 0x0
        Tnl Type               : LSP
        OutInterface           : Vlanif20
        Backup OutInterface    :
        Stp Enable             : 0
        PW Last Up Time        : 2012/07/06 16:18:23
        PW Total Up Time       : 0 days, 1 hours, 22 minutes, 13 seconds  
       *Peer Ip Address        : 3.3.3.9
        PW State               : up
        Local VC Label         : 1025
        Remote VC Label        : 1025
        PW Type                : label
        Local  VCCV            : alert lsp-ping bfd
        Remote VCCV            : alert lsp-ping bfd
        Tunnel ID              : 0x800033
        Broadcast Tunnel ID    : 0x800033
        Broad BackupTunnel ID  : 0x0
        Ckey                   : 0x4
        Nkey                   : 0x3
        Main PW Token          : 0x800033
        Slave PW Token         : 0x0
        Tnl Type               : LSP
        OutInterface           : Vlanif30
        Backup OutInterface    :
        Stp Enable             : 0
        PW Last Up Time        : 2012/07/06 15:56:46
        PW Total Up Time       : 0 days, 1 hours, 0 minutes, 45 seconds
    

    # CE1, CE2, and CE3 can ping each other. The following is an example that CE1 at 10.1.1.1 pings CE2 at 10.1.1.2.

    [CE1] ping 10.1.1.2
      PING 10.1.1.2: 56  data bytes, press CTRL_C to break
        Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=140 ms
        Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=140 ms
        Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=140 ms
        Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=190 ms
        Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=110 ms
    
      --- 10.1.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 110/144/190 ms 

Configuration Files

  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.1.1 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 50
    #
    interface Vlanif50
     ip address 10.1.1.2 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 50
    #
    return
  • CE3 configuration file

    #
    sysname CE3
    #
    vlan batch 60
    #
    interface Vlanif60
     ip address 10.1.1.3 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 60
    #
    return
  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 20 30
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls l2vpn
    #
    vsi vplsad1
     bgp-ad
      vpls-id 168.1.1.1:1
      vpn-target 100:1 import-extcommunity
      vpn-target 100:1 export-extcommunity
    #
    mpls ldp
    #
    interface Vlanif10
     l2 binding vsi vplsad1
    #
    interface Vlanif20
     ip address 168.1.2.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif30
     ip address 168.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface GigabitEthernet0/0/3
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100 
     peer 2.2.2.9 as-number 100
     peer 2.2.2.9 connect-interface LoopBack1 
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 2.2.2.9 enable
      peer 3.3.3.9 enable
     #
     l2vpn-ad-family
      policy vpn-target
      peer 2.2.2.9 enable
      peer 3.3.3.9 enable
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 168.1.1.0 0.0.0.255
      network 168.1.2.0 0.0.0.255
    #
    return
    
  • PE2 configuration file

    #
    sysname PE2
    #
    vlan batch 20 40 50
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls l2vpn
    #
    vsi vplsad1
     bgp-ad
      vpls-id 168.1.1.1:1
      vpn-target 100:1 import-extcommunity
      vpn-target 100:1 export-extcommunity
    #
    mpls ldp
    #
    interface Vlanif20
     ip address 168.1.2.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     ip address 169.1.3.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif50
     l2 binding vsi vplsad1
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 50
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface GigabitEthernet0/0/3
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    bgp 100 
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1 
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.9 enable
      peer 3.3.3.9 enable
     #
     l2vpn-ad-family
      policy vpn-target
      peer 1.1.1.9 enable
      peer 3.3.3.9 enable
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 168.1.2.0 0.0.0.255
      network 169.1.3.0 0.0.0.255
    #
    return
    
  • PE3 configuration file

    #
    sysname PE3
    #
    vlan batch 30 40 60
    #
    mpls lsr-id 3.3.3.9
    mpls
    #
    mpls l2vpn
    #
    vsi vplsad1
     bgp-ad
      vpls-id 168.1.1.1:1
      vpn-target 100:1 import-extcommunity
      vpn-target 100:1 export-extcommunity
    #
    mpls ldp
    #
    interface Vlanif30
     ip address 168.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     ip address 169.1.3.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif60
     l2 binding vsi vplsad1
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 60
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface GigabitEthernet0/0/3
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 100 
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1 
     peer 2.2.2.9 as-number 100
     peer 2.2.2.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.9 enable
      peer 2.2.2.9 enable
     #
     l2vpn-ad-family
      policy vpn-target
      peer 1.1.1.9 enable
      peer 2.2.2.9 enable
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 168.1.1.0 0.0.0.255
      network 169.1.3.0 0.0.0.255
    #
    return
    
Translation
Download
Updated: 2019-04-18

Document ID: EDOC1000141944

Views: 85339

Downloads: 518

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next