Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring BGP/MPLS IP VPNs with Overlapping Address Spaces
Networking Requirements
As shown in Figure 7-43:
- CE1 connects to the headquarters R&D area of a company, and CE2 connects to the branch R&D area. CE1 and CE2 belong to vpna.
- CE3 connects to the headquarters non-R&D area, and CE4 connects to the branch non-R&D area. CE3 and CE4 belong to vpnb.
- TheR&D areas and non-R&D areas use overlapping address spaces.
The company wants to ensure secure communication between the headquarters and branches and isolate the R&D areas from non-R&D areas, without changing the current network deployment.
Configuration Roadmap
The configuration roadmap is as follows:
- Configure OSPF between the P and PEs to ensure IP connectivity on the backbone network.
- Configure basic MPLS capabilities and MPLS LDP on the P and PEs to set up MPLS LSP tunnels for VPN data transmission on the backbone network.
- Configure MP-IBGP on PE1 and PE2 to enable them to exchange VPN routing information.
- Configure VPN instances vpna and vpnb on PE1 and PE2. Set the VPN target of vpna to 100:100 and the VPN target of vpnb to 200:200. This configuration allows users in the same VPN to communicate with each other and isolates users in different VPNs. Bind the VPN instance to the PE interfaces connected to CEs to provide access for VPN users.
- Configure static routes on the CEs and PEs to exchange VPN routing information.
Procedure
- Assign IP addresses to interfaces according to Figure 7-43.
# Configure PE1. The configuration on PE2, P, and CE1 to CE4 is similar to the configuration on PE1 and is not mentioned here.
<Huawei> system-view [Huawei] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] ip address 12.1.1.1 24 [PE1-GigabitEthernet1/0/0] quit
- Configure OSPF on the MPLS backbone network so that the
PEs and Ps can communicate with each other.
# Configure PE1.
[PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure P.
[P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 23.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
# Configure PE2.
[PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 23.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
After the configuration is complete, OSPF neighbor relationships can be set up between PE1, P, and PE2. Run the display ospf peer command. The command output shows that the neighbor status is Full. Run the display ip routing-table command. The command output shows that PEs have learned the routes to Loopback0 of each other.
The information displayed on PE1 is used as an example.
[PE1] display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 LoopBack0 2.2.2.9/32 OSPF 10 1 D 12.1.1.2 GigabitEthernet1/0/0 3.3.3.9/32 OSPF 10 2 D 12.1.1.2 GigabitEthernet1/0/0 12.1.1.0/24 Direct 0 0 D 12.1.1.1 GigabitEthernet1/0/0 12.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 12.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 23.1.1.0/24 OSPF 10 2 D 12.1.1.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 - Configure basic MPLS capabilities and MPLS LDP on the MPLS
backbone network to set up LDP LSPs.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] mpls [PE1-GigabitEthernet1/0/0] mpls ldp [PE1-GigabitEthernet1/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface gigabitethernet 1/0/0 [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] mpls ldp [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet 2/0/0 [P-GigabitEthernet2/0/0] mpls [P-GigabitEthernet2/0/0] mpls ldp [P-GigabitEthernet2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] mpls [PE2-GigabitEthernet2/0/0] mpls ldp [PE2-GigabitEthernet2/0/0] quit
After the configuration is complete, LDP sessions can be set up between PE1 and the P and between the P and PE2. Run the display mpls ldp session command. The command output shows that the Status field is Operational. Run the display mpls ldp lsp command. Information about the established LDP LSPs is displayed.
The information displayed on PE1 is used as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. ------------------------------------------------------------------------------ PeerID Status LAM SsnRole SsnAge KASent/Rcv ------------------------------------------------------------------------------ 2.2.2.9:0 Operational DU Active 0000:00:01 6/6 ------------------------------------------------------------------------------ TOTAL: 1 session(s) Found.
[PE1] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------------------- DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface ------------------------------------------------------------------------------- 1.1.1.9/32 3/NULL 2.2.2.9 127.0.0.1 InLoop0 *1.1.1.9/32 Liberal/1024 DS/2.2.2.9 2.2.2.9/32 NULL/3 - 12.1.1.2 GE1/0/0 2.2.2.9/32 1024/3 2.2.2.9 12.1.1.2 GE1/0/0 3.3.3.9/32 NULL/1025 - 12.1.1.2 GE1/0/0 3.3.3.9/32 1025/1025 2.2.2.9 12.1.1.2 GE1/0/0 ------------------------------------------------------------------------------- TOTAL: 5 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. TOTAL: 0 Frr LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale A '*' before a UpstreamPeer means the session is stale A '*' before a DS means the session is stale A '*' before a NextHop means the LSP is FRR LSP
- Configure VPN instances on PEs and bind the instances to
the interfaces connected to CEs.
# Configure PE1.
[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] ipv4-family [PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:100 [PE1-vpn-instance-vpna-af-ipv4] vpn-target 100:100 export-extcommunity [PE1-vpn-instance-vpna-af-ipv4] vpn-target 100:100 import-extcommunity [PE1-vpn-instance-vpna-af-ipv4] quit [PE1-vpn-instance-vpna] quit [PE1] ip vpn-instance vpnb [PE1-vpn-instance-vpnb] ipv4-family [PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 300:300 [PE1-vpn-instance-vpnb-af-ipv4] vpn-target 200:200 export-extcommunity [PE1-vpn-instance-vpnb-af-ipv4] vpn-target 200:200 import-extcommunity [PE1-vpn-instance-vpnb-af-ipv4] quit [PE1-vpn-instance-vpnb] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] ip binding vpn-instance vpna [PE1-GigabitEthernet2/0/0] ip address 14.1.1.1 255.255.255.0 [PE1-GigabitEthernet2/0/0] quit [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] ip binding vpn-instance vpnb [PE1-GigabitEthernet3/0/0] ip address 14.1.1.1 255.255.255.0 [PE1-GigabitEthernet3/0/0] quit
# Configure PE2.
[PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] ipv4-family [PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:200 [PE2-vpn-instance-vpna-af-ipv4] vpn-target 100:100 export-extcommunity [PE2-vpn-instance-vpna-af-ipv4] vpn-target 100:100 import-extcommunity [PE2-vpn-instance-vpna-af-ipv4] quit [PE2-vpn-instance-vpna] quit [PE2] ip vpn-instance vpnb [PE2-vpn-instance-vpnb] ipv4-family [PE2-vpn-instance-vpnb-af-ipv4] route-distinguisher 400:400 [PE2-vpn-instance-vpnb-af-ipv4] vpn-target 200:200 export-extcommunity [PE2-vpn-instance-vpnb-af-ipv4] vpn-target 200:200 import-extcommunity [PE2-vpn-instance-vpnb-af-ipv4] quit [PE2-vpn-instance-vpnb] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpna [PE2-GigabitEthernet1/0/0] ip address 34.1.1.1 255.255.255.0 [PE2-GigabitEthernet1/0/0] quit [PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] ip binding vpn-instance vpnb [PE2-GigabitEthernet3/0/0] ip address 34.1.1.1 255.255.255.0 [PE2-GigabitEthernet3/0/0] quit
# Assign IP addresses to interfaces on CEs according to Figure 7-43.
# Configure CE1. The configurations of CE2, CE3, and CE4 are similar to the configuration of CE1, and are not mentioned here.
<Huawei> system-view [Huawei] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 14.1.1.2 24 [CE1-GigabitEthernet1/0/0] quit
After the configuration is complete, run the display ip vpn-instance verbose command on the PEs to check the configuration of VPN instances. Each PE can ping its connected CE.
The information displayed on PE1 is used as an example.
[PE1] display ip vpn-instance verbose Total VPN-Instances configured : 2 Total IPv4 VPN-Instances configured : 2 Total IPv6 VPN-Instances configured : 0 VPN-Instance Name and ID : vpna, 1 Interfaces : GigabitEthernet2/0/0 Address family ipv4 Create date : 2012/07/25 00:58:17 UTC+08:00 Up time : 0 days, 22 hours, 24 minutes and 53 seconds Route Distinguisher : 100:100 Export VPN Targets : 100:100 Import VPN Targets : 100:100 Label Policy : label per route Log Interval : 5 VPN-Instance Name and ID : vpnb, 2 Interfaces : GigabitEthernet3/0/0 Address family ipv4 Create date : 2012/07/25 00:58:17 UTC+08:00 Up time : 0 days, 22 hours, 24 minutes and 53 seconds Route Distinguisher : 300:300 Export VPN Targets : 200:200 Import VPN Targets : 200:200 Label Policy : label per route Log Interval : 5
[PE1] ping -vpn-instance vpna 14.1.1.2 PING 14.1.1.2: 56 data bytes, press CTRL_C to break Reply from 14.1.1.2: bytes=56 Sequence=1 ttl=255 time=5 ms Reply from 14.1.1.2: bytes=56 Sequence=2 ttl=255 time=3 ms Reply from 14.1.1.2: bytes=56 Sequence=3 ttl=255 time=3 ms Reply from 14.1.1.2: bytes=56 Sequence=4 ttl=255 time=3 ms Reply from 14.1.1.2: bytes=56 Sequence=5 ttl=255 time=16 ms --- 14.1.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/6/16 ms - Set up an MP-IBGP peer relationship between the PEs.
# Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] ipv4-family vpn-instance vpna [PE1-bgp-vpna] import-route direct [PE1-bgp-vpna] quit [PE1-bgp] ipv4-family vpn-instance vpnb [PE1-bgp-vpnb] import-route direct [PE1-bgp-vpnb] quit [PE1-bgp] quit
# Configure PE2.
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] ipv4-family vpn-instance vpna [PE2-bgp-vpna] import-route direct [PE2-bgp-vpna] quit [PE2-bgp] ipv4-family vpn-instance vpnb [PE2-bgp-vpnb] import-route direct [PE2-bgp-vpnb] quit [PE2-bgp] quit
After the configuration is complete, run the display bgp peer command on the PEs. The command output shows that a BGP peer relationship has been set up between the PEs.
[PE1] display bgp peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.9 4 100 3 3 0 00:01:08 Established 0
- On CE1, CE2, CE3, and CE4, configure static routes to
their connected PEs.
# Configure CE1. The configurations of CE2, CE3, and CE4 are similar to the configuration of CE1, and are not mentioned here.
[CE1] ip route-static 0.0.0.0 0.0.0.0 gigabitethernet 1/0/0 14.1.1.1 - Verify the configuration.
# Run the display ip routing-table vpn-instance command on the PEs to view the routes to the remote CEs.
# The information displayed on PE1 is used as an example.
[PE1] display ip routing-table vpn-instance vpna Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: vpna Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 14.1.1.0/24 Direct 0 0 D 14.1.1.1 GigabitEthernet2/0/0 14.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0 14.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0 34.1.1.0/24 IBGP 255 0 RD 3.3.3.9 GigabitEthernet1/0/0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0[PE1] display ip routing-table vpn-instance vpnb Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: vpnb Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 14.1.1.0/24 Direct 0 0 D 14.1.1.1 GigabitEthernet3/0/0 14.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0 14.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0 34.1.1.0/24 IBGP 255 0 RD 3.3.3.9 GigabitEthernet1/0/0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0# Run the ping 34.1.1.2 command on CE1, and the ping is successful. Run the display interface command on PE2 to view traffic statistics on GE1/0/0 and GE3/0/0. The command output shows that there are packets passing through GE1/0/0 but no packet passing through GE3/0/0. This indicates that the two VPN instances have overlapping address spaces but they are isolated from each other.
Configuration Files
PE1 configuration file
# sysname PE1 # ip vpn-instance vpna ipv4-family route-distinguisher 100:100 vpn-target 100:100 export-extcommunity vpn-target 100:100 import-extcommunity # ip vpn-instance vpnb ipv4-family route-distinguisher 300:300 vpn-target 200:200 export-extcommunity vpn-target 200:200 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls ldp # interface GigabitEthernet1/0/0 ip address 12.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 ip binding vpn-instance vpna ip address 14.1.1.1 255.255.255.0 # interface GigabitEthernet3/0/0 ip binding vpn-instance vpnb ip address 14.1.1.1 255.255.255.0 # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpna import-route direct # ospf 1 area 0.0.0.0 network 12.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 # return
P configuration file
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface GigabitEthernet1/0/0 ip address 12.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 ip address 23.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 12.1.1.0 0.0.0.255 network 23.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return
PE2 configuration file
# sysname PE2 # ip vpn-instance vpna ipv4-family route-distinguisher 200:200 vpn-target 100:100 export-extcommunity vpn-target 100:100 import-extcommunity # ip vpn-instance vpnb ipv4-family route-distinguisher 400:400 vpn-target 200:200 export-extcommunity vpn-target 200:200 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpna ip address 34.1.1.1 255.255.255.0 # interface GigabitEthernet2/0/0 ip address 23.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet3/0/0 ip binding vpn-instance vpnb ip address 34.1.1.1 255.255.255.0 # interface LoopBack0 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpna import-route direct # ipv4-family vpn-instance vpnb import-route direct # ospf 1 area 0.0.0.0 network 23.1.1.0 0.0.0.255 network 3.3.3.9 0.0.0.0 # return
CE1 configuration file
# sysname CE1 # interface GigabitEthernet1/0/0 ip address 14.1.1.2 255.255.255.0 # ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet 1/0/0 14.1.1.1 # return
CE2 configuration file
# sysname CE2 # interface GigabitEthernet1/0/0 ip address 34.1.1.2 255.255.255.0 # ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet 1/0/0 34.1.1.1 # return
CE3 configuration file
# sysname CE3 # interface GigabitEthernet1/0/0 ip address 14.1.1.2 255.255.255.0 # ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet 1/0/0 14.1.1.1 # return
CE4 configuration file
# sysname CE4 # interface GigabitEthernet1/0/0 ip address 34.1.1.2 255.255.255.0 # ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet 1/0/0 34.1.1.1 # return