No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S1720, S2700, S5700, and S6720 V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Communication Between Local VPNs

Example for Configuring Communication Between Local VPNs

Networking Requirements

As shown in Figure 3-48, company A and company B realize communication between their respective headquarters and branches through BGP/MPLS IP VPN. The network deployment is as follows:
  • CE1 connects to the headquarters of company A, and CE3 connects to the branch of company A. CE1 and CE3 belong to vpna.
  • CE2 connects to the headquarters of company B, and CE4 connects to the branch of company B. CE2 and CE4 belong to vpnb.

Headquarters of company A and headquarters of company B need to communicate with each other for business.

Figure 3-48  Networking diagram for configuring communication between local VPNs

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure VPN instances on PE1 and configure different VPN targets for the instances to isolate VPNs.

  2. On PE1, bind the interfaces connected to CEs to the VPN instances to provide access for VPN users.

  3. Import direct routes to the local CEs into the VPN routing table on PE1. On each CE connected to PE1, configure a static route to the other local CE to enable the CEs to communicate with each other.

Procedure

  1. Create VLANs and configure the allowed VLANs on interfaces.

    # Configure PE1.

    <HUAWEI> system-view
    [HUAWEI] sysname PE1
    [PE1] vlan batch 10 20
    [PE1] interface gigabitethernet 0/0/1
    [PE1-GigabitEthernet0/0/1] port link-type trunk
    [PE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
    [PE1-GigabitEthernet0/0/1] quit
    [PE1] interface gigabitethernet 0/0/2
    [PE1-GigabitEthernet0/0/2] port link-type trunk
    [PE1-GigabitEthernet0/0/2] port trunk allow-pass vlan 20
    [PE1-GigabitEthernet0/0/2] quit

    # Configure CE1.

    <HUAWEI> system-view
    [HUAWEI] sysname CE1
    [CE1] vlan batch 10
    [CE1] interface gigabitethernet 0/0/1
    [CE1-GigabitEthernet0/0/1] port link-type trunk
    [CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
    [CE1-GigabitEthernet0/0/1] quit
    

    # Configure CE2.

    <HUAWEI> system-view
    [HUAWEI] sysname CE2
    [CE2] vlan batch 20
    [CE2] interface gigabitethernet 0/0/1
    [CE2-GigabitEthernet0/0/1] port link-type trunk
    [CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 20
    [CE2-GigabitEthernet0/0/1] quit

  2. Configure VPN instances on PEs and bind the interfaces connected to CEs to the VPN instances.

    # Configure PE1.

    [PE1] ip vpn-instance vpna
    [PE1-vpn-instance-vpna] ipv4-family
    [PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
    [PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 export-extcommunity
    [PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 222:2 import-extcommunity
    [PE1-vpn-instance-vpna-af-ipv4] quit
    [PE1-vpn-instance-vpna] quit
    [PE1] ip vpn-instance vpnb
    [PE1-vpn-instance-vpnb] ipv4-family
    [PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2
    [PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 export-extcommunity
    [PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 111:1 import-extcommunity
    [PE1-vpn-instance-vpnb-af-ipv4] quit
    [PE1-vpn-instance-vpnb] quit
    [PE1] interface vlanif 10
    [PE1-Vlanif10] ip binding vpn-instance vpna
    [PE1-Vlanif10] ip address 10.1.1.2 24
    [PE1-Vlanif10] quit
    [PE1] interface vlanif 20
    [PE1-Vlanif20] ip binding vpn-instance vpnb
    [PE1-Vlanif20] ip address 10.2.1.2 24
    [PE1-Vlanif20] quit
    # Assign IP addresses to interfaces on CE1 according to Figure 3-48.
    [CE1] interface vlanif 10
    [CE1-Vlanif10] ip address 10.1.1.1 24
    [CE1-Vlanif10] quit
    

    # Assign IP addresses to interfaces on CE2 according to Figure 3-48.

    [CE2] interface vlanif 20
    [CE2-Vlanif20] ip address 10.2.1.1 255.255.255.0
    [CE2-Vlanif20] quit
    

    Each PE can ping its connected CE. PE1 and CE1 are used as an example.

    [PE1] ping -vpn-instance vpna 10.1.1.1
      PING 10.1.1.1: 56  data bytes, press CTRL_C to break
        Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=5 ms
        Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=3 ms
        Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=3 ms
        Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=3 ms
        Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=16 ms
    
      --- 10.1.1.1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 3/6/16 ms  

  3. Configure BGP and import the direct routes to local CEs to the VPN routing table.

    # Configure PE1.

    [PE1] bgp 100
    [PE1-bgp] ipv4-family vpn-instance vpna
    [PE1-bgp-vpna] import-route direct
    [PE1-bgp-vpna] quit
    [PE1-bgp] ipv4-family vpn-instance vpnb
    [PE1-bgp-vpnb] import-route direct
    [PE1-bgp-vpnb] quit
    [PE1-bgp] quit
    

  4. Configure static routes on the CEs.

    # Configure CE1.

    [CE1] ip route-static 10.2.1.0 24 10.1.1.2
    

    # Configure CE2.

    [CE2] ip route-static 10.1.1.0 24 10.2.1.2
    

  5. Verify the configurations.

    After the configuration is complete, run the display ip routing-table vpn-instance command on PE1. You can see that the VPNs have imported routes of each other. The vpna is used as an example.

    [PE1] display ip routing-table vpn-instance vpna
    Route Flags: R - relay, D - download to fib
    ------------------------------------------------------------------------------
    Routing Tables: vpna
             Destinations : 4        Routes : 4
    
    Destination/Mask    Proto  Pre  Cost       Flags NextHop         Interface
    
           10.1.1.0/24  Direct 0    0            D   10.1.1.2        Vlanif10
           10.1.1.2/32  Direct 0    0            D   127.0.0.1       Vlanif10
           10.2.1.0/24  BGP    255  0            D   10.2.1.2        Vlanif20
           10.2.1.2/32  BGP    255  0            D   127.0.0.1       InLoopBack0
    

    CE1 and CE2 can ping each other.

    [CE1] ping 10.2.1.1
      PING 10.2.1.1: 56  data bytes, press CTRL_C to break
        Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms
        Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms
        Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms
        Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=253 time=50 ms
        Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms
    
      --- 10.2.1.1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 34/48/72 ms  

Configuration Files

  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 20
    #
    ip vpn-instance vpna
     ipv4-family
      route-distinguisher 100:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 222:2 import-extcommunity
    #
    ip vpn-instance vpnb
     ipv4-family 
      route-distinguisher 100:2
      vpn-target 222:2 export-extcommunity
      vpn-target 222:2 111:1 import-extcommunity
    #
    interface Vlanif10
     ip binding vpn-instance vpna
     ip address 10.1.1.2 255.255.255.0
    # 
    interface Vlanif20
     ip binding vpn-instance vpnb
     ip address 10.2.1.2 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    # 
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    bgp 100
     #
     ipv4-family unicast
      undo synchronization
     #
     ipv4-family vpn-instance vpna
      import-route direct
     #
     ipv4-family vpn-instance vpnb
      import-route direct
    #
    return
  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.1.1 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 20
    #
    interface Vlanif20
     ip address 10.2.1.1 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    ip route-static 10.1.1.0 255.255.255.0 10.2.1.2
    #
    return
Translation
Download
Updated: 2019-04-18

Document ID: EDOC1000141944

Views: 72545

Downloads: 507

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next