No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S9300, S9300E, and S9300X V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring VPLS over TE in Martini Mode

Example for Configuring VPLS over TE in Martini Mode

Networking Requirements

Figure 6-34 shows a backbone network built by an enterprise. There are a few branch sites on the backbone network. MPLE TE tunnels can be set up between PEs. Site1 connects to PE1 through CE1 and then connects to the backbone network. Site2 connects to PE2 through CE2 and then connects to the backbone network. Users at Site1 and Site2 need to communicate at Layer 2 and user information needs to be reserved when Layer 2 packets are transmitted over the backbone network.

Figure 6-34  Networking diagram for configuring VPLS over TE in Martini mode

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure transparent transmission of Layer 2 packets over the backbone network using VPLS to enable users at Site1 and Site2 to communicate at Layer 2 and reserve user information when Layer 2 packets are transmitted over the backbone network.

  2. Use Martini VPLS to implement Layer 2 communication between CEs on an enterprise network with few sites.

  3. Configure the IGP routing protocol on the backbone network to implement data transmission on the public network between PEs.

  4. Configure MPLS and LDP on PEs on the backbone network and set up remote LDP sessions on PEs to support VPLS.

  5. Establish tunnels for transmitting data between PEs to prevent data from being known by the public network.

  6. Enable MPLS L2VPN on PEs to implement VPLS.

  7. Configure tunnel policies on PEs and apply the policies to VSIs to implement VPLS based on MPLS TE tunnels.

  8. Create VSIs on PEs, specify LDP as the signaling protocol, and bind VSIs to AC interfaces to implement Martini VPLS.

Procedure

  1. Configure VLANs that interfaces belong to.

    # Configure PE1. The configuration on P, PE2, CE1, and CE2 is similar to the PE1, and is not mentioned here.

    <Quidway> system-view
    [Quidway] sysname PE1
    [PE1] vlan batch 10 20
    [PE1] interface vlanif 20
    [PE1-Vlanif20] ip address 100.1.1.1 255.255.255.0
    [PE1-Vlanif20] quit
    [PE1] interface gigabitethernet 1/0/0
    [PE1-GigabitEthernet1/0/0] port link-type trunk
    [PE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 20
    [PE1-GigabitEthernet1/0/0] quit
    [PE1] interface gigabitethernet 2/0/0
    [PE1-GigabitEthernet2/0/0] port link-type trunk
    [PE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 10
    [PE1-GigabitEthernet2/0/0] quit
    

  2. Configure the IGP protocol. OSPF is used in this example.

    When configuring OSPF, advertise the 32-bit address of the loopback interface (LSR IDs) on PE1, P, and PE2.

    Configure OSPF on PE1, P, and PE2.

    # Configure PE1. The configuration on P and PE2 is similar to the PE1, and is not mentioned here.

    [PE1] interface loopback 1
    [PE1-LoopBack1] ip address 1.1.1.9 255.255.255.255
    [PE1-LoopBack1] quit
    [PE1] ospf 1
    [PE1-ospf-1] area 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255
    [PE1-ospf-1-area-0.0.0.0] quit
    [PE1-ospf-1] quit
    

    After the configuration is complete, run the display ip routing-table command on PE1, P, and PE2. You can view the routes learned by PE1, P, and PE2 from each other.

  3. Enable MPLS, MPLS TE, MPLS RSVP-TE, and MPLS TE Constraint Shortest Path First (CSPF).

    Enable MPLS, MPLS TE, and MPLS RSVP-TE in the system view and interface view of the nodes along the tunnel. In addition, enable MPLS TE CSPF on the ingress.

    # Configure PE1.

    [PE1] mpls lsr-id 1.1.1.9
    [PE1] mpls
    [PE1-mpls] mpls te
    [PE1-mpls] mpls rsvp-te
    [PE1-mpls] mpls te cspf
    [PE1-mpls] quit
    [PE1] interface vlanif 20
    [PE1-Vlanif20] mpls
    [PE1-Vlanif20] mpls te
    [PE1-Vlanif20] mpls rsvp-te
    [PE1-Vlanif20] quit

    # Configure the P.

    [P] mpls lsr-id 2.2.2.9
    [P] mpls
    [P-mpls] mpls te
    [P-mpls] mpls rsvp-te
    [P-mpls] quit
    [P] interface vlanif 20
    [P-Vlanif20] mpls
    [P-Vlanif20] mpls te
    [P-Vlanif20] mpls rsvp-te
    [P-Vlanif20] quit
    [P] interface vlanif 30
    [P-Vlanif30] mpls
    [P-Vlanif30] mpls te
    [P-Vlanif30] mpls rsvp-te
    [P-Vlanif30] quit

    # Configure PE2.

    [PE2] mpls lsr-id 3.3.3.9
    [PE2] mpls
    [PE2-mpls] mpls te
    [PE2-mpls] mpls rsvp-te
    [PE2-mpls] mpls te cspf
    [PE2-mpls] quit
    [PE2] interface vlanif 30
    [PE2-Vlanif30] mpls
    [PE2-Vlanif30] mpls te
    [PE2-Vlanif30] mpls rsvp-te
    [PE2-Vlanif30] quit

  4. Configure OSPF TE on the backbone network.

    # Configure PE1.

    [PE1] ospf
    [PE1-ospf-1] opaque-capability enable
    [PE1-ospf-1] area 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] mpls-te enable
    [PE1-ospf-1-area-0.0.0.0] quit
    [PE1-ospf-1] quit

    # Configure P.

    [P] ospf
    [P-ospf-1] opaque-capability enable
    [P-ospf-1] area 0.0.0.0
    [P-ospf-1-area-0.0.0.0] mpls-te enable
    [P-ospf-1-area-0.0.0.0] quit
    [P-ospf-1] quit

    # Configure PE2.

    [PE2] ospf
    [PE2-ospf-1] opaque-capability enable
    [PE2-ospf-1] area 0.0.0.0
    [PE2-ospf-1-area-0.0.0.0] mpls-te enable
    [PE2-ospf-1-area-0.0.0.0] quit
    [PE2-ospf-1] quit

  5. Configure tunnel interfaces.

    # Create tunnel interfaces on PEs and specify MPLS TE as the tunnel protocol and RSVP-TE as the signaling protocol.

    # Configure PE1.

    [PE1] interface tunnel 1
    [PE1-Tunnel1] ip address unnumbered interface loopback 1
    [PE1-Tunnel1] tunnel-protocol mpls te
    [PE1-Tunnel1] destination 3.3.3.9
    [PE1-Tunnel1] mpls te tunnel-id 100
    [PE1-Tunnel1] mpls te reserved-for-binding
    [PE1-Tunnel1] mpls te commit
    [PE1-Tunnel1] quit
    

    # Configure PE2.

    [PE2] interface tunnel 1
    [PE2-Tunnel1] ip address unnumbered interface loopback 1
    [PE2-Tunnel1] tunnel-protocol mpls te
    [PE2-Tunnel1] destination 1.1.1.9
    [PE2-Tunnel1] mpls te tunnel-id 100
    [PE2-Tunnel1] mpls te reserved-for-binding
    [PE2-Tunnel1] mpls te commit
    [PE2-Tunnel1] quit
    

    After the configuration is complete, run the display this interface command in the tunnel interface view. The command output shows that "Line protocol current state" is Up. It indicates that the MPLS TE tunnel is set up successfully.

    Run the display tunnel-info all command in the system view. You can see that the TE tunnel whose destination address is the MPLS LSR ID of the peer PE exists. The information displayed on PE1 is used as an example.

    [PE1] display tunnel-info all
     * -> Allocated VC Token
    Tunnel ID           Type                 Destination           Token
    ----------------------------------------------------------------------
    0x4                 cr lsp                3.3.3.9                109     
    0x5                 lsp                   3.3.3.9                110   

  6. Configure remote LDP sessions.

    Set up a remote peer session between PE1 and PE2.

    # Configure PE1.

    [PE1] mpls ldp
    [PE1-mpls-ldp] quit
    [PE1] mpls ldp remote-peer 3.3.3.9
    [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
    [PE1-mpls-ldp-remote-3.3.3.9] quit

    # Configure PE2.

    [PE2] mpls ldp
    [PE2-mpls-ldp] quit
    [PE2] mpls ldp remote-peer 1.1.1.9
    [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
    [PE2-mpls-ldp-remote-1.1.1.9] quit

    After the configuration is complete, an LDP session is successfully set up between PEs.

    The information displayed on PE1 is used as an example.

    [PE1] display mpls ldp session
    
     LDP Session(s) in Public Network
     Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
     A '*' before a session means the session is being deleted.
     ------------------------------------------------------------------------------
     PeerID             Status      LAM  SsnRole  SsnAge      KASent/Rcv
     ------------------------------------------------------------------------------
     3.3.3.9:0          Operational DU   Passive  0000:00:06  95/95
     ------------------------------------------------------------------------------
     TOTAL: 1 session(s) Found.

  7. Configure tunnel policies.

    # Configure PE1.

    [PE1] tunnel-policy policy1
    [PE1-tunnel-policy-policy1] tunnel binding destination 3.3.3.9 te tunnel 1
    [PE1-tunnel-policy-policy1] quit

    # Configure PE2.

    [PE2] tunnel-policy policy1
    [PE2-tunnel-policy-policy1] tunnel binding destination 1.1.1.9 te tunnel 1
    [PE2-tunnel-policy-policy1] quit

  8. Enable MPLS L2VPN on PEs.

    # Configure PE1.

    [PE1] mpls l2vpn
    [PE1-l2vpn] quit

    # Configure PE2.

    [PE2] mpls l2vpn
    [PE2-l2vpn] quit

  9. Create VSIs on PEs and configure tunnel policies.

    # Configure PE1.

    [PE1] vsi a2 static
    [PE1-vsi-a2] pwsignal ldp
    [PE1-vsi-a2-ldp] vsi-id 2
    [PE1-vsi-a2-ldp] peer 3.3.3.9 tnl-policy policy1
    [PE1-vsi-a2-ldp] quit
    [PE1-vsi-a2] quit

    # Configure PE2.

    [PE2] vsi a2 static
    [PE2-vsi-a2] pwsignal ldp
    [PE2-vsi-a2-ldp] vsi-id 2
    [PE2-vsi-a2-ldp] peer 1.1.1.9 tnl-policy policy1
    [PE2-vsi-a2-ldp] quit
    [PE2-vsi-a2] quit

  10. Bind interfaces on PEs to VSIs.

    # Configure PE1.

    [PE1] interface vlanif 10
    [PE1-Vlanif10] l2 binding vsi a2
    [PE1-Vlanif10] quit

    # Configure PE2.

    [PE2] interface vlanif 40
    [PE2-Vlanif40] l2 binding vsi a2
    [PE2-Vlanif40] quit

  11. Verify the configuration.

    After the network becomes stable, run the display vsi name a2 verbose command on PE1, and you can see that VSI a2 sets up a PW to PE2, and the status of the VSI is Up.

    [PE1] display vsi name a2 verbose
    
     ***VSI Name               : a2
        Administrator VSI      : no
        Isolate Spoken         : disable
        VSI Index              : 3
        PW Signaling           : ldp
        Member Discovery Style : static
        PW MAC Learn Style     : unqualify
        Encapsulation Type     : vlan
        MTU                    : 1500
        Diffserv Mode          : uniform
        Mpls Exp               : --
        DomainId               : 255
        Domain Name            :
        Ignore AcState         : disable
        P2P VSI                : disable
        Create Time            : 0 days, 0 hours, 30 minutes, 6 seconds
        VSI State              : up
    
        VSI ID                 : 2
       *Peer Router ID         : 3.3.3.9
        Negotiation-vc-id      : 2
        primary or secondary   : primary
        ignore-standby-state   : no
        VC Label               : 1026
        Peer Type              : dynamic
        Session                : up
        Tunnel ID              : 0x4
        Broadcast Tunnel ID    : 0x4
        Broad BackupTunnel ID  : 0x0
        Tunnel Policy Name     : policy1
        CKey                   : 5
        NKey                   : 4
        Stp Enable             : 0
        PwIndex                : 0
        Control Word           : disable 
    
        Interface Name         : Vlanif10
        State                  : up
        Access Port            : false
        Last Up Time           : 2012/08/20 15:11:06
        Total Up Time          : 0 days, 0 hours, 28 minutes, 37 seconds
    
      **PW Information:
    
       *Peer Ip Address        : 3.3.3.9
        PW State               : up
        Local VC Label         : 1026
        Remote VC Label        : 1025
        Remote Control Word    : disable 
        PW Type                : label
        Local  VCCV            : alert lsp-ping bfd
        Remote VCCV            : alert lsp-ping bfd
        Tunnel ID              : 0x4
        Broadcast Tunnel ID    : 0x4
        Broad BackupTunnel ID  : 0x0
        Ckey                   : 0x5
        Nkey                   : 0x4
        Main PW Token          : 0x4
        Slave PW Token         : 0x0
        Tnl Type               : CR-LSP
        OutInterface           : Tunnel1
        Backup OutInterface    :
        Stp Enable             : 0
        PW Last Up Time        : 2012/08/20 15:12:16
        PW Total Up Time       : 0 days, 0 hours, 27 minutes, 27 seconds            

    Run the display mpls lsp include 3.3.3.9 32 verbose command on PE1 to view the status of the LSP to 3.3.3.9/32.

    [PE1] display mpls lsp include 3.3.3.9 32 verbose
    -------------------------------------------------------------------------------
                     LSP Information: RSVP LSP
    -------------------------------------------------------------------------------
    
      No                  :  1
      SessionID           :  100
      IngressLsrID        :  1.1.1.9
      LocalLspID          :  1
      Tunnel-Interface    :  Tunnel1
      Fec                 :  3.3.3.9/32
      TunnelTableIndex    :  0x0
      Nexthop             :  100.1.1.2
      In-Label            :  NULL
      Out-Label           :  1024
      In-Interface        :  ----------
      Out-Interface       :  Vlanif20
      LspIndex            :  2048
      Token               :  0x5
      LsrType             :  Ingress
      Mpls-Mtu            :  1500
      TimeStamp           :  3141sec
      Bfd-State           :  ---
      CBfd-Event          :  0x0
      Bed-State           :  BED STOP
      Bed-LastNotifyValue :  ---
      Bed-LastNotifyLspId :  --- 

    Run the display vsi pw out-interface vsi a2 command on PE1. You can see that the egress interface of the MPLS TE tunnel between 1.1.1.9 and 3.3.3.9 is Tunnel1, and the actual egress interface is VLANIF 20.

    [PE1] display vsi pw out-interface vsi a2
    Total: 1
    --------------------------------------------------------------------------------
    Vsi Name                        peer            vcid       interface
    --------------------------------------------------------------------------------
    a2                              3.3.3.9         2          Tunnel1
                                                                Vlanif20
    

    CE1 and CE2 can ping each other.

    [CE1] ping 10.1.1.2
      PING 10.1.1.2: 56  data bytes, press CTRL_C to break
        Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=1 ms
        Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms
        Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms
        Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms
        Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=1 ms
    
      --- 10.1.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 1/1/1 ms
                                                                                    

    After CE1 pings CE2, run the display interface tunnel 1 command on the PE to view the tunnel interface information, and you can see that the statistics about the packets passing through the interface increase. The information displayed on PE1 is used as an example.

    [PE1] display interface tunnel 1
    Tunnel1 current state : UP
    Line protocol current state : UP
    Last line protocol up time : 2012-08-20 14:50:22
    Description: 
    Route Port,The Maximum Transmit Unit is 1500
    Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32)
    Encapsulation is TUNNEL, loopback not set
    Tunnel destination 3.3.3.9
    Tunnel up/down statistics 1
    Tunnel protocol/transport MPLS/MPLS, ILM is available,
    primary tunnel id is 0x5, secondary tunnel id is 0x0
    Current system time: 2012-08-20 15:54:54+00:00
        300 seconds output rate 0 bits/sec, 0 packets/sec
        0 seconds output rate 0 bits/sec, 0 packets/sec
        1249 packets output,  21526 bytes
        0 output error
        0 output drop
        Input bandwidth utilization  :    0%
        Output bandwidth utilization :    0%
    

Configuration Files

  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.1.1 255.255.255.0
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 20
    #
    mpls lsr-id 1.1.1.9
    mpls
     mpls te
     mpls rsvp-te
     mpls te cspf
    #
    mpls l2vpn
    #
    vsi a2 static
     pwsignal ldp
      vsi-id 2
      peer 3.3.3.9 tnl-policy policy1
    #
    mpls ldp
    #
    mpls ldp remote-peer 3.3.3.9
     remote-ip 3.3.3.9
    #
    interface Vlanif10
     l2 binding vsi a2
    #
    interface Vlanif20
     ip address 100.1.1.1 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    interface Tunnel1
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 3.3.3.9
     mpls te tunnel-id 100
     mpls te reserved-for-binding
     mpls te commit
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 100.1.1.0 0.0.0.255
      mpls-te enable
    #
    tunnel-policy policy1
     tunnel binding destination 3.3.3.9 te Tunnel1
    #
    return
  • P configuration file

    #
    sysname P
    #
    vlan batch 20 30
    #
    mpls lsr-id 2.2.2.9
    mpls
     mpls te
     mpls rsvp-te
    #
    interface Vlanif20
     ip address 100.1.1.2 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface Vlanif30
     ip address 100.2.1.1 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 100.1.1.0 0.0.0.255
      network 100.2.1.0 0.0.0.255
      mpls-te enable
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    vlan batch 30 40
    #
    mpls lsr-id 3.3.3.9
    mpls
     mpls te
     mpls rsvp-te
     mpls te cspf
    #
    mpls l2vpn
    #
    vsi a2 static
     pwsignal ldp
      vsi-id 2
      peer 1.1.1.9 tnl-policy policy1
    #
    mpls ldp
    #
    mpls ldp remote-peer 1.1.1.9
     remote-ip 1.1.1.9
    #
    interface Vlanif30
     ip address 100.2.1.2 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface Vlanif40
     l2 binding vsi a2
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    interface Tunnel1
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 1.1.1.9
     mpls te tunnel-id 100
     mpls te reserved-for-binding
     mpls te commit
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 100.2.1.0 0.0.0.255
      mpls-te enable
    #
    tunnel-policy policy1
     tunnel binding destination 1.1.1.9 te Tunnel1
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 40
    #
    interface Vlanif40
     ip address 10.1.1.2 255.255.255.0
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    return
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000142068

Views: 112414

Downloads: 208

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next