No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - VPN

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Inter-AS VPN Option B

Example for Configuring Inter-AS VPN Option B

Networking Requirements

As shown in Figure 3-55, CE1 and CE2 belong to the same VPN. CE1 accesses PE1 through AS100, and CE2 accesses PE2 through AS200.

Inter-AS BGP/MPLS IP VPN is implemented through Option B:

  • ASBR-PE1 and ASBR-PE2 exchange VPNv4 routes using MP-EBGP.

  • ASBRs do not filter the VPNv4 routes received from each other based on VPN targets.

Figure 3-55  Networking diagram for configuring inter-AS VPN Option B

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an IGP on the MPLS backbone network to enable the ASBR and PE in the same AS to communicate with each other, and establish MPLS LDP LSPs between the ASBR and PE in the same AS.

  2. Establish an EBGP peer relationship between the PE and CE in the same AS, and establish MP-IBGP peer relationship between the PE and ASBR-PE in the same AS.

  3. Configure VPN instances on the PEs. (No VPN instance needs to be configured on the ASBRs.)

  4. Enable MPLS on the interfaces connecting the ASBRs and establish an MP-EBGP peer relationship between the ASBRs. Configure the ASBRs not to filter received VPNv4 routes based on VPN targets.

Procedure

  1. On the MPLS backbone networks in AS 100 and AS 200, configure an IGP protocol to enable the PEs and ASBRs to communicate with each other.

    Configure OSPF on the backbone networks in AS 100 and AS 200. For detailed configuration, see Example for Configuring Inter-AS VPN Option A.

    NOTE:

    The PEs and ASBRs need to advertise their LSR IDs (32-bit IP addresses of loopback interfaces) using OSPF.

    After the configuration is complete, an OSPF neighbor relationship is established between the ASBR and PE in the same AS. Run the display ospf peer command to verify that the neighbor relationship is in Full state.

    The ASBR-PE and PE in the same AS have obtained the loopback interface address of each other and can ping the loopback interface address of each other.

  2. Configure basic MPLS capabilities and MPLS LDP on the MPLS backbone networks of AS100 and AS200 to establish LDP LSPs.

    For detailed configuration, refer to Example for Configuring Inter-AS VPN Option A.

  3. Configure VPN instances on PEs and bind the interfaces connected to CEs to the VPN instances.

    NOTE:

    The VPN targets of the VPN instances on PE1 and PE2 must match.

    # Configure PE1.

    [PE1] ip vpn-instance vpn1
    [PE1-vpn-instance-vpn1] ipv4-family
    [PE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1
    [PE1-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 export-extcommunity
    [PE1-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 import-extcommunity 
    [PE1-vpn-instance-vpn1-af-ipv4] quit
    [PE1-vpn-instance-vpn1] quit
    [PE1] interface vlanif 10
    [PE1-Vlanif10] ip binding vpn-instance vpn1 
    [PE1-Vlanif10] ip address 10.1.1.2 255.255.255.0
    [PE1-Vlanif10] quit
    

    The configuration on PE2 is similar to the configuration on PE1 and is not mentioned here.

  4. Configure inter-AS VPN Option B.

    # On ASBR-PE1, enable MPLS on VLANIF12. VLANIF12 is the interface connected to ASBR-PE2.

    [ASBR-PE1] interface vlanif 12
    [ASBR-PE1-Vlanif12] mpls
    [ASBR-PE1-Vlanif12] quit

    # On ASBR-PE1, establish an MP-EBGP peer relationship with ASBR-PE2 and disable ASBR-PE1 from filtering VPNv4 routes based on VPN targets.

    [ASBR-PE1] bgp 100
    [ASBR-PE1-bgp] peer 192.1.1.2 as-number 200
    [ASBR-PE1-bgp] ipv4-family vpnv4
    [ASBR-PE1-bgp-af-vpnv4] peer 192.1.1.2 enable
    [ASBR-PE1-bgp-af-vpnv4] undo policy vpn-target
    [ASBR-PE1-bgp-af-vpnv4] quit
    [ASBR-PE1-bgp] quit

    The configuration on ASBR-PE2 is similar to the configuration on ASBR-PE1 and is not mentioned here.

  5. Verify the configurations.

    After the configuration is complete, CE1 and CE2 learn routes to interfaces on each other and can ping each other successfully.

    The information displayed on CE1 is used as an example.

    [CE1] display ip routing-table
    Route Flags: R - relay, D - download to fib
    ------------------------------------------------------------------------------
    Routing Tables: Public
             Destinations : 5        Routes : 5
    Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
           10.1.1.0/24  Direct 0    0             D  10.1.1.1        Vlanif10
           10.1.1.1/32  Direct 0    0             D  127.0.0.1       Vlanif10
           10.2.1.0/24  EBGP   255  0             D  10.1.1.2        Vlanif10
          127.0.0.0/8   Direct 0    0             D  127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct 0    0             D  127.0.0.1       InLoopBack0
    [CE1] ping 10.2.1.1
      PING 10.2.1.1: 56  data bytes, press CTRL_C to break
        Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=252 time=5 ms
        Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=252 time=5 ms
        Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=252 time=5 ms
        Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=252 time=5 ms
        Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=252 time=5 ms
      --- 10.2.1.1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 5/5/5 ms 

    Run the display bgp vpnv4 all routing-table command on the ASBRs to view the VPNv4 routes.

    The information displayed on ASBR-PE1 is used as an example.

    [ASBR-PE1] display bgp vpnv4 all routing-table
                                                                                    
                                                                                    
     BGP Local router ID is 2.2.2.9                                               
     Status codes: * - valid, > - best, d - damped,                                 
                   h - history,  i - internal, s - suppressed, S - Stale            
                   Origin : i - IGP, e - EGP, ? - incomplete                        
                                                                                    
                                                                                    
                                                                                    
     Total number of routes from all PE: 2                                          
     Route Distinguisher: 100:1                                                     
                                                                                    
                                                                                    
          Network            NextHop        MED        LocPrf    PrefVal Path/Ogn   
                                                                                    
     *>i  10.1.1.0/24        1.1.1.9         0          100        0      ?         
                                                                                    
     Route Distinguisher: 200:1                                                     
                                                                                    
                                                                                    
          Network            NextHop        MED        LocPrf    PrefVal Path/Ogn   
                                                                                    
     *>   10.2.1.0/24        192.1.1.2                             0      200?      
    

Configuration Files

  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.1.1 255.255.255.0
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    bgp 65001
     peer 10.1.1.2 as-number 100
     #
     ipv4-family unicast
      undo synchronization
      import-route direct
      peer 10.1.1.2 enable
    #
    return
  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 to 11
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls ldp
    #
    interface Vlanif10
     ip binding vpn-instance vpn1
     ip address 10.1.1.2 255.255.255.0
    #
    interface Vlanif11
     ip address 172.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 11
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100
     peer 2.2.2.9 as-number 100
     peer 2.2.2.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 2.2.2.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 2.2.2.9 enable
     #
     ipv4-family vpn-instance vpn1
      peer 10.1.1.1 as-number 65001
      import-route direct
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • ASBR-PE1 configuration file

    #
    sysname ASBR-PE1
    #
    vlan batch 11 to 12
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls ldp
    #
    interface Vlanif11
     ip address 172.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif12
     ip address 192.1.1.1 255.255.255.0
     mpls
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 11
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 12
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    bgp 100
     peer 192.1.1.2 as-number 200
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 192.1.1.2 enable
      peer 1.1.1.9 enable
     #
     ipv4-family vpnv4
      undo policy vpn-target
      peer 1.1.1.9 enable
      peer 192.1.1.2 enable
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • ASBR-PE2 configuration file

    #
    sysname ASBR-PE2
    #
    vlan batch 12 22
    #
    mpls lsr-id 3.3.3.9
    mpls
    #
    mpls ldp
    #
    interface Vlanif12
     ip address 192.1.1.2 255.255.255.0
     mpls
    #
    interface Vlanif22
     ip address 162.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 22
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 12
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 200
     peer 192.1.1.1 as-number 100
     peer 4.4.4.9 as-number 200
     peer 4.4.4.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 192.1.1.1 enable
      peer 4.4.4.9 enable
     #
     ipv4-family vpnv4
      undo policy vpn-target
      peer 4.4.4.9 enable
      peer 192.1.1.1 enable
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 162.1.1.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    vlan batch 10 22
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 200:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 4.4.4.9
    mpls
    #
    mpls ldp
    #
    interface Vlanif10
     ip binding vpn-instance vpn1
     ip address 10.2.1.2 255.255.255.0
    #
    interface Vlanif22
     ip address 162.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 22
    #
    interface GigabitEthernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface LoopBack1
     ip address 4.4.4.9 255.255.255.255
    #
    bgp 200
     peer 3.3.3.9 as-number 200
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 3.3.3.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 3.3.3.9 enable
     #
     ipv4-family vpn-instance vpn1
      peer 10.2.1.1 as-number 65002
      import-route direct
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.9 0.0.0.0
      network 162.1.1.0 0.0.0.255
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.2.1.1 255.255.255.0
    #
    interface GigabitEthernet1/0/0
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    bgp 65002
     peer 10.2.1.2 as-number 200
     #
     ipv4-family unicast
      undo synchronization
      import-route direct
      peer 10.2.1.2 enable
    #
    return
Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178118

Views: 158073

Downloads: 157

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next