No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Inter-AS PWE3 Option A

Example for Configuring Inter-AS PWE3 Option A

Networking Requirements

As shown in Figure 11-16, the MPLS network of an ISP provides the L2VPN service for users. PE1 becomes to AS 100 and PE2 belongs to AS 200. Many users connect to the MPLS network through PE1 and PE2, and many new users will connect to the PEs in the future. A proper VPN solution is required to provide secure VPN services for users, save network resources, and simplify configuration when new users connect to the network.

Figure 11-16  Networking diagram for configuring inter-AS PWE3 Option A

MPLS backbone networks in the same AS use IS-IS as the IGP protocol.

Configuration Roadmap

The PEs connect to different ASs (AS 100 and AS 200) of the ISP, so an inter-AS VPN solution is required. To simplify configuration when new users connect to the network and save network resources, PWE3 Option A is recommended to meet the customer requirements.

The configuration roadmap is as follows:

  1. Run an IGP protocol on the backbone network so that devices in an AS can communicate.

  2. Configure basic MPLS functions on the backbone network and establish a dynamic LSP between the PE and ASBR-PE in the same AS. Establish a remote LDP session if the PE and ASBR-PE are not directly connected.

  3. Establish an MPLS L2VC between the PE and ASBR-PE in the same AS.

Procedure

  1. Configure an IP address for each interface on the devices according to Figure 11-16. CE1 is used as an example.

    # Configure CE1. The configuration on PE1, ASBR-PE1, ASBR-PE2, PE2, and CE2 is similar to the configuration on CE1 and is not mentioned here.

    <Huawei> system-view
    [Huawei] sysname CE1
    [CE1] interface gigabitethernet 1/0/0
    [CE1-GigabitEthernet1/0/0] ip address 100.1.1.1 255.255.255.0
    [CE1-GigabitEthernet1/0/0] quit

  2. Configure an IGP protocol and Loopback address on the MPLS backbone network.

    # Configure PE1. The configuration on ASBR-PE1, ASBR-PE2,and PE2 is similar to the configuration on PE1 and is not mentioned here.

    [PE1] interface loopback 0
    [PE1-LoopBack0] ip address 1.1.1.9 255.255.255.255
    [PE1-LoopBack0] quit
    [PE1] isis 1
    [PE1-isis-1] network-entity 10.0000.0000.0001.00
    [PE1-isis-1] quit
    

    After the configuration is complete, the IS-IS neighbor relationship can be established between the ASBR-PE and PE in the same AS. Run the display isis peer command. The command output shows that the neighbor relationship is Up.

    Run the display ip routing-table command. The command output shows that the PE and ASBR-PE in the same AS can learn the routes to the loopback interface of each other.

    The ASBR-PE and PE in the same AS can ping each other successfully.

  3. Enable MPLS and configure a dynamic LSP.

    Configure basic MPLS functions on the MPLS backbone network. Establish a dynamic LDP LSP between the PE and ASBR-PE in the same AS.

    # Configure PE1. The configuration on ASBR-PE1, ASBR-PE2,and PE2 is similar to the configuration on PE1 and is not mentioned here.

    [PE1] mpls lsr-id 1.1.1.9
    [PE1] mpls
    [PE1-mpls] quit
    [PE1] mpls ldp
    [PE1-mpls-ldp] quit
    [PE1] interface gigabitethernet 2/0/0
    [PE1-GigabitEthernet2/0/0] ip address 10.1.1.1 255.255.255.0
    [PE1-GigabitEthernet2/0/0] mpls
    [PE1-GigabitEthernet2/0/0] mpls ldp
    [PE1-GigabitEthernet2/0/0] quit

    After this step is performed, an LSP tunnel is established between the PE and ASBR-PE in the same AS.

  4. Configure MPLS L2VCs.

    Configure the L2VC on the PE and ASBR-PE and connect the PE to the CE.

    # Configure PE1.

    [PE1] mpls l2vpn
    [PE1-l2vpn] quit
    [PE1] interface gigabitethernet 1/0/0
    [PE1-GigabitEthernet1/0/0] mpls l2vc 2.2.2.9 100
    [PE1-GigabitEthernet1/0/0] quit

    # Configure ASBR-PE1.

    [ASBR-PE1] mpls l2vpn
    [ASBR-PE1-l2vpn] quit
    [ASBR-PE1] interface gigabitethernet 2/0/0
    [ASBR-PE1-GigabitEthernet2/0/0] mpls l2vc 1.1.1.9 100
    [ASBR-PE1-GigabitEthernet2/0/0] quit

    # Configure ASBR-PE2.

    [ASBR-PE2] mpls l2vpn
    [ASBR-PE2-l2vpn] quit
    [ASBR-PE2] interface gigabitethernet 1/0/0
    [ASBR-PE2-GigabitEthernet1/0/0] mpls l2vc 4.4.4.9 100
    [ASBR-PE2-GigabitEthernet1/0/0] quit

    # Configure PE2.

    [PE2] mpls l2vpn
    [PE2-l2vpn] quit
    [PE2] interface gigabitethernet 2/0/0
    [PE2-GigabitEthernet2/0/0] mpls l2vc 3.3.3.9 100
    [PE2-GigabitEthernet2/0/0] quit

  5. Verify the configuration.

    # Run the following command to check information about the L2VPN connection on the PEs. The command output shows that an L2VC is set up and the VC status is Up.

    # The display on PE1 is used as an example.

    [PE1] display mpls l2vc interface gigabitethernet 1/0/0
    *client interface        : GigabitEthernet1/0/0 is up
      Administrator PW       : no
      session state          : up
      AC status              : up
      Ignore AC state        : disable
      VC state               : up
      Label state            : 0
      Token state            : 0
      VC ID                  : 100
      VC type                : Ethernet
      destination            : 2.2.2.9
      local group ID         : 0            remote group ID      : 0
      local VC label         : 21505        remote VC label      : 21506
      local AC OAM State     : up
      local PSN OAM State    : up
      local forwarding state : forwarding
      local status code      : 0x0 
      remote AC OAM state    : up
      remote PSN OAM state   : up
      remote forwarding state: forwarding
      remote status code     : 0x0 
      ignore standby state   : no
      BFD for PW             : unavailable
      VCCV State             : up
      manual fault           : not set
      active state           : active
      forwarding entry       : exist
      link state             : up
      local VC MTU           : 1500         remote VC MTU        : 1500
      local VCCV             : alert ttl lsp-ping bfd
      remote VCCV            : alert ttl lsp-ping bfd
      local control word     : disable      remote control word  : disable
      tunnel policy name     : --
      PW template name       : --
      primary or secondary   : primary
      load balance type      : flow
      Access-port            : false
      Switchover Flag        : false
      VC tunnel/token info   : 1 tunnels/tokens
        NO.0  TNL type       : lsp   , TNL ID : 0x20021
        Backup TNL type      : lsp   , TNL ID : 0x0
      create time            : 0 days, 0 hours, 8 minutes, 8 seconds
      up time                : 0 days, 0 hours, 7 minutes, 26 seconds
      last change time       : 0 days, 0 hours, 7 minutes, 26 seconds
      VC last up time        : 2013/12/04 17:17:07
      VC total up time       : 0 days, 2 hours, 12 minutes, 51 seconds
      CKey                   : 8                                    
      NKey                   : 7                                    
      PW redundancy mode     : frr                                  
      AdminPw interface      : --                                   
      AdminPw link state     : --                                   
      Diffserv Mode          : uniform                              
      Service Class          : --                                   
      Color                  : --                                   
      DomainId               : --                                   
      Domain Name            : -- 

    # CE1 and CE2 can ping each other successfully.

    The display on CE1 is used as an example.

    [CE1] ping 100.1.1.2
      PING 100.1.1.2: 56  data bytes, press CTRL_C to break
        Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=430 ms
        Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=220 ms
        Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=190 ms
        Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=190 ms
        Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=190 ms
    
      --- 100.1.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 190/244/430 ms

Configuration Files

  • Configuration file of CE1

    #
    sysname CE1
    #
    interface GigabitEthernet1/0/0
     ip address 100.1.1.1 255.255.255.0
    #
    return
  • Configuration file of PE1

    #
    sysname PE1
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls l2vpn
    #
    mpls ldp
    #
    isis 1
     network-entity 10.0000.0000.0001.00
    #
    interface GigabitEthernet1/0/0
     mpls l2vc 2.2.2.9 100
    #
    interface GigabitEthernet2/0/0
     ip address 10.1.1.1 255.255.255.0
     isis enable 1
     mpls
     mpls ldp
    #
    interface LoopBack0
     ip address 1.1.1.9 255.255.255.255
     isis enable 1
    #
    return
  • Configuration file of ASBR-PE1

    #
    sysname ASBR-PE1
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls l2vpn
    #
    mpls ldp
    #
    isis 1
     network-entity 10.0000.0000.0002.00
    #
    interface GigabitEthernet1/0/0
     ip address 10.1.1.2 255.255.255.0
     isis enable 1
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     mpls l2vc 1.1.1.9 100
    #
    interface LoopBack0
     ip address 2.2.2.9 255.255.255.255
     isis enable 1
    #
    return
  • Configuration file of ASBR-PE2

    #
    sysname ASBR-PE2
    #
    mpls lsr-id 3.3.3.9
    mpls
    #
    mpls l2vpn
    #
    mpls ldp
    #
    isis 1
     network-entity 10.0000.0000.0003.00
    #
    interface GigabitEthernet1/0/0
     mpls l2vc 4.4.4.9 100
    #
    interface GigabitEthernet2/0/0
     ip address 30.1.1.1 255.255.255.0
     isis enable 1
     mpls
     mpls ldp
    #
    interface LoopBack0
     ip address 3.3.3.9 255.255.255.255
     isis enable 1
    #
    return
  • Configuration file of PE2

    #
    sysname PE2
    #
    mpls lsr-id 4.4.4.9
    mpls
    #
    mpls l2vpn
    #
    mpls ldp
    #
    isis 1
     network-entity 10.0000.0000.0004.00
    #
    interface GigabitEthernet1/0/0
     ip address 30.1.1.2 255.255.255.0
     isis enable 1
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     mpls l2vc 3.3.3.9 100
    #
    interface LoopBack0
     ip address 4.4.4.9 255.255.255.255
     isis enable 1
    # 
    return
  • Configuration file of CE2

    #
    sysname CE2
    #
    interface GigabitEthernet1/0/0
     ip address 100.1.1.2 255.255.255.0
    #
    return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 154284

Downloads: 372

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next