No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S9300, S9300E, and S9300X V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring an MCE IPv6 Device

Example for Configuring an MCE IPv6 Device

Networking Requirements

The headquarters and branch of a company need to communicate through MPLS VPN, and two IPv6 services of the company must be isolated. To reduce hardware costs, the company wants the branch to connect to the PE device through one CE device with high capability.

As shown in Figure 3-8, the networking requirements are as follows:

  • CE1 and CE2 connect to the headquarters. CE1 belongs to vpna, and CE2 belongs to vpnb.
  • The MCE device connects to vpna and vpnb of the branch through SwitchA and SwitchB.
Figure 3-8  MCE IPv6 networking

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure OSPF between PE devices to implement interworking between them and configure MP-IBGP to exchange VPN routing information.
  2. Enable basic MPLS capabilities and MPLS LDP on the PE devices to set up LDP LSPs.
  3. Create VPN instances vpna and vpnb on the MCE and PE devices to isolate services.
  4. Set up EBGP peer relationships between PE1 and local CE devices to exchange VPN routes.
  5. Configure routing between MCE and sites and between MCE and PE2 to exchange VPN routes.

Procedure

  1. Configure OSPF on PE1 and PE2 to implement interworking between them.

    # Configure PE1.

    <Quidway> system-view
    [Quidway] sysname PE1
    [PE1] interface loopback 1
    [PE1-LoopBack1] ip address 1.1.1.9 32
    [PE1-LoopBack1] quit
    [PE1] vlan batch 30
    [PE1] interface gigabitethernet 3/0/3
    [PE1-GigabitEthernet3/0/3] port link-type trunk
    [PE1-GigabitEthernet3/0/3] port trunk allow-pass vlan 30
    [PE1-GigabitEthernet3/0/3] quit
    [PE1] interface vlanif 30
    [PE1-Vlanif30] ip address 172.1.1.1 24
    [PE1-Vlanif30] quit
    [PE1] ospf
    [PE1-ospf-1] area 0
    [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
    [PE1-ospf-1-area-0.0.0.0] quit
    [PE1-ospf-1] quit
    

    The configuration of PE2 is the same as the configuration of PE1.

    After the configuration is complete, PE1 and PE2 can learn the route to Loopback1 of each other.

    Take the display on PE2 as an example:

    [PE2] display ip routing-table
    Route Flags: R - relay, D - download to fib                                   
    ------------------------------------------------------------------------------
    Routing Tables: Public                                                        
             Destinations : 6        Routes : 6   
    
    Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface  
    
            1.1.1.9/32  OSPF    10   1           D   172.1.1.1       Vlanif30  
            2.2.2.9/32  Direct  0    0           D   127.0.0.1       LoopBack1  
          127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0 
          127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0 
          172.1.1.0/24  Direct  0    0           D   172.1.1.2       Vlanif30  
          172.1.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif30  

  2. Enable basic MPLS capabilities and MPLS LDP on the PE devices to set up LDP LSPs between them.

    # Configure PE1.
    [PE1] mpls lsr-id 1.1.1.9
    [PE1] mpls
    [PE1-mpls] quit
    [PE1] mpls ldp
    [PE1-mpls-ldp] quit
    [PE1] interface vlanif 30
    [PE1-Vlanif30] mpls
    [PE1-Vlanif30] mpls ldp
    [PE1-Vlanif30] quit

    The configuration of PE2 is the same as the configuration of PE1.

    After the configuration is complete, run the display mpls ldp session command on the PE devices. You can see that the MPLS LDP session between the PE devices is in Operational state.

    Take the display on PE2 as an example:

    [PE2] display mpls ldp session
    
     LDP Session(s) in Public Network
     Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
     A '*' before a session means the session is being deleted.
    ------------------------------------------------------------------------------
    PeerID             Status      LAM  SsnRole  SsnAge      KASent/Rcv
    ------------------------------------------------------------------------------
    1.1.1.9:0         Operational DU   Active   0000:00:04  2/2 
    ------------------------------------------------------------------------------
     TOTAL: 1 session(s) Found.
    

  3. Enable IPv6. Configure VPN instances on the PE devices. On PE1, bind the VPN instances to the interfaces connected to CE1 and CE2 respectively. On PE2, bind the VPN instances to the interfaces connected to the MCE device.

    # Configure PE1.

    [PE1] ipv6
    [PE1] vlan batch 10 20
    [PE1] interface gigabitethernet 1/0/1
    [PE1-GigabitEthernet1/0/1] port link-type trunk
    [PE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
    [PE1-GigabitEthernet1/0/1] quit
    [PE1] interface gigabitethernet 2/0/2
    [PE1-GigabitEthernet2/0/2] port link-type trunk
    [PE1-GigabitEthernet2/0/2] port trunk allow-pass vlan 20
    [PE1-GigabitEthernet2/0/2] quit
    [PE1] ip vpn-instance vpna
    [PE1-vpn-instance-vpna] ipv6-family
    [PE1-vpn-instance-vpna-af-ipv6] route-distinguisher 100:1
    [PE1-vpn-instance-vpna-af-ipv6] vpn-target 111:1 both
    [PE1-vpn-instance-vpna-af-ipv6] quit
    [PE1-vpn-instance-vpna] quit
    [PE1] ip vpn-instance vpnb
    [PE1-vpn-instance-vpnb] ipv6-family
    [PE1-vpn-instance-vpnb-af-ipv6] route-distinguisher 100:2
    [PE1-vpn-instance-vpnb-af-ipv6] vpn-target 222:2 both
    [PE1-vpn-instance-vpnb-af-ipv6] quit
    [PE1-vpn-instance-vpnb] quit
    [PE1] interface vlanif 10
    [PE1-Vlanif10] ip binding vpn-instance vpna
    [PE1-Vlanif10] ipv6 enable
    [PE1-Vlanif10] ipv6 address 2001::1/64
    [PE1-Vlanif10] quit
    [PE1] interface vlanif 20
    [PE1-Vlanif20] ip binding vpn-instance vpnb
    [PE1-Vlanif20] ipv6 enable
    [PE1-Vlanif20] ipv6 address 2002::1/64
    [PE1-Vlanif20] quit

    # Configure PE2.

    [PE2] ipv6
    [PE2] vlan batch 100 200
    [PE2] interface gigabitethernet 2/0/2
    [PE2-GigabitEthernet2/0/2] port link-type trunk
    [PE2-GigabitEthernet2/0/2] port trunk allow-pass vlan 100 200
    [PE2-GigabitEthernet2/0/2] quit
    [PE2] ip vpn-instance vpna
    [PE2-vpn-instance-vpna] ipv6-family
    [PE2-vpn-instance-vpna-af-ipv6] route-distinguisher 200:1
    [PE2-vpn-instance-vpna-af-ipv6] vpn-target 111:1 both
    [PE2-vpn-instance-vpna-af-ipv6] quit
    [PE2-vpn-instance-vpna] quit
    [PE2] ip vpn-instance vpnb
    [PE2-vpn-instance-vpnb] ipv6-family
    [PE2-vpn-instance-vpnb-af-ipv6] route-distinguisher 200:2
    [PE2-vpn-instance-vpnb-af-ipv6] vpn-target 222:2 both
    [PE2-vpn-instance-vpnb-af-ipv6] quit
    [PE2-vpn-instance-vpnb] quit
    [PE2] interface vlanif 100
    [PE2-Vlanif100] ip binding vpn-instance vpna
    [PE2-Vlanif100] ipv6 enable
    [PE2-Vlanif100] ipv6 address 2007::1/64
    [PE2-Vlanif100] quit
    [PE2] interface vlanif 200
    [PE2-Vlanif200] ip binding vpn-instance vpnb
    [PE2-Vlanif200] ipv6 enable
    [PE2-Vlanif200] ipv6 address 2008::1/64
    [PE2-Vlanif200] quit

  4. Enable IPv6 and configure VPN instances on the MCE device. Bind the vpn instances to the interfaces connected to SwitchA and SwitchB respectively.

    <Quidway> system-view
    [Quidway] sysname MCE
    [MCE] ipv6
    [MCE] vlan batch 60 70 100 200
    [MCE] interface gigabitethernet 1/0/1
    [MCE-GigabitEthernet1/0/1] port link-type trunk
    [MCE-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 200
    [MCE-GigabitEthernet1/0/1] quit
    [MCE] interface gigabitethernet 3/0/3
    [MCE-GigabitEthernet3/0/3] port link-type trunk
    [MCE-GigabitEthernet3/0/3] port trunk allow-pass vlan 60
    [MCE-GigabitEthernet3/0/3] quit
    [MCE] interface gigabitethernet 4/0/4
    [MCE-GigabitEthernet4/0/4] port link-type trunk
    [MCE-GigabitEthernet4/0/4] port trunk allow-pass vlan 70
    [MCE-GigabitEthernet4/0/4] quit
    [MCE] ip vpn-instance vpna
    [MCE-vpn-instance-vpna] ipv6-family
    [MCE-vpn-instance-vpna-af-ipv6] route-distinguisher 100:1
    [MCE-vpn-instance-vpna-af-ipv6] vpn-target 111:1 both
    [MCE-vpn-instance-vpna-af-ipv6] quit
    [MCE-vpn-instance-vpna] quit
    [MCE] ip vpn-instance vpnb
    [MCE-vpn-instance-vpnb] ipv6-family
    [MCE-vpn-instance-vpnb-af-ipv6] route-distinguisher 100:2
    [MCE-vpn-instance-vpnb-af-ipv6] vpn-target 222:2 both
    [MCE-vpn-instance-vpnb-af-ipv6] quit
    [MCE-vpn-instance-vpnb] quit
    [MCE] interface vlanif 60
    [MCE-Vlanif60] ip binding vpn-instance vpna
    [MCE-Vlanif60] ipv6 enable
    [MCE-Vlanif60] ipv6 address 2003::1/64
    [MCE-Vlanif60] quit
    [MCE] interface vlanif 70
    [MCE-Vlanif70] ip binding vpn-instance vpnb
    [MCE-Vlanif70] ipv6 enable
    [MCE-Vlanif70] ipv6 address 2004::1/64
    [MCE-Vlanif70] quit
    [MCE] interface vlanif 100
    [MCE-Vlanif100] ip binding vpn-instance vpna
    [MCE-Vlanif100] ipv6 enable
    [MCE-Vlanif100] ipv6 address 2007::2/64
    [MCE-Vlanif100] quit
    [MCE] interface vlanif 200
    [MCE-Vlanif200] ip binding vpn-instance vpnb
    [MCE-Vlanif200] ipv6 enable
    [MCE-Vlanif200] ipv6 address 2008::2/64
    [MCE-Vlanif200] quit
    

  5. Set up an MP-IBGP peer relationship between PE1 and PE2. Set up an EBGP peer relationship between PE1 and CE1, and between PE1 and CE2.

    # Configure PE1 to set up an MP-IBGP peer relationship between PE1 and PE2.

    [PE1] bgp 100
    [PE1-bgp] router-id 1.1.1.9
    [PE1-bgp] peer 2.2.2.9 as-number 100
    [PE1-bgp] peer 2.2.2.9 connect-interface loopback 1
    [PE1-bgp] ipv6-family vpnv6
    [PE1-bgp-af-vpnv6] peer 2.2.2.9 enable
    [PE1-bgp-af-vpnv6] quit
    [PE1-bgp] quit
    

    The configuration of PE2 is the same as the configuration of PE1.

    # Configure PE1 to set up an EBGP peer relationship between PE1 and CE1, and between PE1 and CE2.

    [PE1] bgp 100
    [PE1-bgp] ipv6-family vpn-instance vpna
    [PE1-bgp6-vpna] peer 2001::2 as-number 65410
    [PE1-bgp6-vpna] quit
    [PE1-bgp] ipv6-family vpn-instance vpnb
    [PE1-bgp6-vpnb] peer 2002::2 as-number 65420
    [PE1-bgp6-vpnb] quit
    [PE1-bgp] quit

    # Configure CE1.

    [CE1] bgp 65410
    [CE1-bgp] peer 2001::1 as-number 100
    [CE1-bgp] ipv6-family unicast
    [CE1-bgp-af-ipv6] peer 2001::1 enable
    [CE1-bgp-af-ipv6] import-route direct
    [CE1-bgp-af-ipv6] quit
    [CE1-bgp] quit

    The configuration of CE2 is the same as the configuration of CE1.

    After the configuration is complete, run the display bgp vpnv6 all peer command on PE1. The command output shows that the PE1 has set up an IBGP peer relationship with PE2 and EBGP peer relationships with CE1 and CE2. All the peer relationships are in Established state.

    [PE1] display bgp vpnv6 all peer
                                              
     BGP local router ID : 1.1.1.9                            
     Local AS number : 100                                                 
     Total number of peers : 3                Peers in established state : 3   
        
      Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv 
       
      2.2.2.9         4         100       11       14     0 00:10:00 Established       0   
     
      Peer of IPv6-family for vpn instance :
     
     VPN-Instance vpna :
      2001::2         4       65410        9       10     0 00:06:51 Established       1 
      
     VPN-Instance vpnb :
      2002::2         4       65420        0        0     0 00:10:31 Established       0

  6. Configure routing between the MCE device and VPN sites.

    # The MCE device directly connects to vpna, and no routing protocol is used in vpna. Configure IPv6 static routes to implement communication between the MCE device and vpna.
    • Configure SwitchA.

      Assign IPv6 address fc00:1::1/64 to the interface connected to vpna.

      <Quidway> system-view
      [Quidway] sysname SwitchA
      [SwitchA] ipv6
      [SwitchA] vlan batch 60 80
      [SwitchA] interface gigabitethernet 1/0/1
      [SwitchA-GigabitEthernet1/0/1] port link-type trunk
      [SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 60
      [SwitchA-GigabitEthernet1/0/1] quit
      [SwitchA] interface vlanif 60
      [SwitchA-Vlanif60] ipv6 enable
      [SwitchA-Vlanif60] ipv6 address 2003::2/64
      [SwitchA-Vlanif60] quit
      [SwitchA] interface gigabitethernet 2/0/2
      [SwitchA-GigabitEthernet2/0/2] port link-type trunk
      [SwitchA-GigabitEthernet2/0/2] port trunk allow-pass vlan 80
      [SwitchA-GigabitEthernet2/0/2] quit
      [SwitchA] interface vlanif 80
      [SwitchA-Vlanif80] ipv6 enable
      [SwitchA-Vlanif80] ipv6 address fc00:1::1 64
      [SwitchA-Vlanif80] quit
      [SwitchA] ipv6 route-static :: 0 2003::1
      
    • Configure the MCE device.

      [MCE] ipv6 route-static vpn-instance vpna fc00:1:: 64 2003::2
    • Check the IPv6 routes of vpna on the MCE device.
      [MCE] display ipv6 routing-table vpn-instance vpna
      Routing Table : vpna                                                            
              Destinations : 6        Routes : 6                                      
                                                                                      
       Destination  : 2003::                          PrefixLength : 64               
       NextHop      : 2003::1                         Preference   : 0                
       Cost         : 0                               Protocol     : Direct           
       RelayNextHop : ::                              TunnelID     : 0x0              
       Interface    : VLANIF60                        Flags        : D                
                                                                                      
       Destination  : 2003::2                         PrefixLength : 128              
       NextHop      : ::1                             Preference   : 0                
       Cost         : 0                               Protocol     : Direct           
       RelayNextHop : ::                              TunnelID     : 0x0              
       Interface    : VLANIF60                        Flags        : D                
                                                                                      
       Destination  : fc00:1::                       PrefixLength : 64          
       NextHop      : 2003::2                         Preference   : 60               
       Cost         : 0                               Protocol     : Static           
       RelayNextHop : ::                              TunnelID     : 0x0              
       Interface    : VLANIF60                        Flags        : RD               
                                                                                      
       Destination  : 2007::                          PrefixLength : 64               
       NextHop      : 2007::2                         Preference   : 0                
       Cost         : 0                               Protocol     : Direct           
       RelayNextHop : ::                              TunnelID     : 0x0              
       Interface    : VLANIF100                       Flags        : D                
                                                                                      
       Destination  : 2007::2                         PrefixLength : 128              
       NextHop      : ::1                             Preference   : 0                
       Cost         : 0                               Protocol     : Direct           
       RelayNextHop : ::                              TunnelID     : 0x0              
       Interface    : VLANIF100                       Flags        : D                
                                                                                      
       Destination  : FE80::                          PrefixLength : 10               
       NextHop      : ::                              Preference   : 0                
       Cost         : 0                               Protocol     : Direct           
       RelayNextHop : ::                              TunnelID     : 0x0              
       Interface    : NULL0                           Flags        : D                
      
      The preceding information shows that the MCE device has a static route to vpna.

    # The RIPng protocol runs in vpnb. Configure RIPng process 200 on the MCE device and bind it to vpnb so that routes learned by RIPng are added to the IPv6 routing table of vpnb.

    • Configure the MCE device.
      [MCE] ripng 200 vpn-instance vpnb
      [MCE-ripng-200] import-route ospfv3 200
      [MCE-ripng-200] quit
      [MCE] interface vlanif 70
      [MCE-Vlanif70] ripng 200 enable
      [MCE-Vlanif70] quit
    • Configure SwitchB.

      Assign IP address fc00:2::1/64 to the interface connected to vpnb.

      <Quidway> system-view
      [Quidway] sysname SwitchB
      [SwitchB] ipv6
      [SwitchB] vlan batch 70 80
      [SwitchB] interface gigabitethernet 1/0/1
      [SwitchB-GigabitEthernet1/0/1] port link-type trunk
      [SwitchB-GigabitEthernet1/0/1] port trunk allow-pass vlan 70
      [SwitchB-GigabitEthernet1/0/1] quit
      [SwitchB] interface vlanif 70
      [SwitchB-Vlanif70] ipv6 enable
      [SwitchB-Vlanif70] ipv6 address 2004::2 64
      [SwitchB-Vlanif70] quit
      [SwitchB] interface gigabitethernet 2/0/2
      [SwitchB-GigabitEthernet2/0/2] port link-type trunk
      [SwitchB-GigabitEthernet2/0/2] port trunk allow-pass vlan 80
      [SwitchB-GigabitEthernet2/0/2] quit
      [SwitchB] interface vlanif 80
      [SwitchB-Vlanif80] ipv6 enable
      [SwitchB-Vlanif80] ipv6 address fc00:2::1 64
      [SwitchB-Vlanif80] quit
      [SwitchB] ripng 200
      [SwitchB-ripng-200] quit
      [SwitchB] interface vlanif 70
      [SwitchB-Vlanif70] ripng 200 enable
      [SwitchB-Vlanif70] quit
      [SwitchB] interface vlanif 80
      [SwitchB-Vlanif80] ripng 200 enable
      [SwitchB-Vlanif80] quit
    • Check the routes of vpnb on the MCE device.
      [MCE] display ipv6 routing-table vpn-instance vpnb                  
      Routing Table : vpnb                                                            
              Destinations : 6        Routes : 6                                      
                                                                                      
       Destination  : 2004::                          PrefixLength : 64               
       NextHop      : 2004::1                         Preference   : 0                
       Cost         : 0                               Protocol     : Direct           
       RelayNextHop : ::                              TunnelID     : 0x0              
       Interface    : VLANIF70                        Flags        : D                
                                                                                      
       Destination  : 2004::1                         PrefixLength : 128              
       NextHop      : ::1                             Preference   : 0                
       Cost         : 0                               Protocol     : Direct           
       RelayNextHop : ::                              TunnelID     : 0x0              
       Interface    : VLANIF70                        Flags        : D                
                                                                                      
       Destination  : fc00:2::                       PrefixLength : 64           
       NextHop      : FE80::225:9EFF:FEFB:A95E        Preference   : 100              
       Cost         : 1                               Protocol     : RIPng            
       RelayNextHop : ::                              TunnelID     : 0x0              
       Interface    : VLANIF70                        Flags        : D                
                                                                                      
       Destination  : 2008::                          PrefixLength : 64               
       NextHop      : 2008::2                         Preference   : 0                
       Cost         : 0                               Protocol     : Direct           
       RelayNextHop : ::                              TunnelID     : 0x0              
       Interface    : VLANIF200                       Flags        : D                
                                                                                      
       Destination  : 2008::2                         PrefixLength : 128              
       NextHop      : ::1                             Preference   : 0                
       Cost         : 0                               Protocol     : Direct           
       RelayNextHop : ::                              TunnelID     : 0x0              
       Interface    : VLANIF200                       Flags        : D                
                                                                                      
       Destination  : FE80::                          PrefixLength : 10               
       NextHop      : ::                              Preference   : 0                
       Cost         : 0                               Protocol     : Direct           
       RelayNextHop : ::                              TunnelID     : 0x0              
       Interface    : NULL0                           Flags        : D                
                                                                               
      The preceding information shows that the MCE device has learned the route to vpnb through RIPng. The route to vpnb and the route to vpna (fc00:2::/64) are maintained in different VPN routing tables so that users in the two VPNs are isolated from each other.

  7. Configure OSPFv3 multi-instance between the MCE device and PE2.

    # Configure PE2.
    NOTE:
    To configure OSPFv3 multi-instance between the MCE device and PE2, complete the following tasks on PE2:
    • In the OSPFv3 view, import BGP routes and advertise VPN routes of PE1 to the MCE device.
    • In the BGP view, import routes of the OSPFv3 processes and advertise the VPN routes of the MCE device to PE1.
    [PE2] ospfv3 100 vpn-instance vpna
    [PE2-ospfv3-100] router-id 3.3.3.3
    [PE2-ospfv3-100] import-route bgp
    [PE2-ospfv3-100] quit
    [PE2] ospfv3 200 vpn-instance vpnb
    [PE2-ospfv3-200] router-id 4.4.4.4
    [PE2-ospfv3-200] import-route bgp
    [PE2-ospfv3-200] quit
    [PE2] interface vlanif 100
    [PE2-Vlanif100] ospfv3 100 area 0
    [PE2-Vlanif100] quit
    [PE2] interface vlanif 200
    [PE2-Vlanif200] ospfv3 200 area 0
    [PE2-Vlanif200] quit
    [PE2] bgp 100
    [PE2-bgp] ipv6-family vpn-instance vpna
    [PE2-bgp-vpna] import-route ospfv3 100
    [PE2-bgp-vpna] quit
    [PE2-bgp] ipv6-family vpn-instance vpnb
    [PE2-bgp-vpnb] import-route ospfv3 200
    [PE2-bgp-vpnb] quit
    # Configure the MCE device.
    NOTE:

    Import VPN routes to the OSPFv3 processes.

    [MCE] ospfv3 100 vpn-instance vpna
    [MCE-ospfv3-100] router-id 1.1.1.1
    [MCE-ospfv3-100] import-route static
    [MCE-ospfv3-100] vpn-instance-capability simple
    [MCE-ospfv3-100] quit
    [MCE] ospfv3 200 vpn-instance vpnb
    [MCE-ospfv3-200] router-id 2.2.2.2
    [MCE-ospfv3-200] import-route ripng 200
    [MCE-ospfv3-200] vpn-instance-capability simple
    [MCE-ospfv3-200] quit
    [MCE] interface vlanif 100
    [MCE-Vlanif100] ospfv3 100 area 0
    [MCE-Vlanif100] quit
    [MCE] interface vlanif 200
    [MCE-Vlanif200] ospfv3 200 area 0
    [MCE-Vlanif200] quit

  8. Verify the configuration.

    After the configuration is complete, run the display ipv6 routing-table vpn-instance command on the MCE device to view the routes to the remote CE devices.

    Take the routing table of vpna as an example:

    [MCE] display ipv6 routing-table vpn-instance vpna
    Routing Table : vpna                                                            
            Destinations : 7        Routes : 7                                      
                                                                                    
     Destination  : 2001::                         PrefixLength : 64          
     NextHop      : FE80::5689:98FF:FE28:8472       Preference   : 150              
     Cost         : 0                               Protocol     : OSPFv3ASE        
     RelayNextHop : ::                              TunnelID     : 0x0              
     Interface    : Vlanif100                       Flags        : D                
                                                                                    
     Destination  : 2003::                          PrefixLength : 64               
     NextHop      : 2003::1                         Preference   : 0                
     Cost         : 0                               Protocol     : Direct           
     RelayNextHop : ::                              TunnelID     : 0x0              
     Interface    : Vlanif60                        Flags        : D                
                                                                                    
     Destination  : 2003::1                         PrefixLength : 128              
     NextHop      : ::1                             Preference   : 0                
     Cost         : 0                               Protocol     : Direct           
     RelayNextHop : ::                              TunnelID     : 0x0              
     Interface    : Vlanif60                        Flags        : D                
                                                                                    
     Destination  : fc00:1::                        PrefixLength : 64               
     NextHop      : 2003::2                         Preference   : 60               
     Cost         : 0                               Protocol     : Static           
     RelayNextHop : ::                              TunnelID     : 0x0              
     Interface    : Vlanif60                        Flags        : RD               
                                                                                    
     Destination  : 2007::                          PrefixLength : 64               
     NextHop      : 2007::2                         Preference   : 0                
     Cost         : 0                               Protocol     : Direct           
     RelayNextHop : ::                              TunnelID     : 0x0              
     Interface    : Vlanif100                       Flags        : D                
                                                                                    
     Destination  : 2007::2                         PrefixLength : 128              
     NextHop      : ::1                             Preference   : 0                
     Cost         : 0                               Protocol     : Direct           
     RelayNextHop : ::                              TunnelID     : 0x0              
     Interface    : Vlanif100                       Flags        : D                
                                                                                    
     Destination  : FE80::                          PrefixLength : 10               
     NextHop      : ::                              Preference   : 0                
     Cost         : 0                               Protocol     : Direct           
     RelayNextHop : ::                              TunnelID     : 0x0              
     Interface    : NULL0                           Flags        : D                
                                                                                    
    

    Run the display ipv6 routing-table vpn-instance command on the PE devices to view the routes to the remote Switch.

    Take the VPN routing table of vpna on PE as an example:

    [PE1] display ipv6 routing-table vpn-instance vpna
    Routing Table : vpna                                                            
            Destinations : 6        Routes : 6                                      
                                                                                    
     Destination  : 2001::                          PrefixLength : 64               
     NextHop      : 2001::1                         Preference   : 0                
     Cost         : 0                               Protocol     : Direct           
     RelayNextHop : ::                              TunnelID     : 0x0              
     Interface    : Vlanif30                        Flags        : D                
                                                                                    
     Destination  : 2001::1                         PrefixLength : 128              
     NextHop      : ::1                             Preference   : 0                
     Cost         : 0                               Protocol     : Direct           
     RelayNextHop : ::                              TunnelID     : 0x0              
     Interface    : Vlanif30                        Flags        : D                
                                                                                    
     Destination  : 2003::                          PrefixLength : 64               
     NextHop      : ::FFFF:2.2.2.9                  Preference   : 255              
     Cost         : 0                               Protocol     : BGP              
     RelayNextHop : ::                              TunnelID     : 0x0              
     Interface    : Vlanif30                        Flags        : RD               
                                                                                    
     Destination  : fc00:1::                       PrefixLength : 64        
     NextHop      : ::FFFF:2.2.2.9                  Preference   : 255              
     Cost         : 0                               Protocol     : BGP              
     RelayNextHop : ::                              TunnelID     : 0x0              
     Interface    : Vlanif30                        Flags        : RD               
                                                                                    
     Destination  : 2007::                          PrefixLength : 64               
     NextHop      : ::FFFF:2.2.2.9                  Preference   : 255              
     Cost         : 0                               Protocol     : BGP              
     RelayNextHop : ::                              TunnelID     : 0x0              
     Interface    : Vlanif30                        Flags        : RD               
                                                                                    
     Destination  : FE80::                          PrefixLength : 10               
     NextHop      : ::                              Preference   : 0                
     Cost         : 0                               Protocol     : Direct           
     RelayNextHop : ::                              TunnelID     : 0x0              
     Interface    : NULL0                           Flags        : D                
                                                                                    
    

    CE1 and SwitchA can communicate with each other. CE2 and SwitchB can communicate with each other.

    CE1 cannot ping CE2 or SwitchB. SwitchA cannot ping CE2 or SwitchB.

Configuration Files

  • CE1 configuration file

    #
    sysname CE1
    #
    ipv6
    #
    vlan batch 10
    #
    interface Vlanif10
     ipv6 enable
     ipv6 address 2001::2/64
    #
    interface GigabitEthernet1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    bgp 65410
     peer 2001::1 as-number 100
     #
     ipv6-family unicast
      undo synchronization
      import-route direct
      peer 2001::1 enable
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    ipv6
    #
    vlan batch 20
    #
    interface Vlanif20
     ipv6 enable
     ipv6 address 2002::2/64
    #
    interface GigabitEthernet1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    bgp 65420
     peer 2002::1 as-number 100
     #
     ipv6-family unicast
      undo synchronization
      import-route direct
      peer 2002::1 enable
    #
    return
  • PE1 configuration file

    #
    sysname PE1
    #
    ipv6
    #
    vlan batch 10 20 30
    #
    ip vpn-instance vpna
     ipv6-family
      route-distinguisher 100:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    ip vpn-instance vpnb
     ipv6-family
      route-distinguisher 100:2
      vpn-target 222:2 export-extcommunity
      vpn-target 222:2 import-extcommunity
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls ldp
    #
    interface Vlanif10
     ip binding vpn-instance vpna
     ipv6 enable
     ipv6 address 2001::1/64
    #
    interface Vlanif20
     ip binding vpn-instance vpnb
     ipv6 enable
     ipv6 address 2002::1/64
    #
    interface Vlanif30
     ip address 172.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface GigabitEthernet2/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface GigabitEthernet3/0/3
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100
     router-id 1.1.1.9
     peer 2.2.2.9 as-number 100
     peer 2.2.2.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 2.2.2.9 enable
     #
     ipv6-family vpnv6
      policy vpn-target
      peer 2.2.2.9 enable
     #
     ipv6-family vpn-instance vpna
      import-route direct
      peer 2001::2 as-number 65410
     #
     ipv6-family vpn-instance vpnb
      import-route direct
      peer 2002::2 as-number 65420
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    ipv6
    #
    vlan batch 30 100 200
    #
    ip vpn-instance vpna
     ipv6-family
      route-distinguisher 200:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    ip vpn-instance vpnb
     ipv6-family 
      route-distinguisher 200:2
      vpn-target 222:2 export-extcommunity
      vpn-target 222:2 import-extcommunity
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls ldp
    #
    ospfv3 100 vpn-instance vpna
     router-id 3.3.3.3
     import-route bgp
    #
    ospfv3 200 vpn-instance vpnb
     router-id 4.4.4.4
     import-route bgp
    #
    interface Vlanif30
     ip address 172.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif100   
     ip binding vpn-instance vpna     
     ipv6 enable
     ipv6 address 2007::1/64
     ospfv3 100 area 0.0.0.0
    #     
    interface Vlanif200            
     ip binding vpn-instance vpnb   
     ipv6 enable
     ipv6 address 2008::1/64
     ospfv3 200 area 0.0.0.0     
    #                                 
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    interface GigabitEthernet1/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface GigabitEthernet2/0/2
     port link-type trunk           
     port trunk allow-pass vlan 100 200  
    #
    bgp 100
     router-id 2.2.2.9
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.9 enable
     #
     ipv6-family vpnv6
      policy vpn-target
      peer 1.1.1.9 enable
     #
     ipv6-family vpn-instance vpna
      import-route ospfv3 100
     #
     ipv6-family vpn-instance vpnb
      import-route ospfv3 200
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • MCE configuration file

    #
    sysname MCE
    #
    ipv6
    #
    vlan batch 60 70 100 200
    #
    ip vpn-instance vpna
     ipv6-family
      route-distinguisher 100:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    ip vpn-instance vpnb
     ipv6-family
      route-distinguisher 100:2
      vpn-target 222:2 export-extcommunity
      vpn-target 222:2 import-extcommunity
    #
    ospfv3 100 vpn-instance vpna
     router-id 1.1.1.1
     import-route static
     vpn-instance-capability simple
    #
    ospfv3 200 vpn-instance vpnb
     router-id 2.2.2.2
     import-route ripng 200
     vpn-instance-capability simple
    #
    ripng 200 vpn-instance vpnb
     import-route ospfv3 200
    #
    interface Vlanif60
     ip binding vpn-instance vpna
     ipv6 enable
     ipv6 address 2003::1/64
    #
    interface Vlanif70
     ip binding vpn-instance vpnb
     ipv6 enable
     ipv6 address 2004::1/64
     ripng 200 enable
    #
    interface Vlanif100
     ip binding vpn-instance vpna
     ipv6 enable
     ipv6 address 2007::2/64
     ospfv3 100 area 0.0.0.0
    #
    interface Vlanif200
     ip binding vpn-instance vpnb
     ipv6 enable
     ipv6 address 2008::2/64
     ospfv3 200 area 0.0.0.0
    #
    interface GigabitEthernet1/0/1
     port link-type trunk   
     port trunk allow-pass vlan 100 200 
    #
    interface GigabitEthernet3/0/3
     port link-type trunk  
     port trunk allow-pass vlan 60 
    #
    interface GigabitEthernet4/0/4
     port link-type trunk   
     port trunk allow-pass vlan 70 
    #
    ipv6 route-static vpn-instance vpna FC00:1:: 64 2003::2
    #
    return
  • SwitchA configuration file

    #
    sysname SwitchA
    #
    ipv6
    #
    vlan batch 60 80
    #
    interface Vlanif60
     ipv6 enable
     ipv6 address 2003::2/64
    #
    interface Vlanif80
     ipv6 enable
     ipv6 address FC00:1::1/64
    #
    interface GigabitEthernet1/0/1
     port link-type trunk  
     port trunk allow-pass vlan 60 
    #
    interface GigabitEthernet2/0/2
     port link-type trunk   
     port trunk allow-pass vlan 80 
    #
    ipv6 route-static :: 0 2003::1
    #
    return
  • SwitchB configuration file

    #
    sysname SwitchB
    #
    ipv6
    #
    vlan batch 70 80
    #
    ripng 200
    #
    interface Vlanif70
     ipv6 enable
     ipv6 address 2004::2/64
     ripng 200 enable
    #
    interface Vlanif80
     ipv6 enable
     ipv6 address FC00:2::1/64
     ripng 200 enable
    #
    interface GigabitEthernet1/0/1
     port link-type trunk 
     port trunk allow-pass vlan 70 
    #
    interface GigabitEthernet2/0/2
     port link-type trunk 
     port trunk allow-pass vlan 80 
    #
    return
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000142068

Views: 120461

Downloads: 212

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next