No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S1720, S2700, S5700, and S6720 V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Remote VLL Connection in Kompella Mode

Example for Configuring a Remote VLL Connection in Kompella Mode

Networking Requirements

The MPLS network of an ISP provides the L2VPN service for an enterprise user. The ISP needs to reserve VPN resources for eight sites of the enterprise so that new sites can be added easily, using simple configurations, in the future.

A remote VLL connection, as shown in Figure 5-29, satisfies these requirements.

NOTE:

By default, link type negotiation is enabled globally on the device. If a VLANIF interface is used as an AC-side interface for L2VPN, the configuration conflicts with link type negotiation. In this case, run the lnp disable command in the system view to disable link type negotiation.

The lnp disable command has no impact on services before the device restarts. After the device restarts, the device can only forward packets from the VLANs specified by the port default vlan command at Layer 2. The port default vlan 1 command is configured by default, so only packets of VLAN 1 can be forwarded at Layer 2.

Figure 5-29  Remote VLL connection in Kompella mode

Configuration Roadmap

VPN resources need to be reserved for eight sites to simplify configuration for future network expansion. To meet this requirement, a remote VLL connection can be set up between CE1 and C2 in Kompella mode.

The configuration roadmap is as follows:

  1. Configure an IGP on the PE and P devices on the backbone network to ensure reachability between them.

  2. Configure basic MPLS capabilities and LDP, and set up an LDP LSP tunnel between the PEs. Enable MPLS and LDP on the PE and P devices, and enable LDP on the interfaces between theses devices. The LDP LSP tunnel is used as a dedicated tunnel to transmit private network data on the public network.

  3. Enable MPLS L2VPN and configure BGP L2VPN on PEs.

  4. Configure the VPN instance and CE connections.

Procedure

  1. Configure VLANs that each interface belongs to and assign an IP address to each VLANIF interface according to Figure 5-29.

    # Configure CE1. The configurations of CE2, PE1, PE2, and the P device are similar to that of CE1, and are not mentioned here.

    <HUAWEI> system-view
    [HUAWEI] sysname CE1
    [CE1] vlan batch 10
    [CE1] interface vlanif 10
    [CE1-Vlanif10] ip address 192.168.1.1 255.255.255.0
    [CE1-Vlanif10] quit
    [CE1] interface gigabitethernet 0/0/1
    [CE1-GigabitEthernet0/0/1] port link-type trunk
    [CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
    [CE1-GigabitEthernet0/0/1] quit

  2. Configure an IGP protocol on the MPLS backbone network.

    In this example, OSPF is used as the IGP protocol. When configuring OSPF, advertise the 32-bit addresses of loopback interfaces on PEs and P. The loopback interface addresses are the LSR IDs.

    # Configure PE1. The configurations of PE2, and the P device are similar to that of PE1, and are not mentioned here.

    [PE1] interface loopback 1
    [PE1-LoopBack1] ip address 1.1.1.9 32
    [PE1-LoopBack1] quit
    [PE1] ospf 1
    [PE1-ospf-1] area 0
    [PE1-ospf-1-area-0.0.0.0] network 168.1.1.0 0.0.0.255
    [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] quit
    [PE1-ospf-1] quit
    

    After the configuration is complete, run the display ip routing-table command on each LSR. You can view that the LSRs have learned the routes from each other.

    The command output of PE1 is used as an example.

    [PE1] display ip routing-table
    Route Flags: R - relay, D - download to fib
    ------------------------------------------------------------------------------
    Routing Tables: Public
             Destinations : 8        Routes : 8
    
    Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
    
            1.1.1.9/32  Direct 0    0           D  127.0.0.1       LoopBack1
            2.2.2.9/32  OSPF   10   1           D  168.1.1.2       Vlanif20
            3.3.3.9/32  OSPF   10   2           D  168.1.1.2       Vlanif20
          127.0.0.0/8   Direct 0    0           D  127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct 0    0           D  127.0.0.1       InLoopBack0
          168.1.1.0/24  Direct 0    0           D  168.1.1.1       Vlanif20
          168.1.1.1/32  Direct 0    0           D  127.0.0.1       Vlanif20
          169.1.1.0/24  OSPF   10   2           D  168.1.1.2       Vlanif20
    

    Run the display ospf peer command, and you can see that the OSPF neighbor relationship is set up and the neighbor status is Full.

    Take the display on PE1 for example:

    [PE1] display ospf peer
    
              OSPF Process 1 with Router ID 1.1.1.9
                      Neighbors
    
     Area 0.0.0.0 interface 168.1.1.1(Vlanif20)'s neighbors
     Router ID: 2.2.2.9       Address: 168.1.1.2
       State: Full  Mode:Nbr is  Master  Priority: 1
       DR: 168.1.1.1  BDR: 168.1.1.2  MTU: 0
       Dead timer due in 35  sec
       Retrans timer interval: 5 
       Neighbor is up for 00:17:12
       Authentication Sequence: [ 0 ]
    
    

  3. Configure basic MPLS functions and LDP, and set up LDP LSPs.

    # Configure PE1.

    [PE1] mpls lsr-id 1.1.1.9
    [PE1] mpls
    [PE1-mpls] quit
    [PE1] mpls ldp
    [PE1-mpls-ldp] quit
    [PE1] interface vlanif 20
    [PE1-Vlanif20] mpls
    [PE1-Vlanif20] mpls ldp
    [PE1-Vlanif20] quit

    # Configure the P device.

    [P] mpls lsr-id 2.2.2.9
    [P] mpls
    [P-mpls] quit
    [P] mpls ldp
    [P-mpls-ldp] quit
    [P] interface vlanif 20
    [P-Vlanif20] mpls
    [P-Vlanif20] mpls ldp
    [P-Vlanif20] quit
    [P] interface vlanif 30
    [P-Vlanif30] mpls
    [P-Vlanif30] mpls ldp
    [P-Vlanif30] quit

    # Configure PE2.

    [PE2] mpls lsr-id 3.3.3.9
    [PE2] mpls
    [PE2-mpls] quit
    [PE2] mpls ldp
    [PE2-mpls-ldp] quit
    [PE2] interface vlanif 30
    [PE2-Vlanif30] mpls
    [PE2-Vlanif30] mpls ldp
    [PE2-Vlanif30] quit

    After the configuration is complete, run the display mpls ldp session and display mpls ldp peer commands on each LSR. You can see information about the LDP session and peers.

    The command output of PE1 is used as an example.

    [PE1] display mpls ldp session
    
     LDP Session(s) in Public Network
     Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
     A '*' before a session means the session is being deleted.
     ------------------------------------------------------------------------------
     PeerID             Status      LAM  SsnRole  SsnAge      KASent/Rcv
     ------------------------------------------------------------------------------
     2.2.2.9:0          Operational DU   Passive  0000:00:07  32/32
     ------------------------------------------------------------------------------
     TOTAL: 1 session(s) Found.
    
    
    [PE1] display mpls ldp peer
    
    LDP Peer Information in Public network
     A '*' before a peer means the peer is being deleted.   
     ------------------------------------------------------------------------------
     PeerID                TransportAddress   DiscoverySource
     ------------------------------------------------------------------------------
     2.2.2.9:0              2.2.2.9            Vlanif20
     ------------------------------------------------------------------------------
     TOTAL: 1 Peer(s) Found.
    
    

  4. Configure basic BGP L2VPN capabilities.

    # Configure PE1.

    [PE1] mpls l2vpn
    [PE1-l2vpn] quit
    [PE1] bgp 100
    [PE1-bgp] peer 3.3.3.9 as-number 100
    [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
    [PE1-bgp] l2vpn-family
    [PE1-bgp-af-l2vpn] peer 3.3.3.9 enable
    [PE1-bgp-af-l2vpn] quit
    [PE1-bgp] quit

    # Configure PE2.

    [PE2] mpls l2vpn
    [PE2-l2vpn] quit
    [PE2] bgp 100
    [PE2-bgp] peer 1.1.1.9 as-number 100
    [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
    [PE2-bgp] l2vpn-family
    [PE2-bgp-af-l2vpn] peer 1.1.1.9 enable
    [PE2-bgp-af-l2vpn] quit
    [PE2-bgp] quit

    After the configuration is complete, run the display bgp l2vpn peer command on PE1 and PE2. You can see that the peer relationship between the PEs is Established.

    The command output of PE1 is used as an example.

    [PE1] display bgp l2vpn peer
    
     BGP local router ID : 1.1.1.9
     Local AS number : 100
     Total number of peers : 1                 Peers in established state : 1
    
      Peer            V    AS  MsgRcvd  MsgSent  OutQ  Up/Down   State        PrefRcv
    
      3.3.3.9         4   100        2        4     0  00:00:32 Established       0
    

  5. Configure the L2VPN and CE connections.

    # Configure PE1. In this example, a VLANIF interface is used as the AC-side interface, so you need to run the lnp disable command in the system view before performing the following steps. If you cannot disable link type negotiation on the live network, do not use a VLANIF interface as the AC-side interface.

    [PE1] mpls l2vpn vpn1 encapsulation vlan
    [PE1-mpls-l2vpn-vpn1] route-distinguisher 100:1
    [PE1-mpls-l2vpn-vpn1] vpn-target 1:1
    [PE1-mpls-l2vpn-vpn1] ce ce1 id 1 range 10
    [PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface vlanif 10
    [PE1-mpls-l2vpn-ce-vpn1-ce1] quit
    [PE1-mpls-l2vpn-vpn1] quit

    # Configure PE2. In this example, a VLANIF interface is used as the AC-side interface, so you need to run the lnp disable command in the system view before performing the following steps. If you cannot disable link type negotiation on the live network, do not use a VLANIF interface as the AC-side interface.

    [PE2] mpls l2vpn vpn1 encapsulation vlan
    [PE2-mpls-l2vpn-vpn1] route-distinguisher 100:1
    [PE2-mpls-l2vpn-vpn1] vpn-target 1:1
    [PE2-mpls-l2vpn-vpn1] ce ce2 id 2 range 10
    [PE2-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface vlanif 40
    [PE2-mpls-l2vpn-ce-vpn1-ce2] quit
    [PE2-mpls-l2vpn-vpn1] quit

  6. Verify the configuration.

    After the configuration is complete, run the display mpls l2vpn connection command on PEs. The command output shows that an L2VPN connection is up.

    The command output of PE1 is used as an example.

    [PE1] display mpls l2vpn connection
    1 total connections,
    connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
    
    VPN name: vpn1,
    1 total connections,
    connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
    
      CE name: ce1, id: 1,
      Rid type status peer-id         route-distinguisher interface
      primary or not
    ----------------------------------------------------------------------------
      2   rmt  up     3.3.3.9         100:1                Vlanif10
      primary
    

    CE1 and CE2 can ping each other.

    [CE1] ping 192.168.1.2
      PING 192.168.1.2: 56  data bytes, press CTRL_C to break
        Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms
        Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time=77 ms
        Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time=34 ms
        Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time=46 ms
        Reply from 192.168.1.2: bytes=56 Sequence=5 ttl=255 time=94 ms
    
      --- 192.168.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 34/68/94 ms 

Configuration Files

  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 192.168.1.1 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • PE1 configuration file

    The lnp disable command has no impact on services before the device restarts. After the device restarts, the device can only forward packets from the VLANs specified by the port default vlan command at Layer 2. The port default vlan 1 command is configured by default, so only packets of VLAN 1 can be forwarded at Layer 2.

    #
    sysname PE1
    #
    vlan batch 10 20
    #
    lnp disable
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls l2vpn
    #
    mpls ldp
    #
    interface Vlanif10
    #
    interface Vlanif20
     ip address 168.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    mpls l2vpn vpn1 encapsulation vlan
     route-distinguisher 100:1
     vpn-target 1:1 import-extcommunity
     vpn-target 1:1 export-extcommunity
     ce ce1 id 1 range 10 default-offset 0
      connection ce-offset 2 interface Vlanif10
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 3.3.3.9 enable
     #
     l2vpn-family
      policy vpn-target
      peer 3.3.3.9 enable
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 168.1.1.0 0.0.0.255
    #
    return
  • P configuration file

    #
    sysname P
    #
    vlan batch 20 30
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls ldp
    #
    interface Vlanif20
     ip address 168.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif30
     ip address 169.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 168.1.1.0 0.0.0.255
      network 169.1.1.0 0.0.0.255
    #
    return
  • PE2 configuration file

    The lnp disable command has no impact on services before the device restarts. After the device restarts, the device can only forward packets from the VLANs specified by the port default vlan command at Layer 2. The port default vlan 1 command is configured by default, so only packets of VLAN 1 can be forwarded at Layer 2.

    #
    sysname PE2
    #
    vlan batch 30 40
    #
    lnp disable
    #
    mpls lsr-id 3.3.3.9
    mpls
    #
    mpls l2vpn
    #
    mpls ldp
    #
    interface Vlanif30
     ip address 169.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    mpls l2vpn vpn1 encapsulation vlan
     route-distinguisher 100:1
     vpn-target 1:1 import-extcommunity
     vpn-target 1:1 export-extcommunity
     ce ce2 id 2 range 10 default-offset 0
      connection ce-offset 1 interface Vlanif40
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.9 enable
     #
     l2vpn-family
      policy vpn-target
      peer 1.1.1.9 enable
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 169.1.1.0 0.0.0.255
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 40
    #
    interface Vlanif40
     ip address 192.168.1.2 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    return
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141944

Views: 110130

Downloads: 588

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next