No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C00 Configuration Guide - Virtual Access 01

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Deploying a Service Feature

Deploying a Service Feature

This section describes how to deploy service features in virtual access scenarios.

Background

After configuring a virtual access system, deploy service features between a CE on the user side and a master and between a master and a PE on the network side to implement end-to-end service bearing. The following service features are supported in virtual access scenarios:

  • L3VPN

  • VPLS in BD mode

  • L3VPN

  • Layer 3 multicast

  • BGP4+

  • IPoE

  • PPPoE

Pre-configuration Tasks

Before deploying service features, complete the following tasks:

Configuration Procedures

Perform one or more of the following configurations as required.

Deploying L3VPN

This section describes how to deploy L3VPN in a virtual access scenario.

Context

Figure 3-11 shows a typical network where L3VPN is deployed in a virtual access scenario. Before deploying L3VPN, complete the following tasks:

  • Configure an IGP so that the primary and secondary masters interwork with the PE.

  • Configure MPLS TE or MPLS LDP on the masters and PE to provide public network tunnels for L3VPN.

  • Configure L3VPN instances on the masters and PE.

For details, see Configuring a Basic BGP/MPLS IP VPN.

Figure 3-11  Deploying L3VPN in a virtual access scenario

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number [ .subinterface-number ]

    The virtual access interface (or sub-interface) view is displayed.

    A virtual access interface is a virtual agent interface of an AP's external communication interface on a master. For example, GigabitEthernet 1025/1/0/1 indicates that the virtual access interface corresponds to AP 1025's external communication interface GigabitEthernet 1/0/1.

  3. Run:

    ip binding vpn-instance vpn-instance-name

    The virtual access interface is bound to a VPN instance.

  4. Run:

    ip address ip-address { mask | mask-length }

    An IP address is configured for the virtual access interface.

    NOTE:
    • The IP addresses of a virtual access interface and a CE's interface to the virtual access side must be on the same network segment.

    • To prevent route recalculations during a primary/secondary master switchover and implement a rapid switchover, configure the same IP address for the primary and secondary masters' virtual access interfaces that correspond to the AP's same external communication interface.

  5. Run:

    commit

    The configuration is committed.

Checking the Configurations

After deploying L3VPN, check the configurations.

Run the display ip routing-table vpn-instance vpn-instance-name command on a remote PE to check routing information in an L3VPN instance.

Deploying VPLS in BD Mode

This section describes how to deploy VPLS in BD Mode in a virtual access scenario.

Context

Figure 3-12 shows a typical network where VPLS in BD Mode is deployed in a virtual access scenario. Before deploying VPLS in BD mode, complete the following tasks:

  • Configure an IGP so that the primary and secondary masters interwork with the PE.

  • Configure MPLS LDP on the masters and PE to provide public network tunnels for VPWS.

  • Enable MPLS L2VPN on the masters and PE globally.

  • Create VSIs on the masters and PE.

    NOTE:
    The VSIs for BDs must be configured using the vsi bd-mode command.

For details, see Configuring LDP VPLS.

Figure 3-12  Typical network on which a master is configured to carry VPLS services in BD mode

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    bridge-domain bd-id

    A BD is created.

  3. Run:

    commit

    The configuration is committed.

  4. Run:

    quit

    The system view is displayed.

  5. Run:

    interface interface-type interface-number.subnum mode l2

    A virtual access EVC Layer 2 sub-interface is created, and the sub-interface view is displayed.

    A virtual access interface is a virtual agent interface of an AP's external communication interface on a master. For example, GigabitEthernet 1025/1/0/1 indicates that the virtual access interface corresponds to AP 1025's external communication interface GigabitEthernet 1/0/1.

  6. Perform one of the following steps to configure an encapsulation type:

    • To configure default encapsulation, run:
      encapsulation default
    • To configure dot1q encapsulation, run:
      encapsulation dot1q vid low-pe-vid [ to high-pe-vid ]
    • To configure QinQ encapsulation, run:
      encapsulation qinq vid pe-vid ce-vid { low-ce-vid [ to high-ce-vid ] | default }
    • To configure untagged encapsulation, run:
      encapsulation untag

  7. (Optional) Perform one of the following steps to configure a traffic behavior:

    • To add a tag or an outer tag to each packet, run:
      rewrite push vid vid
    • To add two tags to each packet, run:
      rewrite push vid vidce-vid ce-vid
    • To remove a tag or an outer tag from each packet, run:
      rewrite pop single
    • To remove two tags from each packet, run:
      rewrite pop double
    • To map a tag to another tag in each packet, run:
      rewrite map 1-to-1 vid vid
    • To map a tag to two tags, run:
      rewrite map 1-to-2 vid pe-vid ce-vid ce-vid
    • To map the outer tag to a specified tag and leave the inner tag in each packet, run:
      rewrite map 2-to-1 vid vid
    • To map two tags to the specified two tags in each packet, run:
      rewrite map 2-to-2 vid pe-vid ce-vid ce-vid
    • To increase or reduce a tag value based on a specified offset in each packet, run:
      rewrite map offset { decrease | increase } offset-vid
    • To exchange the inner and outer tags carried in each packet, run:
      rewrite swap

  8. Run:

    bridge-domain bd-id

    The virtual access EVC Layer 2 sub-interface is added to a bridge domain.

    bd-id is the BD ID configured in step 2.

  9. Run:

    commit

    The configuration is committed.

  10. Run:

    quit

    The system view is displayed.

  11. Run:

    bridge-domain bd-id

    The BD view is displayed.

  12. Run:

    l2 binding (BD view) vsi vsi-name [ pw-tag pw-tag-value ]

    The BD is bound to a VSI.

    NOTE:
    If the VSI pipe service mode is used, multiple BDs can access the same VSI. In this case, you must specify a PW tag so that the peer BD can receive packets from the BD with the same PW tag.

  13. Run:

    commit

    The configuration is committed.

Follow-up Procedure

When all virtual access sub-interfaces exit the BD, the BD goes Down. By default, when the BD goes Down, the master sends a MAC-Withdraw message with a type of 404 to all peers. When the interface-status-change mac-withdraw enable command has been run and each virtual access sub-interface exits the BD, the master sends a MAC-Withdraw message with a type of 406 to all peers, which decreases device usage efficiency. To improve device performance, perform the following steps to disable the master from sending a MAC-Withdraw message with a type of 404 to all peers when the BD goes Down.

  1. Run:

    systerm-view

    The system view is displayed.

  2. Run:

    vsi vsi-name

    The VSI view is displayed.

  3. Run:

    mac-withdraw bd-status down disable

    The master is disabled from sending a MAC-Withdraw message with a type of 404 to all peers when the BD goes Down.

  4. Run:

    commit

    The configuration is committed.

When the status of a virtual access EVC Layer 2 sub-interface functioning as an AC interface changes, the master sends each peer a MAC-Withdraw message that does not carry the PW tag information. After receiving the MAC-Withdraw message, the peer clears the MAC address information in the VSI based on the type of the MAC-Withdraw message. As a result, the MAC address information in other BDs is incorrectly cleared. To resolve this issue, perform the following steps to configure a MAC-Withdraw message sent by the master to carry the PW tag information. After receiving the MAC-Withdraw message, the peer clears the MAC address information based on a BD, improving forwarding efficiency.

  1. Run:

    systerm-view

    The system view is displayed.

  2. Run:
    interface interface-type interface-number [ .subinterface-number ] mode l2

    The virtual access EVC Layer 2 sub-interface view is displayed.

  3. Run:

    interface-status-change [ up | down ] mac-withdraw enable

    The master is enabled to send a MAC-Withdraw message to all peers when the status of the virtual access EVC Layer 2 sub-interface changes.

  4. Run:

    quit

    Return to the system view.

  5. Run:

    vsi vsi-name

    The VSI view is displayed.

  6. Run:

    mac-withdraw enable

    MAC Withdraw is enabled.

  7. Run:

    mac-withdraw bd pw-tag enable

    A MAC-Withdraw message that the master sends to all peers when the status of the virtual access EVC Layer 2 sub-interface changes or the BD goes Down is enabled to carry the PW tag information.

  8. Run:

    commit

    The configuration is committed.

Checking the Configurations

After deploying VPLS in BD mode, check the configurations.

Run the display vsi command on a master to check information about VSIs.

Deploying VPWS

This section describes how to deploy VPWS in a virtual access scenario.

Context

Figure 3-13 shows a typical network where VPWS is deployed in a virtual access scenario. Before deploying VPWS, complete the following tasks:

  • Configure an IGP so that the primary and secondary masters interwork with the PEs.

  • Configure MPLS TE or MPLS LDP on the masters and PEs to provide public network tunnels for VPWS.

  • Configure PW redundancy in independent mode on PE1 and PE2.

Figure 3-13  Deploying VPWS in a virtual access scenario

Procedure

  1. Configure PW redundancy on the primary and secondary masters.

    For details about the configuration procedure, see Configuring PW Redundancy. The precautions are as follows:

    • Use the virtual access interfaces on the primary and secondary masters as AC-side interfaces.

    • Configure PW redundancy in independent mode.

    • Configure a bypass PW between the primary and secondary masters to prevent traffic loss during a primary/secondary switchover.

Checking the Configurations

After deploying VPWS, perform the following operation to check the configurations:

Run the display mpls l2vc command on a remote PE to check information about the PWs from the PE to the primary and secondary masters.

Deploying Layer 3 Multicast

This section describes how to deploy Layer 3 multicast in virtual access scenarios.

Background

IP multicast enables a data stream to be sent to a group of users in a single transmission. Services matching the point-to-multipoint (P2MP) mode can be carried over multicast. As shown in Figure 3-14, the virtual access system is equivalent to a PE on a multicast network. The CE on the user side connects to the masters through the AP, and the masters directly connect to the PE on the network side. To deploy Layer 3 multicast, configure IGMP and PIM between the CE and the masters, and configure PIM between the masters and the PE. The procedure for configuring PIM between the masters and the PE is the same as that used in common scenarios. For details, see PIM Configuration. This section describes how to configure IGMP and PIM between the CE and the masters.

NOTE:

You can also deploy NG MVPN on the network side. For details, see IPv4 Multicast VPN Configuration in NG MVPN Mode.

Figure 3-14  Deploy Layer 3 multicast in virtual access scenarios

Procedure

  1. Configure IGMP.

    For configuration details, see IGMP Configuration. All configurations on user-side interfaces are performed on the masters' corresponding virtual access interfaces.

  2. Configure PIM.

    For configuration details, see PIM Configuration. PIM is enabled on the masters' corresponding virtual access interfaces.

Checking the Configurations

For details, see "Checking the Configurations" in IGMP Configuration and PIM Configuration.

Deploying BGP4+

This section describes how to deploy BGP4+ in virtual access scenarios.

Background

Border Gateway Protocol for IPv6 (BGP4+) is a dynamic routing protocol used between autonomous systems (ASs) on an IPv6 network. BGP4+ uses BGP's multi-protocol extensions. A virtual access system is equivalent to a PE on an IPv6 network. The CE on the user side connects to a master through the AP, and the master directly connects to the PE on the network side. Deploying BGP4+ requires BGP4+ peer relationships to be established between the CE and the master and between the master and the PE, implementing the bearing of services, such as IPv6 public network unicast and BGP/MPLS IPv6 VPN services. Typical service scenarios are as follows:

  • Bearing of IPv6 public network unicast services. In this scenario, BGP IPv6 peer relationships must be established between the CE and master and between the master and PE.

  • Bearing of BGP/MPLS IPv6 VPN services. In this scenario, a BGP IPv6 peer relationship must be established between the CE and master in a VPN instance, and a BGP VPNv6 peer relationship must be established between the master and PE.

Typical networking scenarios for BGP4+ deployment are as follows:

  • A CE is single-homed to an AP over a physical link, and the AP is single-homed to a master.


  • A CE is single-homed to an AP through a trunk interface, and the AP is single-homed to a master.


  • A CE is dual-homed to two APs through a trunk interface, and each AP is single-homed to a master. The trunk interface must work in static LACP mode, and the maximum number of member interfaces in the Up state must be set to 1. This scenario supports only the 1:1 master/backup mode.


  • A CE is single-homed to an AP over a physical link, and the AP is dual-homed to the primary and secondary masters. No direct link exists between the primary and secondary masters. The following scenarios are involved:

    • When different IPv6 addresses are assigned to virtual access interfaces on the primary and secondary masters, the CE establishes different BGP4+ peer relationships with the two masters.

    • When the same IPv6 address is assigned to virtual access interfaces on the primary and secondary masters, the CE establishes the same BGP4+ peer relationship with the two masters.

    In normal cases, the CE can establish a BGP4+ peer relationship with only the primary master, because the secondary master's virtual access interface is blocked. If a primary/secondary master switchover occurs, the secondary master's virtual access interface is unblocked, allowing the CE to establish a BGP4+ peer relationship with the secondary master.


The procedure for configuring BGP4+ between the masters and the PE is the same as that in common scenarios. For details, see BGP4+ Configuration. This section describes how to configure BGP4+ between the CE and a master.

Procedure

  1. Configure basic IPv6 functions on a CE and master.

    On a CE, configure basic IPv6 functions on the interface that directly connects the CE to an AP. On a master, configure basic IPv6 functions on the corresponding virtual access interface. For details about the configuration procedure, see Basic IPv6 Configuration.

  2. Configure basic BGP4+ functions on the CE and master.

    Enable BGP and establish BGP IPv6 peer relationships on the CE and master. For details about the configuration procedure, see Configuring Basic BGP4+ Functions.

  3. Configure other BGP4+ functions on the CE and master.

    Configure other BGP4+ functions on the CE and master. Such configuration includes configuring the import and advertisement of BGP4+ routing information and controlling BGP4+ route selection. For details about the configuration procedure, see BGP4+ Configuration.

Checking the Configurations

For details, see "Checking the Configurations" in BGP4+ Configuration.

Configuring IPoE Access on a Master

After establishing a virtual access system, you can configure IPoE access on a master.

Prerequisites

Before configuring IPoE access, establish a virtual access system.

Usage Scenario

Figure 3-15  IPoE access in a virtual access system

Configuration Procedures

To configure the IPoE access service, perform the following procedures.

Figure 3-16  Configuration procedures for IPoE in a virtual access system
NOTE:

Configuring an AAA scheme, Configuring an IPv4 address pool, Configuring a domain are not provided here because all the procedures are described in other chapters.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. (Optional)Run:

    access four-dimensional mode enable

    The NE40E interworks with an external device in four-dimensional mode.

    After the access four-dimensional mode enable command is run, the AP ID is added before the slot ID if the slot ID is involved in the RADIUS attribute format. For example, the format of the NAS-Port-Id (87) attribute is slot ID/port number[vpi-vci VPI VCI | vlan-id [ivlan:]evlan] [pppoe sess-id | clips sess-id] before the command is run or is ap-id (5 bits)/slot ID/port number[vpi-vci VPI VCI | vlan-id [ivlan:]evlan] [pppoe sess-id | clips sess-id] after the command is run.

  3. Run:

    interface interface-type interface-number [ .subinterface-number ]

    The virtual access interface (or sub-interface) view is displayed.

    A virtual access interface is a virtual agent interface of an AP's external communication interface on a master. For example, GigabitEthernet 1025/1/0/1 indicates that the virtual access interface corresponds to AP 1025's external communication interface GigabitEthernet 1/0/1.

  4. (Optional)Run:

    commit

    The configuration is committed.

    This step is required if the virtual access sub-interface view is displayed.

  5. (Optional)Run:

    user-vlan { { start-vlan-id [ end-vlan-id ] [ qinq start-pe-vlan [ end-pe-vlan ] ] } | any-other }

    User VLANs are created.

    This step is required if the virtual access sub-interface view is displayed.Then run the quit command, the virtual access sub-interface view is displayed.

  6. Run:

    bas

    A BAS interface is created, and the BAS interface view is displayed.

  7. Run:

    access-type layer2-subscriber [ default-domain { pre-authentication predname  | authentication [ force | replace ] domain-name } * | bas-interface-name bname | accounting-copy radius-server radius-name ] *

    The access type is set to Layer 2 subscriber access and the attributes of this access type are configured.

  8. Run:

    authentication-method bind

    Bind authentication is configured.

Configuring PPPoE Access on a Master

After establishing a virtual access system, you can configure PPPoE access on a master.

Prerequisites

Before configuring PPPoE access, establish a virtual access system.

Usage Scenario

Figure 3-17  PPPoE access in a virtual access system

Configuration Procedures

To configure the PPPoE access service, perform the following procedures.

Figure 3-18  Configuration procedures for PPPoE in a virtual access system
NOTE:

Configuring an AAA scheme, Configuring a RADIUS Server, Configuring an IPv4 address pool, Configuring a domain and Configuring a VT are not provided here because all the procedures are described in other chapters.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. (Optional)Run:

    access four-dimensional mode enable

    The NE40E interworks with an external device in four-dimensional mode.

    After the access four-dimensional mode enable command is run, the AP ID is added before the slot ID if the slot ID is involved in the RADIUS attribute format. For example, the format of the NAS-Port-Id (87) attribute is slot ID/port number[vpi-vci VPI VCI | vlan-id [ivlan:]evlan] [pppoe sess-id | clips sess-id] before the command is run or is ap-id (5 bits)/slot ID/port number[vpi-vci VPI VCI | vlan-id [ivlan:]evlan] [pppoe sess-id | clips sess-id] after the command is run.

  3. Run:

    interface interface-type interface-number [ .subinterface-number ]

    The virtual access interface (or sub-interface) view is displayed.

    A virtual access interface is a virtual agent interface of an AP's external communication interface on a master. For example, GigabitEthernet 1025/1/0/1 indicates that the virtual access interface corresponds to AP 1025's external communication interface GigabitEthernet 1/0/1.

  4. (Optional)Run:

    commit

    The configuration is committed.

    This step is required if the virtual access sub-interface view is displayed.

  5. (Optional)Run:

    pppoe-server bind virtual-template virtual-template-number
    

    A VT is bound to the interface. By default, no VT is bound to any interface for PPPoE access. However, if BAS is enabled on an interface not bound to any VT, it is bound to VT0 by default.

  6. (Optional)Run:

    user-vlan { { start-vlan-id [ end-vlan-id ] [ qinq start-pe-vlan [ end-pe-vlan ] ] } | any-other }

    User VLANs are created.

    This step is required if the virtual access sub-interface view is displayed.Then run the quit command, the virtual access sub-interface view is displayed.

  7. Run:

    bas

    A BAS interface is created, and the BAS interface view is displayed.

  8. Run:

    access-type layer2-subscriber [ default-domain { pre-authentication predname  | authentication [ force | replace ] domain-name } * | bas-interface-name bname | accounting-copy radius-server radius-name ] *

    The access type is set to Layer 2 subscriber access and the attributes of this access type are configured.

  9. (Optional)Run:

    authentication-method ppp

    PPP authentication is configured.

Download
Updated: 2018-07-12

Document ID: EDOC1100028541

Views: 7340

Downloads: 92

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next