No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU
Support Documentation

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Mixed Multi-Segment PW

Example for Configuring a Mixed Multi-Segment PW

Networking Requirements

As shown in Figure 11-15, the MPLS network of an ISP provides the L2VPN service for users. The S-PE has powerful functions, and U-PE1 and U-PE2 (U-PE2 supports only static PWs) function as access devices and cannot directly establish remote LDP session. Many users connect to the MPLS network through U-PE1 and U-PE2, and users on the U-PEs change frequently. A proper VPN solution is required to provide secure VPN services for users and simplify configuration and maintenance when new users connect to the network.

Figure 11-15  Networking diagram for configuring a mixed multi-segment PW

Configuration Roadmap

Because the S-PE has powerful functions, and U-PE1 and U-PE2 cannot directly establish remote LDP sessions, you can configure a multi-segment PW and PW switching on the S-PE to meet the customer requirements. U-PE2 supports only static PWs, so a mixed multi-segment PW is used.

The configuration roadmap is as follows:

  1. Configure an IGP protocol on the backbone network so that backbone network devices can communicate.

  2. Configure basic MPLS functions and establish LSP tunnels on the backbone network.

  3. Set up a remote LDP session between U-PE1 and the S-PE.

  4. Set up static or dynamic MPLS L2VC connections on the U-PEs.

  5. Configure PW switching on the S-PE.

Procedure

  1. Configure an IP address for each interface on the devices according to Figure 11-15.

    # Configure CE1. The configuration on U-PE1, P1, S-PE, P2, U-PE2, and CE2 is similar to the configuration on CE1 and is not mentioned here.

    <Huawei> system-view
[Huawei] sysname CE1
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] ip address 100.1.1.1 255.255.255.0
[CE1-GigabitEthernet1/0/0] quit

  2. Configure an IGP protocol and Loopback address on the MPLS backbone network.

    # Configure U-PE1. The configuration on P1, S-PE, P2, and U-PE2 is similar to the configuration on U-PE1 and is not mentioned here.

    [U-PE1] interface loopback 0
[U-PE1-LoopBack0] ip address 1.1.1.9 255.255.255.255
[U-PE1-LoopBack0] quit
[U-PE1] ospf 1
[U-PE1-ospf-1] area 0
[U-PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[U-PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[U-PE1-ospf-1-area-0.0.0.0] quit
[U-PE1-ospf-1] quit

  3. Enable MPLS, set up tunnels, and set up a remote LDP session between U-PE1 and the S-PE.

    Configure basic MPLS functions and set up tunnels on the MPLS backbone network. In this example, the LSP tunnel is used.

    You need to set up a remote LDP session between U-PE1 and the S-PE. U-PE1 is used as an example.

    # Configure U-PE1.

    [U-PE1] mpls lsr-id 1.1.1.9
[U-PE1] mpls
[U-PE1-mpls] quit
[U-PE1] mpls ldp
[U-PE1-mpls-ldp] quit
[U-PE1] interface gigabitethernet 2/0/0
[U-PE1-GigabitEthernet2/0/0] ip address 10.1.1.1 255.255.255.0
[U-PE1-GigabitEthernet2/0/0] mpls
[U-PE1-GigabitEthernet2/0/0] mpls ldp
[U-PE1-GigabitEthernet2/0/0] quit
[U-PE1] mpls ldp remote-peer 3.3.3.9
[U-PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[U-PE1-mpls-ldp-remote-3.3.3.9] quit

    # Configure P1

    [P1] mpls lsr-id 2.2.2.9
[P1] mpls
[P1-mpls] quit
[P1] mpls ldp
[P1-mpls-ldp] quit
[P1] interface gigabitethernet 1/0/0
[P1-GigabitEthernet1/0/0] mpls
[P1-GigabitEthernet1/0/0] mpls ldp
[P1-GigabitEthernet1/0/0] quit
[P1] interface gigabitethernet 2/0/0
[P1-GigabitEthernet2/0/0] mpls
[P1-GigabitEthernet2/0/0] mpls ldp
[P1-GigabitEthernet2/0/0] quit

    # Configure the S-PE.

    [S-PE] mpls lsr-id 3.3.3.9
[S-PE] mpls
[S-PE-mpls] quit
[S-PE] mpls ldp
[S-PE-mpls-ldp] quit
[S-PE] interface gigabitethernet 1/0/0
[S-PE-GigabitEthernet1/0/0] mpls
[S-PE-GigabitEthernet1/0/0] mpls ldp
[S-PE-GigabitEthernet1/0/0] quit
[S-PE] interface gigabitethernet 2/0/0
[S-PE-GigabitEthernet2/0/0] mpls
[S-PE-GigabitEthernet2/0/0] mpls ldp
[S-PE-GigabitEthernet2/0/0] quit
[S-PE] mpls ldp remote-peer 1.1.1.9
[S-PE-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[S-PE-mpls-ldp-remote-1.1.1.9] quit
[S-PE] mpls ldp remote-peer 5.5.5.9
[S-PE-mpls-ldp-remote-5.5.5.9] remote-ip 5.5.5.9
[S-PE-mpls-ldp-remote-5.5.5.9] quit

    # Configure P2

    [P2] mpls lsr-id 4.4.4.9
[P2] mpls 
[P2-mpls] quit
[P2] mpls ldp
[P2-mpls-ldp] quit
[P2] interface gigabitethernet 1/0/0
[P2-GigabitEthernet1/0/0] mpls
[P2-GigabitEthernet1/0/0] mpls ldp
[P2-GigabitEthernet1/0/0] quit
[P2] interface gigabitethernet 2/0/0
[P2-GigabitEthernet2/0/0] mpls
[P2-GigabitEthernet2/0/0] mpls ldp
[P2-GigabitEthernet2/0/0] quit

    # Configure U-PE2

    [U-PE2] mpls lsr-id 5.5.5.9
[U-PE2] mpls 
[U-PE2-mpls] quit
[U-PE2] mpls ldp
[U-PE2-mpls-ldp] quit 
[U-PE2] interface gigabitethernet 1/0/0
[U-PE2-GigabitEthernet1/0/0] mpls
[U-PE2-GigabitEthernet1/0/0] mpls ldp
[U-PE2-GigabitEthernet1/0/0] quit
[U-PE2] mpls ldp remote-peer 3.3.3.9
[U-PE2-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[U-PE2-mpls-ldp-remote-3.3.3.9] quit

  4. Create VCs.

    Enable MPLS L2VPN on U-PE1, U-PE2, and the S-PE.

    Configure a dynamic VC on U-PE1 and a static VC on U-PE2, and configure mixed PW switching on the S-PE.

    # Configure U-PE1.

    [U-PE1] mpls l2vpn
[U-PE1-l2vpn] quit
[U-PE1] interface gigabitethernet 1/0/0
[U-PE1-GigabitEthernet1/0/0] mpls l2vc 3.3.3.9 100 
[U-PE1-GigabitEthernet1/0/0] quit
    NOTE:

    When you configure mixed PW switching, ip-address vc-id before between specifies the VC ID of a dynamic PW and ip-address vc-id after between specifies the VC ID of a static PW. The two values cannot be interchanged.

    # Configure the S-PE.

    [S-PE] mpls l2vpn
[S-PE-l2vpn] quit
[S-PE] mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 trans 200 recv 100 encapsulation ethernet

    # Configure U-PE2.

    [U-PE2] mpls l2vpn
[U-PE2-l2vpn] quit
[U-PE2] pw-template pwt
[U-PE2-pw-template-pwt] peer-address 3.3.3.9
[U-PE2-pw-template-pwt] quit
[U-PE2] interface gigabitethernet 2/0/0
[U-PE2-GigabitEthernet2/0/0] mpls static-l2vc pw-template pwt 200 transmit-vpn-label 100 receive-vpn-label 200
[U-PE2-GigabitEthernet2/0/0] quit

  5. Verify the configuration.

    # View information about L2VPN connections on the PEs. The command output shows that an L2VC is set up and the VC status is Up.

    # The display on U-PE1 and the S-PE is used as an example.

    [U-PE1] display mpls l2vc interface gigabitethernet 1/0/0
 *client interface       : GigabitEthernet1/0/0 is up
  Administrator PW       : no
  session state          : up
  AC status              : up
  Ignore AC state        : disable
  VC state               : up
  Label state            : 0
  Token state            : 0
  VC ID                  : 100
  VC type                : Ethernet
  destination            : 3.3.3.9
  local group ID         : 0            remote group ID      : 0    
  local VC label         : 1029         remote VC label      : 1033 
  local AC OAM State     : up                                 
  local PSN OAM State    : up                                 
  local forwarding state : forwarding                        
  local status code      : 0x0                               
  remote AC OAM state    : up                                 
  remote PSN OAM state   : up                                
  remote forwarding state: forwarding                        
  remote status code     : 0x0                               
  ignore standby state   : no                                
  BFD for PW             : unavailable                       
  VCCV State             : up                                 
  manual fault           : not set                           
  active state           : active                            
  forwarding entry       : exist                              
  link state             : up                                   
  local VC MTU           : 1500         remote VC MTU        : 1500 
  local VCCV             : alert ttl lsp-ping bfd                 
  remote VCCV            : alert ttl lsp-ping bfd                 
  local control word     : disable      remote control word  : disable 
  tunnel policy name     : --                                      
  PW template name       : --                                    
  primary or secondary   : primary                               
  load balance type      : flow                                
  Access-port            : false                                 
  Switchover Flag        : false                                
  VC tunnel/token info   : 1 tunnels/tokens                     
    NO.0  TNL type       : lsp   , TNL ID : 0x4                 
    Backup TNL type      : lsp   , TNL ID : 0x0                
  create time            : 0 days, 0 hours, 3 minutes, 32 seconds 
  up time                : 0 days, 0 hours, 2 minutes, 36 seconds 
  last change time       : 0 days, 0 hours, 2 minutes, 36 seconds 
  VC last up time        : 2013/12/04 16:32:08         
  VC total up time       : 0 days, 0 hours, 2 minutes, 36 seconds 
  CKey                   : 6       
  NKey                   : 5       
  PW redundancy mode     : frr     
  AdminPw interface      : --      
  AdminPw link state     : --     
  Diffserv Mode        : uniform                                                
  Service Class        : --                                                     
  Color                : --                                                     
  DomainId             : --                                                     
  Domain Name          : --                                                     
  BFD for PW           : unavailable                                            
    [S-PE] display mpls switch-l2vc
 Total Switch VC : 1, 1 up, 0 down                     
                                                       
*Switch-l2vc type             : LDP<---->SVC           
 Peer IP Address              : 1.1.1.9, 5.5.5.9       
 VC ID                        : 100, 200               
 VC Type                      : Ethernet               
 VC State                     : up                     
 Session State                : up, None                
 Local(In)/Remote(Out) Label  : 1033/1029, 100/200     
 InLabel Status               : 0 , 0                   
 Local/Remote MTU             : 1500/1500, 1500        
 Local/Remote Control Word    : Disable/Disable, Disable 
 Local/Remote VCCV Capability : alert ttl lsp-ping bfd /alert ttl lsp-ping bfd , alert ttl lsp-ping bfd
 Switch-l2vc tunnel info      :                                    
                                1 tunnels for peer 1.1.1.9          
                                NO.0  TNL Type : lsp   , TNL ID : 0xe 
                                1 tunnels for peer 5.5.5.9          
                                NO.0  TNL Type : lsp   , TNL ID : 0x10
 CKey                         : 18, 20                               
 NKey                         : 17, 19                                
 Tunnel policy                : --, --                             
 Create time                  : 0 days, 0 hours, 6 minutes, 8 seconds   
 UP time                      : 0 days, 0 hours, 6 minutes, 7 seconds   
 Last change time             : 0 days, 0 hours, 6 minutes, 7 seconds    
 VC last up time              : 2013/12/01 23:25:03                   
 VC total up time             : 0 days, 0 hours, 6 minutes, 7 seconds

    # CE1 and CE2 can ping each other successfully.

    # The display on CE1 is used as an example.

    [CE1] ping 100.1.1.2
  PING 100.1.1.2: 56  data bytes, press CTRL_C to break
    Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=270 ms
    Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=220 ms
    Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=190 ms
    Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=190 ms
    Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=160 ms

  --- 100.1.1.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 160/206/270 ms

Configuration Files

  • Configuration file of CE1

    #
 sysname CE1
#
interface GigabitEthernet1/0/0
 ip address 100.1.1.1 255.255.255.0
#
return

  • Configuration file of U-PE1

    #
 sysname U-PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
 remote-ip 3.3.3.9
#
interface GigabitEthernet1/0/0
 mpls l2vc 3.3.3.9 100
#
interface GigabitEthernet2/0/0
 ip address 10.1.1.1 255.255.255.0
 mpls
 mpls ldp
#
interface LoopBack0
 ip address 1.1.1.9 255.255.255.255
#
ospf 1
 area 0.0.0.0
  network 10.1.1.0 0.0.0.255
  network 1.1.1.9 0.0.0.0
#
return

  • Configuration file of P1

    #
 sysname P1
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
 ip address 10.1.1.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet2/0/0
 ip address 20.1.1.1 255.255.255.0
 mpls
 mpls ldp
 #
interface LoopBack0
 ip address 2.2.2.9 255.255.255.255
#
ospf 1
 area 0.0.0.0
  network 10.1.1.0 0.0.0.255
  network 20.1.1.0 0.0.0.255
  network 2.2.2.9 0.0.0.0
#
return

  • Configuration file of the S-PE

    #
 sysname S-PE
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
 mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 trans 200 recv 100 encapsulation ethernet
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
 remote-ip 1.1.1.9
#
mpls ldp remote-peer 5.5.5.9
 remote-ip 5.5.5.9
#
interface GigabitEthernet1/0/0
 ip address 20.1.1.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet2/0/0
 ip address 30.1.1.1 255.255.255.0
 mpls
 mpls ldp
#
interface LoopBack0
 ip address 3.3.3.9 255.255.255.255
#
ospf 1
 area 0.0.0.0
  network 20.1.1.0 0.0.0.255
  network 30.1.1.0 0.0.0.255
  network 3.3.3.9 0.0.0.0
#
return

  • Configuration file of P2

    #
 sysname P2
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
 ip address 30.1.1.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet2/0/0
 ip address 40.1.1.1 255.255.255.0
 mpls
 mpls ldp
#
interface LoopBack0
 ip address 4.4.4.9 255.255.255.255
#
ospf 1
 area 0.0.0.0
  network 4.4.4.9 0.0.0.0
  network 30.1.1.0 0.0.0.255
  network 40.1.1.0 0.0.0.255
#
return

  • Configuration file of U-PE2

    #
 sysname U-PE2
#
mpls lsr-id 5.5.5.9
mpls
#
mpls l2vpn
#
pw-template pwt
 peer-address 3.3.3.9
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
 remote-ip 3.3.3.9
#
interface GigabitEthernet1/0/0
 ip address 40.1.1.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet2/0/0
 mpls static-l2vc pw-template pwt 200 transmit-vpn-label 100 receive-vpn-label 200
#
interface LoopBack0
 ip address 5.5.5.9 255.255.255.255
#
ospf 1
 area 0.0.0.0
  network 5.5.5.9 0.0.0.0
  network 40.1.1.0 0.0.0.255
#
return

  • Configuration file of CE2

    #
 sysname CE2
#
interface GigabitEthernet1/0/0
 ip address 100.1.1.2 255.255.255.0

#
return
Translation
简体中文
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 150761

Downloads: 365

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next
Enterprise APP

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.