No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S1720, S2700, S5700, and S6720 V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Static Multi-hop PW

Example for Configuring a Static Multi-hop PW

Networking Requirements

As shown in Figure 6-21, sites in different positions connect to the MPLS network through CE1 and CE2. The SPE has powerful functions, and UPE1 and UPE2 function as access devices and cannot directly establish a remote LDP session. CEs are required to communicate with each other, VLAN data is required to remain unchanged over the carrier network. User sites do not increase. It is required that independent VPN resources can be obtained on the carrier network to ensure data security.

NOTE:

By default, link type negotiation is enabled globally on the device. If a VLANIF interface is used as an AC-side interface for L2VPN, the configuration conflicts with link type negotiation. In this case, run the lnp disable command in the system view to disable link type negotiation.

The lnp disable command has no impact on services before the device restarts. After the device restarts, the device can only forward packets from the VLANs specified by the port default vlan command at Layer 2. The port default vlan 1 command is configured by default, so only packets of VLAN 1 can be forwarded at Layer 2.

Figure 6-21  Networking diagram for configuring a static multi-hop PW

Configuration Roadmap

As the user quantity does not increase, you can configure a static PW to meet users' need for exclusive use of VPN resources on the carrier network. To use hierarchical networking, configure a static multi-hop PW.

The configuration roadmap is as follows:

  1. Configure a common routing protocol on the backbone network so that backbone network devices can communicate.

  2. Configure basic MPLS functions and establish LSPs on the backbone network.

  3. Establish static MPLS L2VC connections on UPEs.

  4. Configure PW switching on the SPE.

Procedure

  1. Configure VLANs that each interface belongs to and assign an IP address to each VLANIF interface according to Figure 6-21.

    CE1 is used as an example.

    # Configure CE1. The configuration on UPE1, UPE2, P1, P2, SPE, and CE2 is similar to the CE1, and is not mentioned here.

    <HUAWEI> system-view
    [HUAWEI] sysname CE1
    [CE1] vlan batch 10
    [CE1] interface vlanif 10
    [CE1-Vlanif10] ip address 192.168.1.1 255.255.255.0
    [CE1-Vlanif10] quit
    [CE1] interface gigabitethernet 0/0/1
    [CE1-GigabitEthernet0/0/1] port link-type trunk
    [CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
    [CE1-GigabitEthernet0/0/1] quit

  2. Configure an IGP protocol on the MPLS backbone network.

    Configure an IGP protocol on the MPLS backbone network. This example uses OSPF.

    When configuring OSPF as shown in Figure 6-21, advertise 32-bit loopback interface addresses of UPE1, SPE, and UPE2.

    UPE1 is used as an example.

    # Configure UPE1. The configuration on UPE2, P1, P2, and SPE is similar to the UPE1, and is not mentioned here.

    [UPE1]  interface loopback 0
    [UPE1-LoopBack0] ip address 1.1.1.9 255.255.255.255
    [UPE1-LoopBack0] quit
    [UPE1] ospf 1
    [UPE1-ospf-1] area 0
    [UPE1-ospf-1-area-0.0.0.0] network 50.1.1.0 0.0.0.255
    [UPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [UPE1-ospf-1-area-0.0.0.0] quit
    [UPE1-ospf-1] quit
    

  3. Configure basic MPLS functions and set up LSP tunnels.

    Configure basic MPLS functions on the MPLS backbone network , and set up LSP tunnels between UPE1 and SPE, and between SPE and UPE2.

    # Configure UPE1. The configuration on UPE2, P1, P2, and SPE is similar to the UPE1, and is not mentioned here.

    [UPE1] mpls lsr-id 1.1.1.9
    [UPE1] mpls
    [UPE1-mpls] mpls ldp
    [UPE1-mpls-ldp] quit
    [UPE1] interface vlanif 20
    [UPE1-Vlanif20] ip address 50.1.1.1 255.255.255.0
    [UPE1-Vlanif20] mpls
    [UPE1-Vlanif20] mpls ldp
    [UPE1-Vlanif20] quit

  4. Create VCs.

    Enable MPLS L2VPN on UPE1, UPE2, and SPE, and set up VCs on UPE1 and UPE2.

    # Configure UPE1. In this example, a VLANIF interface is used as the AC-side interface, so you need to run the lnp disable command in the system view before performing the following steps. If you cannot disable link type negotiation on the live network, do not use a VLANIF interface as the AC-side interface.

    [UPE1] mpls l2vpn
    [UPE1-l2vpn] quit
    [UPE1] pw-template pwt
    [UPE1-pw-template-pwt] peer-address 3.3.3.9
    [UPE1-pw-template-pwt] quit
    [UPE1] interface vlanif 10
    [UPE1-Vlanif10] mpls static-l2vc pw-template pwt 100 transmit-vpn-label 100 receive-vpn-label 100
    [UPE1-Vlanif10] quit

    # Configure SPE.

    [SPE] mpls l2vpn
    [SPE-l2vpn] quit
    [SPE] mpls switch-l2vc 5.5.5.9 100 trans 200 recv 200 between 1.1.1.9 100 trans 100 recv 100 encapsulation vlan

    # Configure UPE2. In this example, a VLANIF interface is used as the AC-side interface, so you need to run the lnp disable command in the system view before performing the following steps. If you cannot disable link type negotiation on the live network, do not use a VLANIF interface as the AC-side interface.

    [UPE2] mpls l2vpn
    [UPE2-l2vpn] quit
    [UPE2] pw-template pwt
    [UPE2-pw-template-pwt] peer-address 3.3.3.9 
    [UPE2-pw-template-pwt] quit
    [UPE2] interface vlanif 60
    [UPE2-Vlanif60] mpls static-l2vc pw-template pwt 100 transmit-vpn-label 200 receive-vpn-label 200
    [UPE2-Vlanif60] quit
    NOTE:

    The transmit-vpn-label configured on the UPE must be consistent with the recv label on the SPE, and the receive-vpn-label configured on the UPE must be consistent with the trans label on the SPE. Otherwise, CEs cannot communicate.

  5. Verify the configuration.

    On PEs, check the L2VPN connections. The result shows that an L2VC connection is set up and is in Up state.

    The display on UPE1 and SPE is used as an example.

    [UPE1] display mpls static-l2vc interface vlanif 10
     *Client Interface     : Vlanif10 is up
      AC Status            : up
      VC State             : up
      VC ID                : 100
      VC Type              : VLAN
      Destination          : 3.3.3.9
      Transmit VC Label    : 100
      Receive VC Label     : 100
      Label Status         : 0
      Token Status         : 0
      Control Word         : Disable
      VCCV Capabilty       : alert lsp-ping bfd
      active state         : active
      Link State           : up
      Tunnel Policy        : --
      PW Template Name     : pwt
      Main or Secondary    : Main
      load balance type    : flow
      Access-port          : false    
      VC tunnel/token info : 1 tunnels/tokens
        NO.0 TNL Type      : lsp   , TNL ID : 0x4800200f
        Backup TNL Type    : lsp   , TNL ID : 0x0 
      Create time          : 0 days, 0 hours, 13 minutes, 7 seconds
      UP time              : 0 days, 0 hours, 10 minutes, 23 seconds
      Last change time     : 0 days, 0 hours, 10 minutes, 23 seconds
      VC last up time      : 2010/11/14 12:31:31
      VC total up time     : 0 days, 2 hours, 12 minutes, 51 seconds
      CKey                 : 2
      NKey                 : 3
      Diffserv Mode        : uniform
      Service Class        : be
      Color                : --
      DomainId             : --
      Domain Name          : --
      BFD for PW           : unavailable
    [SPE] display mpls switch-l2vc
    Total Switch VC : 1, 1 up, 0 down
    
    *Switch-l2vc type             : SVC<---->SVC
     Peer IP Address              : 5.5.5.9, 1.1.1.9
     VC ID                        : 100, 100
     VC Type                      : VLAN
     VC State                     : up
     In/Out Label                 : 200/200, 100/100
     InLabel Status               : 0 , 0
     Control Word                 : Disable, Disable
     VCCV Capability              : alert ttl lsp-ping bfd , alert ttl lsp-ping bfd
     Switch-l2vc tunnel info      :
                                    1 tunnels for peer 5.5.5.9
                                    NO.0  TNL Type : lsp   , TNL ID : 0x48002000
                                    1 tunnels for peer 1.1.1.9
                                    NO.0  TNL Type : lsp   , TNL ID : 0x48002004
     CKey                         : 44, 1                                           
     NKey                         : 43, 3  
     Tunnel policy                : --, --  
     Control-Word transparent     : NO
     Create time                  : 0 days, 0 hours, 12 minutes, 13 seconds
     UP time                      : 0 days, 0 hours, 5 minutes, 16 seconds
     Last change time             : 0 days, 0 hours, 5 minutes, 16 seconds
     VC last up time              : 2010/11/14 12:31:31
     VC total up time             : 0 days, 2 hours, 12 minutes, 51 seconds
    

    CE1 and CE2 can ping each other successfully.

    The display on CE1 is used as an example.

    [CE1] ping 192.168.1.2
      PING 192.168.1.2: 56  data bytes, press CTRL_C to break
        Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time=188 ms
        Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time=187 ms
        Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time=187 ms
        Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time=188 ms
        Reply from 192.168.1.2: bytes=56 Sequence=5 ttl=255 time=188 ms
    
      --- 192.168.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 187/187/188 ms

Configuration Files

  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 192.168.1.1 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • UPE1 configuration file

    The lnp disable command has no impact on services before the device restarts. After the device restarts, the device can only forward packets from the VLANs specified by the port default vlan command at Layer 2. The port default vlan 1 command is configured by default, so only packets of VLAN 1 can be forwarded at Layer 2.

    #
    sysname UPE1
    #
    vlan batch 10 20
    #
    lnp disable
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls l2vpn
    #
    pw-template pwt
     peer-address 3.3.3.9
    #
    mpls ldp
    #
    interface Vlanif10
     mpls static-l2vc pw-template pwt 100 transmit-vpn-label 100 receive-vpn-label 100
    #
    interface Vlanif20
     ip address 50.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface LoopBack0
     ip address 1.1.1.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 50.1.1.0 0.0.0.255
    #
    return
  • P1 configuration file

    #
    sysname P1
    #
    vlan batch 20 30
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls ldp
    #
    interface Vlanif20
     ip address 50.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif30
     ip address 20.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack0
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 50.1.1.0 0.0.0.255
    #
    return
  • SPE configuration file

    #
    sysname SPE
    #
    vlan batch 30 40
    #
    mpls lsr-id 3.3.3.9
    mpls
    #
    mpls l2vpn
    #
    mpls switch-l2vc 5.5.5.9 100 trans 200 recv 200 between 1.1.1.9 100 trans 100 recv 100 encapsulation vlan
    # 
    mpls ldp
    #
    interface Vlanif30
     ip address 20.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     ip address 30.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack0
     ip address 3.3.3.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 30.1.1.0 0.0.0.255
    #
    return
  • P2 configuration file

    #
    sysname P2
    #
    vlan batch 40 50
    #
    mpls lsr-id 4.4.4.9
    mpls
    #
    mpls ldp
    #
    interface Vlanif40
     ip address 30.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif50
     ip address 40.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 50
    #
    interface LoopBack0
     ip address 4.4.4.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.9 0.0.0.0
      network 30.1.1.0 0.0.0.255
      network 40.1.1.0 0.0.0.255
    #
    return
  • UPE2 configuration file

    The lnp disable command has no impact on services before the device restarts. After the device restarts, the device can only forward packets from the VLANs specified by the port default vlan command at Layer 2. The port default vlan 1 command is configured by default, so only packets of VLAN 1 can be forwarded at Layer 2.

    #
    sysname UPE2
    #
    vlan batch 50 60
    #
    lnp disable
    #
    mpls lsr-id 5.5.5.9
    mpls
    #
    mpls l2vpn
    #
    pw-template pwt
     peer-address 3.3.3.9
    #
    mpls ldp
    #
    interface Vlanif50
     ip address 40.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif60
     mpls static-l2vc pw-template pwt 100 transmit-vpn-label 200 receive-vpn-label 200
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 50
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 60
    #
    interface LoopBack0
     ip address 5.5.5.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 5.5.5.9 0.0.0.0
      network 40.1.1.0 0.0.0.255
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 60
    #
    interface Vlanif60
     ip address 192.168.1.2 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 60
    #
    return
Translation
Download
Updated: 2019-04-18

Document ID: EDOC1000141944

Views: 72371

Downloads: 507

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next