No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - VPN

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring VPLS Convergence

Example for Configuring VPLS Convergence

Networking Requirements

Figure 7-43 is a networking diagram of VPLS convergence on an enterprise network. The enterprise builds the backbone network. SPE1 and SPE2 are core devices on the enterprise network. They are connected to the IP/MPLS core network in the uplink, and connected to the UPE in the downlink. CE1 is an enterprise user, and connects to the VPLS network through the UPE. The UPE needs to be dual-homed to SPE1 and SPE2 and to implement the VPLS convergence function, so that only the active SPE processes user service data in normal cases. The standby SPE processes data when the active SPE fails. This prevents service interruption.

Figure 7-43  Networking diagram for configuring VPLS convergence

Configuration Roadmap

The configuration roadmap is as follows:

  1. Use VPLS convergence to implement Layer 2 communication between CEs based on enterprise network planning requirements.

  2. Configure the IGP routing protocol on the backbone network to enable SPE1, UPE, and SPE2 to transmit data on the public network.

  3. Configure basic MPLS functions and LDP on the UPE and SPEs to support VPLS.

  4. Establish tunnels for transmitting data between PEs to prevent data from being known by the public network.

  5. Enable MPLS L2VPN on PEs to implement VPLS.

  6. Create a VSI on PEs, specify LDP as the signaling protocol, and bind the VSI to the AC interface to implement Martini VPLS between the UPE and SPEs.

  7. Run the mVRRP between SPE1 and SPE2 to preferentially select PE1 to forward traffic.

  8. Configure mVSI on the UPE and bind service PWs to the mVRRP on SPEs to implement VPLS convergence.

NOTE:

In the networking diagram, switch functions as the UPE. Only the configurations on the switch are provided here. Details on how to configure the SPE are not mentioned here.

Procedure

  1. Configure VLANs that interfaces belong to.

    Configure the VLAN that each interface belongs to and assign IP addresses to interfaces on devices.

    # Configure the UPE.

    <HUAWEI> system-view
    [HUAWEI] sysname UPE
    [UPE] vlan batch 10 20 30 40
    [UPE] interface vlanif 10
    [UPE-Vlanif10] ip address 10.1.1.1 255.255.255.0
    [UPE-Vlanif10] quit
    [UPE] interface vlanif 20
    [UPE-Vlanif20] ip address 10.1.2.1 255.255.255.0
    [UPE-Vlanif20] quit
    [UPE] interface gigabitethernet 1/0/0
    [UPE-GigabitEthernet1/0/0] port link-type trunk
    [UPE-GigabitEthernet1/0/0] port trunk allow-pass vlan 30
    [UPE-GigabitEthernet1/0/0] quit
    [UPE] interface gigabitethernet 2/0/0
    [UPE-GigabitEthernet2/0/0] port link-type trunk
    [UPE-GigabitEthernet2/0/0] port trunk allow-pass vlan 10 40
    [UPE-GigabitEthernet2/0/0] quit
    [UPE] interface gigabitethernet 3/0/0
    [UPE-GigabitEthernet3/0/0] port link-type trunk
    [UPE-GigabitEthernet3/0/0] port trunk allow-pass vlan 20 40
    [UPE-GigabitEthernet3/0/0] quit

    Configure VLANs that interfaces belong to and assign IP addresses to interfaces on other Switches by referring to Figure 7-43. The configuration is similar to the configuration on the UPE, and is not mentioned here.

  2. Configure the IGP.

    Configure the IGP on the MPLS backbone network to implement communication between the UPE and SPEs. Note that IS-IS must be enabled on Loopback1.

    Configure IS-IS on the UPE, SPE1, and SPE2.

    # Configure the UPE.

    [UPE] isis 1
    [UPE-isis-1] is-level level-2
    [UPE-isis-1] network-entity 49.0010.0010.0100.1001.00
    [UPE-isis-1] quit
    [UPE] interface loopback 1
    [UPE-LoopBack1] isis enable 1
    [UPE-LoopBack1] quit
    [UPE] interface vlanif 10
    [UPE-Vlanif10] isis enable 1
    [UPE-Vlanif10] quit
    [UPE] interface vlanif 20
    [UPE-Vlanif20] isis enable 1
    [UPE-Vlanif20] quit
    

    The configurations on SPE1 and SPE2 are similar to the configuration on the UPE, and are not mentioned here.

    After the configuration is complete, reachable routes are available between the UPE and SPEs.

  3. Configure MPLS.

    NOTE:

    MPLS TE tunnels are established between the UPE and SPEs.

    1. Enable MPLS, MPLS TE, MPLS RSVP-TE, and MPLS Constraint Shortest Path First (CSPF).

      On the nodes along the MPLS TE tunnel, enable MPLS, MPLS TE, and MPLS RSVP-TE both in the system view and the interface view. On the ingress node of the tunnel, enable MPLS CSPF in the system view. Specify the address of Loopback1 as the LSR ID.

      # Configure the UPE.

      [UPE] mpls lsr-id 1.1.1.1
      [UPE] mpls
      [UPE-mpls] mpls te
      [UPE-mpls] mpls rsvp-te
      [UPE-mpls] mpls te cspf
      [UPE-mpls] quit
      [UPE] interface vlanif 10
      [UPE-Vlanif10] mpls
      [UPE-Vlanif10] mpls te
      [UPE-Vlanif10] mpls rsvp-te
      [UPE-Vlanif10] quit
      [UPE] interface vlanif 20
      [UPE-Vlanif20] mpls
      [UPE-Vlanif20] mpls te
      [UPE-Vlanif20] mpls rsvp-te
      [UPE-Vlanif20] quit
    2. Establish MPLS LDP sessions.

      Establish MPLS LDP sessions between the UPE and SPEs. Specify the IP addresses of LDP remote peers as the MPLS LSR-IDs of remote devices.

      # Configure the UPE.

      [UPE] mpls ldp 
      [UPE-ldp] quit
      [UPE] mpls ldp remote-peer 2.2.2.2
      [UPE-mpls-ldp-remote-2.2.2.2] remote-ip 2.2.2.2
      [UPE-mpls-ldp-remote-2.2.2.2] quit
      [UPE] mpls ldp remote-peer 3.3.3.3
      [UPE-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
      [UPE-mpls-ldp-remote-3.3.3.3] quit

      After the configuration is complete, LDP sessions are established between the UPE and SPEs. Run the display mpls ldp session command, and you can see that the status of the LDP sessions is Operational.

      [UPE] display mpls ldp session
      
       LDP Session(s) in Public Network
       Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
       A '*' before a session means the session is being deleted.
       ------------------------------------------------------------------------------
       PeerID             Status       LAM  SsnRole  SsnAge      KASent/Rcv
       ------------------------------------------------------------------------------
       2.2.2.2:0          Operational DU   Passive  0000:00:00  4/4
       3.3.3.3:0          Operational DU   Passive  0000:00:00  2/2
       ------------------------------------------------------------------------------
       TOTAL: 2 session(s) Found.
    3. Configure IS-IS TE.

      # Configure the UPE.

      [UPE] isis 1
      [UPE-isis-1] cost-style wide
      [UPE-isis-1] traffic-eng level-2
      [UPE-isis-1] quit
    4. Configure tunnel interfaces.

      Create the tunnel interfaces on the UPE and SPEs, and specify MPLS TE as the tunnel protocol and RSVP-TE as the signaling protocol.

      # Configure the UPE.

      [UPE] interface tunnel 1
      [UPE-Tunnel1] ip address unnumbered interface loopback1
      [UPE-Tunnel1] tunnel-protocol mpls te
      [UPE-Tunnel1] destination 2.2.2.2
      [UPE-Tunnel1] description TO SPE1
      [UPE-Tunnel1] mpls te tunnel-id 1
      [UPE-Tunnel1] mpls te commit
      [UPE-Tunnel1] quit
      [UPE] interface tunnel 2
      [UPE-Tunnel2] ip address unnumbered interface loopback1
      [UPE-Tunnel2] tunnel-protocol mpls te
      [UPE-Tunnel2] destination 3.3.3.3
      [UPE-Tunnel2] description TO SPE2
      [UPE-Tunnel2] mpls te tunnel-id 2
      [UPE-Tunnel2] mpls te commit

      After the configuration is complete, run the display ip interface brief command, and you can see that the protocol status of the created tunnel interface is Up.

    5. Configure tunnel policies.

      # Configure the UPE.

      [UPE] tunnel-policy policy1
      [UPE-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1
      [UPE-tunnel-policy-policy1] quit

  4. Configure VPLS.

    1. Create an mVSI on the UPE. The mVSI performs only local exchange.

      The mVRRP packets are exchanged between the SPEs through the mVSI on the UPE.

      # Configure the UPE.

      [UPE] mpls l2vpn
      [UPE-l2vpn] quit
      [UPE] vsi admin-vsi1 static
      [UPE-vsi-admin-vsi1] pwsignal ldp
      [UPE-vsi-admin-vsi1-ldp] vsi-id 10
      [UPE-vsi-admin-vsi1-ldp] quit
      [UPE-vsi-admin-vsi1] admin-vsi
      [UPE-vsi-admin-vsi1] quit
      [UPE] interface vlanif 40
      [UPE-Vlanif40] l2 binding vsi admin-vsi1
      [UPE-Vlanif40] quit
      

      After the configuration is complete, run the display vsi command on the UPE, and you can see that the VSI status is Up.

    2. Configure the service VSI and bind the service interface to the service VSI.

      NOTE:

      The common HVPLS needs to be configured between the UPE and SPEs.

      # Configure the UPE.

      [UPE] vsi biz-vsi1 static
      [UPE-vsi-biz-vsi1] pwsignal ldp
      [UPE-vsi-biz-vsi1-ldp] vsi-id 101
      [UPE-vsi-biz-vsi1-ldp] peer 2.2.2.2 
      [UPE-vsi-biz-vsi1-ldp] peer 3.3.3.3
      [UPE-vsi-biz-vsi1-ldp] quit
      [UPE-vsi-biz-vsi1] quit
      [UPE] interface vlanif 30
      [UPE-Vlanif30] l2 binding vsi biz-vsi1
      [UPE-Vlanif30] quit

      After the configuration is complete, run the display vsi command on the UPE, and you can see that the VSI status is Up.

  5. Bind the service VSI to the mVSI.

    [UPE] vsi biz-vsi1
    [UPE-vsi-biz-vsi1] track admin-vsi admin-vsi1
    [UPE-vsi-biz-vsi1] quit
    [UPE] arp over-vpls enable
    

  6. Verify the configuration.

    Run the display admin-vsi binding command on the UPE, and you can see the binding relationships between the service VSI and the mVSI.

    The information displayed on the UPE is used as an example.

    [UPE] display admin-vsi binding
      Admin-vsi                       Service-vsi
      --------------------------------------------
      admin-vsi1                      biz-vsi1

Configuration Files

  • UPE configuration file

    #
     sysname UPE
    #
     vlan batch 10 20 30 40
    #
     bfd
    #
    mpls lsr-id 1.1.1.1
    mpls
     mpls te
     mpls rsvp-te
     mpls te cspf
    #
    mpls l2vpn
    #
    vsi admin-vsi1 static
     pwsignal ldp
      vsi-id 10
     admin-vsi
    #
    vsi biz-vsi1 static
     pwsignal ldp
      vsi-id 101
      peer 2.2.2.2
      peer 3.3.3.3
     track admin-vsi admin-vsi1
    #
    mpls ldp
    #
    mpls ldp remote-peer 2.2.2.2
     remote-ip 2.2.2.2
    #
    mpls ldp remote-peer 3.3.3.3
     remote-ip 3.3.3.3
    #
    isis 1
     is-level level-2
     cost-style wide
     network-entity 49.0010.0010.0100.1001.00
     traffic-eng level-2
    #
    interface Vlanif 10
     ip address 10.1.1.1 255.255.255.0
     isis enable 1
     mpls
     mpls te
     mpls rsvp-te
    #
    interface Vlanif 20
     ip address 10.1.2.1 255.255.255.0
     isis enable 1
     mpls
     mpls te
     mpls rsvp-te
    #
    interface Vlanif 30
     l2 binding vsi biz-vsi1
    #
    interface Vlanif 40
     l2 binding vsi admin-vsi1
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 10 40
    #
    interface GigabitEthernet3/0/0
     port link-type trunk
     port trunk allow-pass vlan 20 40
    #
    
    interface LoopBack1
     ip address 1.1.1.1 255.255.255.255
     isis enable 1
    #
    interface Tunnel1
     description TO SPE1
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 2.2.2.2
     mpls te tunnel-id 1
     mpls te commit
    #
    interface Tunnel2
     description TO SPE2
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 3.3.3.3
     mpls te tunnel-id 2
     mpls te commit
    #
    tunnel-policy  policy1
     tunnel select-seq  cr-lsp load-balance-number 1
    #
    return
Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178118

Views: 158109

Downloads: 159

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next