No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S1720, S2700, S5700, and S6720 V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configure Route Exchange Between an MCE Device and VPN Sites

Configure Route Exchange Between an MCE Device and VPN Sites

Context

Routing protocols that can be used between an MCE device and VPN sites are IPv6 static routing, RIPng, OSPFv3, IS-IS IPv6, and BGP4+. Choose one of the following configurations as needed:

The following configurations are performed on the MCE device. On the devices in the site, you only need to configure the corresponding routing protocol.

Configure IPv6 Static Routes Between an MCE Device and a Site

Perform the following configurations on the MCE device. You only need to configure a IPv6 static route to the MCE device in the site. The site configuration is not provided here. For detailed configuration of static routes, see Configuring IPv6 Static Routes in the S1720, S2700, S5700, and S6720 V200R010C00 Configuration Guide - IP Unicast Routing.

Table 4-12  MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Configure an ipv6 static route to the site.

ipv6 route-static vpn-instance vpn-instance-name dest-ipv6-address prefix-length { [ interface-type interface-number ] nexthop-ipv6-address | nexthop-ipv6-address [ public ] } [ preference preference | tag tag ] *

You must specify the next hop address on the MCE device.

Configure RIPng Between an MCE Device and a Site

Perform the following configurations on the MCE device. For detailed RIPng configuration, see RIPng Configuration in the S1720, S2700, S5700, and S6720 V200R010C00 Configuration Guide - IP Unicast Routing.
Table 4-13  MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Create a RIPng process running between the MCE device and the site and enter the RIPng view.

ripng process-id vpn-instance vpn-instance-name

A RIPng process can be bound to only one VPN instance. If a RIPng process is not bound to any VPN instance before it is started, this process becomes a public network process and can no longer be bound to a VPN instance.

(Optional) Import the routes to the remote sites advertised by the PE device in to the RIPng routing table.

import-route { { ripng | isis | ospfv3 } [ process-id ] | bgp | unr | direct | static } [ cost cost | route-policy route-policy-name ] *

Perform this step if another routing protocol is running between the MCE and PE devices in the VPN instance.

Return to system view.

quit

-

Enter the view of the interface to which the VPN instance is bound.

interface interface-type interface-number

-

Enable RIPng on the interface.

ripng process-id enable

-

Configure OSPFv3 Between an MCE Device and a Site

Perform the following configurations on the MCE device. Configure OSPFv3 in the site. The site configuration is not provided here. For detailed OSPFv3 configuration, see OSPFv3 Configuration in the S1720, S2700, S5700, and S6720 V200R010C00 Configuration Guide - IP Unicast Routing.

Table 4-14  MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Create an OSPFv3 process running between the MCE device and the site and enter the OSPFv3 view.

ospfv3 process-id vpn-instance vpn-instance-name

-

Configure the OSPFv3 router ID.

router-id router-id

-

(Optional) Import the routes to the remote sites advertised by the PE device into the OSPFv3 routing table.

import-route { bgp [ permit-ibgp ] | unr | direct | ripng help-process-id | static | isis help-process-id | ospfv3 help-process-id } [ cost cost | type type | tag tag | route-policy route-policy-name ] *

Perform this step if another routing protocol is running between the MCE and PE devices in the VPN instance.

Return to system view.

quit

-

Enter the view of the interface to which the VPN instance is bound.

interface interface-type interface-number

-

Enable OSPFv3 on the interface.

ospfv3 process-id area area-id [ instance instance-id ]

-

Configure IS-IS IPv6 Between an MCE Device and a Site

Perform the following configurations on the MCE device. You only need to configure IS-IS IPv6 in the site. The site configuration is not provided here. For detailed IS-IS configuration, see IPv6 IS-IS Configuration in the S1720, S2700, S5700, and S6720 V200R010C00 Configuration Guide - IP Unicast Routing.

Table 4-15  MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Create an IS-IS process running between the MCE device and the site and enter the IS-IS IPv6 view.

isis process-id vpn-instance vpn-instance-name

An IS-IS process can be bound to only one VPN instance. If an IS-IS IPv6 process is not bound to any VPN instance before it is started, this process becomes a public network process and can no longer be bound to a VPN instance.

Set a network entity title (NET) for the IS-IS process.

network-entity net

A NET specifies the current IS-IS area address and the system ID of the switch. A maximum of three NETs can be configured for one process on each switch.

Enable IS-IS IPv6 on the process.

ipv6 enable [ topology { compatible [ enable-mt-spf ] | ipv6 | standard } ]

-

(Optional) Import the routes to the remote sites advertised by the PE device into the IS-IS IPv6 routing table.

Use either of the following commands:
  • ipv6 import-route { direct | unr | { ospfv3 | ripng | isis } [ process-id ] | bgp } inherit-cost [ tag tag | route-policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ] *

  • ipv6 import-route { static | direct | unr | { ospfv3 | ripng | isis } [ process-id ] | bgp } [ cost cost | tag tag | route-policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ] *

Perform this step if another routing protocol is running between the MCE and PE devices in the VPN instance.

Return to system view.

quit

-

Enter the view of the interface to which the VPN instance is bound.

interface interface-type interface-number

-

Enable IS-IS IPv6 on the interface.

isis ipv6 enable [ process-id ]

-

Configure BGP4+ between an MCE Device and a Site

Perform the following configurations on the MCE device.
Table 4-16  MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Enter the BGP view.

bgp { as-number-plain | as-number-dot }

-

Enter the BGP-VPN instance IPv6 address family view.

ipv6-family vpn-instance vpn-instance-name

-

Configure the device connected to the MCE device in the site as a VPN peer.

peer ipv6-address as-number as-number

-

Import the routes to the remote sites advertised by the PE device into the BGP routing table.

import-route protocol [ process-id ] [ med med | route-policy route-policy-name ] *

Perform this step if another routing protocol is running between the MCE and PE devices in the VPN instance.

Perform the following configurations on the device connected to the MCE device in the site.
Table 4-17  Site configuration

Action

Command

Description

Enter the system view.

system-view

-

Enter the BGP view.

bgp { as-number-plain | as-number-dot }

-

Configure the MCE device as an EBGP peer.

peer ipv6-address as-number as-number

-

Enter the BGP IPv6 address family view.

ipv6-family unicast

-

Configure the MCE device as a VPN peer.

peer { group-name | ipv6-address } enable

-

Import IGP routes of the VPN into the BGP routing table.

import-route protocol [ process-id ] [ med med | route-policy route-policy-name ] *

The site must advertise routes to its attached VPN network segments to the MCE device.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141944

Views: 102575

Downloads: 572

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next