No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - VPN

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring BGP AS Number Substitution

Example for Configuring BGP AS Number Substitution

Networking Requirements

As shown in Figure 3-60, CE1 and CE2 belong to the same VPN. CE1 connects to PE1, and CE2 connects to PE2. Both CE1 and CE2 use AS number 600.

The PEs and CEs need to establish EBGP peer relationships to allow communication between VPN users.

Figure 3-60  Networking diagram for configuring BGP AS number substitution

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure OSPF between the P and PEs to ensure IP connectivity on the backbone network.

  2. Configure basic MPLS capabilities and MPLS LDP on the P and PEs to establish MPLS LSP tunnels for VPN data transmission on the backbone network.

  3. Establish MP-IBGP peer relationships between PEs to exchange VPNv4 routes.

  4. Configure a VPN instance and set the VPN target to 1:1 on PE1 and PE2 so that users in the VPN can communicate with each other. Bind the PE interfaces connected to CEs to the corresponding VPN instances to provide access for VPN users.

  5. Establish EBGP peer relationships between PEs and CEs and import routes of the CEs into routing tables of the PEs.

  6. Configure BGP AS number substitution on the PEs to enable them to accept routes with the local AS number.

Procedure

  1. Configure basic BGP/MPLS IP VPN functions.

    The configurations include the following:

    • Configure OSPF on the MPLS backbone network so that the PEs and P can learn the routes to the loopback interface of each other.

    • Configure basic MPLS capabilities and MPLS LDP on the backbone network to establish LDP LSPs on the MPLS backbone network.

    • Establish MP-IBGP peer relationships between PEs to exchange VPNv4 routes.

    • Configure a VPN instance of vpn1 on PE2 and bind the interface connected to CE2 to the VPN instance.

    • Configure a VPN instance of vpn1 on PE1 and bind the interface connected to CE1 to the VPN instance.

    • Establish BGP peer relationships between PE1 and CE1 and between PE2 and CE2 to import routes of the CEs to the PEs.

    For detailed configuration, refer to Example for Configuring BGP/MPLS IP VPN.

    After the configuration is complete, run the display ip routing-table command on CE2 to check the routing table. The routing table on CE2 contains the route to the network segment (10.1.1.0/24) of interface that connects CE1 to PE1 but contains no route to the VPN (192.168.1.0/24) of CE1. This is the same on CE1.

    [CE2] display ip routing-table
    Route Flags: R - relay, D - download to fib
    ------------------------------------------------------------------------------
    Routing Tables: Public
             Destinations : 7        Routes : 7
      Destination/Mask  Proto  Pre  Cost     Flags  NextHop         Interface
           10.1.1.0/24  EBGP   255  0        D      10.2.1.2        Vlanif40
           10.2.1.0/24  Direct 0    0        D      10.2.1.1        Vlanif40
           10.2.1.1/32  Direct 0    0        D      127.0.0.1       Vlanif40
           127.0.0.0/8  Direct 0    0        D      127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct 0    0        D      127.0.0.1       InLoopBack0
        192.168.2.0/24  Direct 0    0        D      192.168.2.1     Vlanif60
        192.168.2.1/32  Direct 0    0        D      127.0.0.1       Vlanif60
    

    Run the display ip routing-table vpn-instance command on the PEs to check the routing table of the VPN instance. The VPN routing table has routes to the VPN of the CEs.

    The information displayed on PE2 is used as an example.

    [PE2] display ip routing-table vpn-instance vpn1
    Route Flags: R - relay, D - download to fib
    ------------------------------------------------------------------------------
    Routing Tables: vpn1
              Destinations : 5        Routes : 5
      Destination/Mask  Proto  Pre  Cost     Flags  NextHop         Interface
           10.1.1.0/24  IBGP   255  0        RD     1.1.1.9         Vlanif30
           10.2.1.0/24  Direct 0    0        D      10.2.1.2        Vlanif40
           10.2.1.2/32  Direct 0    0        D      127.0.0.1       Vlanif40
        192.168.1.0/24  IBGP   255  0        RD     1.1.1.9         Vlanif30
        192.168.2.0/24  EBGP   255  0        D      10.2.1.1        Vlanif40
    

    Run the display bgp routing-table peer received-routes command on CE2. The command output shows that CE2 did not accept the route to 192.168.1.0/24.

    [CE2] display bgp routing-table peer 10.2.1.2 received-routes
                                                                                    
     BGP Local router ID is 10.2.1.1                                                
     Status codes: * - valid, > - best, d - damped,                                 
                   h - history,  i - internal, s - suppressed, S - Stale            
                   Origin : i - IGP, e - EGP, ? - incomplete                        
                                                                                    
                                                                                    
     Total Number of Routes: 2                                                      
          Network            NextHop        MED        LocPrf    PrefVal Path/Ogn   
                                                                                    
     *>   10.1.1.0/24        10.2.1.2                              0      100?      
          10.2.1.0/24        10.2.1.2        0                     0      100?      

  2. Configure BGP AS number substitution.

    Configure BGP AS number substitution on PEs.

    # Configure PE2. PE2 is used as an example.

    [PE2] bgp 100
    [PE2-bgp] ipv4-family vpn-instance vpn1
    [PE2-bgp-vpn1] peer 10.2.1.1 substitute-as
    [PE2-bgp-vpn1] quit
    [PE2-bgp] quit
    

    In the route advertised to CE2 by PE2, the AS path attribute of 192.168.1.0/24 changes from "100 600" to "100 100".

    Feb 22 2013 16:35:18.670.4-08:00 PE2 RM/6/RMDEBUG:
    BGP.vpn1: Send UPDATE to 10.2.1.1 for following destinations :
    
    MP_reach  : AFI/SAFI  1/1 
    Origin    : Incomplete 
    AS Path   : 100 100
    Next Hop  : 10.2.1.2 
    192.168.1.0/24, 

    Check the routing information accepted by CE2 and routing table of CE2.

    [CE2] display bgp routing-table peer 10.2.1.2 received-routes
                                                                                    
     BGP Local router ID is 10.2.1.1                                                
     Status codes: * - valid, > - best, d - damped,                                 
                   h - history,  i - internal, s - suppressed, S - Stale            
                   Origin : i - IGP, e - EGP, ? - incomplete                        
                                                                                    
                                                                                    
     Total Number of Routes: 3                                                      
          Network            NextHop        MED        LocPrf    PrefVal Path/Ogn   
                                                                                    
     *>   10.1.1.0/24        10.2.1.2                              0      100?      
          10.2.1.0/24        10.2.1.2        0                     0      100?      
     *> 192.168.1.0/24       10.2.1.2                              0      100 100?  
    
    [CE2] display ip routing-table
    Route Flags: R - relay, D - download to fib
    ------------------------------------------------------------------------------
    Routing Tables: Public
             Destinations : 8        Routes : 8
      Destination/Mask  Proto  Pre  Cost       Flags  NextHop         Interface
           10.1.1.0/24  EBGP   255  0          D      10.2.1.2        Vlanif40
           10.2.1.0/24  Direct 0    0          D      10.2.1.1        Vlanif40
           10.2.1.1/32  Direct 0    0          D      127.0.0.1       Vlanif40
           127.0.0.0/8  Direct 0    0          D      127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct 0    0          D      127.0.0.1       InLoopBack0
        192.168.1.1/24  EBGP   255  0          D      10.2.1.2        Vlanif40
        192.168.2.0/24  Direct 0    0          D      127.0.0.1       Vlanif60
        192.168.2.1/32  Direct 0    0          D      127.0.0.1       Vlanif60
    

    After configuring BGP AS number substitution on PE1, you can see that CE1 and CE2 can successfully ping each other.

    [CE1] ping -a 192.168.1.1 192.168.2.1
      PING 192.168.2.1: 56  data bytes, press CTRL_C to break
        Reply from 192.168.2.1: bytes=56 Sequence=1 ttl=253 time=109 ms
        Reply from 192.168.2.1: bytes=56 Sequence=2 ttl=253 time=67 ms
        Reply from 192.168.2.1: bytes=56 Sequence=3 ttl=253 time=66 ms
        Reply from 192.168.2.1: bytes=56 Sequence=4 ttl=253 time=85 ms
        Reply from 192.168.2.1: bytes=56 Sequence=5 ttl=253 time=70 ms
      --- 192.168.2.1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 66/79/109 ms

Configuration Files

  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 10 50
    #
    interface Vlanif10
     ip address 10.1.1.1 255.255.255.0
    #
    interface Vlanif50
     ip address 192.168.1.1 255.255.255.0
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 50
    #
    bgp 600
     peer 10.1.1.2 as-number 100
     #
     ipv4-family unicast
      undo synchronization
      import-route direct
      peer 10.1.1.2 enable
    #
    return
  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 20
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls ldp
    #
    interface Vlanif10
     ip binding vpn-instance vpn1
     ip address 10.1.1.2 255.255.255.0
    # 
    interface Vlanif20
     ip address 20.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 20
    #  
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 3.3.3.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 3.3.3.9 enable
     #
     ipv4-family vpn-instance vpn1
      peer 10.1.1.1 as-number 600
      peer 10.1.1.1 substitute-as
      import-route direct
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 20.1.1.0 0.0.0.255
    #
    return
  • P configuration file

    #
    sysname P
    #
    vlan batch 20 30
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls ldp
    #
    interface Vlanif20
     ip address 20.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif30
     ip address 30.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 30
    #  
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 30.1.1.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    vlan batch 30 40
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 3.3.3.9
    mpls
    #
    mpls ldp
    #
    interface Vlanif30
     ip address 30.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     ip binding vpn-instance vpn1
     ip address 10.2.1.2 255.255.255.0
    # 
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 30
    #  
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.9 enable
     #
     ipv4-family vpn-instance vpn1
      peer 10.2.1.1 as-number 600
      peer 10.2.1.1 substitute-as
      import-route direct
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 30.1.1.0 0.0.0.255
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 40 60
    #
    interface Vlanif40
     ip address 10.2.1.1 255.255.255.0
    #
    interface Vlanif60
     ip address 192.168.2.1 255.255.255.0
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 60
    #
    bgp 600
     peer 10.2.1.2 as-number 100
     #
     ipv4-family unicast
      undo synchronization
      import-route direct
      peer 10.2.1.2 enable
    #
    return
Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178118

Views: 159661

Downloads: 159

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next