No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Mixed Multi-Segment PW

Example for Configuring a Mixed Multi-Segment PW

Networking Requirements

As shown in Figure 11-15, the MPLS network of an ISP provides the L2VPN service for users. The S-PE has powerful functions, and U-PE1 and U-PE2 (U-PE2 supports only static PWs) function as access devices and cannot directly establish remote LDP session. Many users connect to the MPLS network through U-PE1 and U-PE2, and users on the U-PEs change frequently. A proper VPN solution is required to provide secure VPN services for users and simplify configuration and maintenance when new users connect to the network.

Figure 11-15  Networking diagram for configuring a mixed multi-segment PW

Configuration Roadmap

Because the S-PE has powerful functions, and U-PE1 and U-PE2 cannot directly establish remote LDP sessions, you can configure a multi-segment PW and PW switching on the S-PE to meet the customer requirements. U-PE2 supports only static PWs, so a mixed multi-segment PW is used.

The configuration roadmap is as follows:

  1. Configure an IGP protocol on the backbone network so that backbone network devices can communicate.

  2. Configure basic MPLS functions and establish LSP tunnels on the backbone network.

  3. Set up a remote LDP session between U-PE1 and the S-PE.

  4. Set up static or dynamic MPLS L2VC connections on the U-PEs.

  5. Configure PW switching on the S-PE.

Procedure

  1. Configure an IP address for each interface on the devices according to Figure 11-15.

    # Configure CE1. The configuration on U-PE1, P1, S-PE, P2, U-PE2, and CE2 is similar to the configuration on CE1 and is not mentioned here.

    <Huawei> system-view
    [Huawei] sysname CE1
    [CE1] interface gigabitethernet 1/0/0
    [CE1-GigabitEthernet1/0/0] ip address 100.1.1.1 255.255.255.0
    [CE1-GigabitEthernet1/0/0] quit

  2. Configure an IGP protocol and Loopback address on the MPLS backbone network.

    # Configure U-PE1. The configuration on P1, S-PE, P2, and U-PE2 is similar to the configuration on U-PE1 and is not mentioned here.

    [U-PE1] interface loopback 0
    [U-PE1-LoopBack0] ip address 1.1.1.9 255.255.255.255
    [U-PE1-LoopBack0] quit
    [U-PE1] ospf 1
    [U-PE1-ospf-1] area 0
    [U-PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
    [U-PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [U-PE1-ospf-1-area-0.0.0.0] quit
    [U-PE1-ospf-1] quit
    

  3. Enable MPLS, set up tunnels, and set up a remote LDP session between U-PE1 and the S-PE.

    Configure basic MPLS functions and set up tunnels on the MPLS backbone network. In this example, the LSP tunnel is used.

    You need to set up a remote LDP session between U-PE1 and the S-PE. U-PE1 is used as an example.

    # Configure U-PE1.

    [U-PE1] mpls lsr-id 1.1.1.9
    [U-PE1] mpls
    [U-PE1-mpls] quit
    [U-PE1] mpls ldp
    [U-PE1-mpls-ldp] quit
    [U-PE1] interface gigabitethernet 2/0/0
    [U-PE1-GigabitEthernet2/0/0] ip address 10.1.1.1 255.255.255.0
    [U-PE1-GigabitEthernet2/0/0] mpls
    [U-PE1-GigabitEthernet2/0/0] mpls ldp
    [U-PE1-GigabitEthernet2/0/0] quit
    [U-PE1] mpls ldp remote-peer 3.3.3.9
    [U-PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
    [U-PE1-mpls-ldp-remote-3.3.3.9] quit

    # Configure P1

    [P1] mpls lsr-id 2.2.2.9
    [P1] mpls
    [P1-mpls] quit
    [P1] mpls ldp
    [P1-mpls-ldp] quit
    [P1] interface gigabitethernet 1/0/0
    [P1-GigabitEthernet1/0/0] mpls
    [P1-GigabitEthernet1/0/0] mpls ldp
    [P1-GigabitEthernet1/0/0] quit
    [P1] interface gigabitethernet 2/0/0
    [P1-GigabitEthernet2/0/0] mpls
    [P1-GigabitEthernet2/0/0] mpls ldp
    [P1-GigabitEthernet2/0/0] quit

    # Configure the S-PE.

    [S-PE] mpls lsr-id 3.3.3.9
    [S-PE] mpls
    [S-PE-mpls] quit
    [S-PE] mpls ldp
    [S-PE-mpls-ldp] quit
    [S-PE] interface gigabitethernet 1/0/0
    [S-PE-GigabitEthernet1/0/0] mpls
    [S-PE-GigabitEthernet1/0/0] mpls ldp
    [S-PE-GigabitEthernet1/0/0] quit
    [S-PE] interface gigabitethernet 2/0/0
    [S-PE-GigabitEthernet2/0/0] mpls
    [S-PE-GigabitEthernet2/0/0] mpls ldp
    [S-PE-GigabitEthernet2/0/0] quit
    [S-PE] mpls ldp remote-peer 1.1.1.9
    [S-PE-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
    [S-PE-mpls-ldp-remote-1.1.1.9] quit
    [S-PE] mpls ldp remote-peer 5.5.5.9
    [S-PE-mpls-ldp-remote-5.5.5.9] remote-ip 5.5.5.9
    [S-PE-mpls-ldp-remote-5.5.5.9] quit

    # Configure P2

    [P2] mpls lsr-id 4.4.4.9
    [P2] mpls 
    [P2-mpls] quit
    [P2] mpls ldp
    [P2-mpls-ldp] quit
    [P2] interface gigabitethernet 1/0/0
    [P2-GigabitEthernet1/0/0] mpls
    [P2-GigabitEthernet1/0/0] mpls ldp
    [P2-GigabitEthernet1/0/0] quit
    [P2] interface gigabitethernet 2/0/0
    [P2-GigabitEthernet2/0/0] mpls
    [P2-GigabitEthernet2/0/0] mpls ldp
    [P2-GigabitEthernet2/0/0] quit

    # Configure U-PE2

    [U-PE2] mpls lsr-id 5.5.5.9
    [U-PE2] mpls 
    [U-PE2-mpls] quit
    [U-PE2] mpls ldp
    [U-PE2-mpls-ldp] quit 
    [U-PE2] interface gigabitethernet 1/0/0
    [U-PE2-GigabitEthernet1/0/0] mpls
    [U-PE2-GigabitEthernet1/0/0] mpls ldp
    [U-PE2-GigabitEthernet1/0/0] quit
    [U-PE2] mpls ldp remote-peer 3.3.3.9
    [U-PE2-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
    [U-PE2-mpls-ldp-remote-3.3.3.9] quit
    

  4. Create VCs.

    Enable MPLS L2VPN on U-PE1, U-PE2, and the S-PE.

    Configure a dynamic VC on U-PE1 and a static VC on U-PE2, and configure mixed PW switching on the S-PE.

    # Configure U-PE1.

    [U-PE1] mpls l2vpn
    [U-PE1-l2vpn] quit
    [U-PE1] interface gigabitethernet 1/0/0
    [U-PE1-GigabitEthernet1/0/0] mpls l2vc 3.3.3.9 100 
    [U-PE1-GigabitEthernet1/0/0] quit
    
    NOTE:

    When you configure mixed PW switching, ip-address vc-id before between specifies the VC ID of a dynamic PW and ip-address vc-id after between specifies the VC ID of a static PW. The two values cannot be interchanged.

    # Configure the S-PE.

    [S-PE] mpls l2vpn
    [S-PE-l2vpn] quit
    [S-PE] mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 trans 200 recv 100 encapsulation ethernet

    # Configure U-PE2.

    [U-PE2] mpls l2vpn
    [U-PE2-l2vpn] quit
    [U-PE2] pw-template pwt
    [U-PE2-pw-template-pwt] peer-address 3.3.3.9
    [U-PE2-pw-template-pwt] quit
    [U-PE2] interface gigabitethernet 2/0/0
    [U-PE2-GigabitEthernet2/0/0] mpls static-l2vc pw-template pwt 200 transmit-vpn-label 100 receive-vpn-label 200
    [U-PE2-GigabitEthernet2/0/0] quit

  5. Verify the configuration.

    # View information about L2VPN connections on the PEs. The command output shows that an L2VC is set up and the VC status is Up.

    # The display on U-PE1 and the S-PE is used as an example.

    [U-PE1] display mpls l2vc interface gigabitethernet 1/0/0
     *client interface       : GigabitEthernet1/0/0 is up
      Administrator PW       : no
      session state          : up
      AC status              : up
      Ignore AC state        : disable
      VC state               : up
      Label state            : 0
      Token state            : 0
      VC ID                  : 100
      VC type                : Ethernet
      destination            : 3.3.3.9
      local group ID         : 0            remote group ID      : 0    
      local VC label         : 1029         remote VC label      : 1033 
      local AC OAM State     : up                                 
      local PSN OAM State    : up                                 
      local forwarding state : forwarding                        
      local status code      : 0x0                               
      remote AC OAM state    : up                                 
      remote PSN OAM state   : up                                
      remote forwarding state: forwarding                        
      remote status code     : 0x0                               
      ignore standby state   : no                                
      BFD for PW             : unavailable                       
      VCCV State             : up                                 
      manual fault           : not set                           
      active state           : active                            
      forwarding entry       : exist                              
      link state             : up                                   
      local VC MTU           : 1500         remote VC MTU        : 1500 
      local VCCV             : alert ttl lsp-ping bfd                 
      remote VCCV            : alert ttl lsp-ping bfd                 
      local control word     : disable      remote control word  : disable 
      tunnel policy name     : --                                      
      PW template name       : --                                    
      primary or secondary   : primary                               
      load balance type      : flow                                
      Access-port            : false                                 
      Switchover Flag        : false                                
      VC tunnel/token info   : 1 tunnels/tokens                     
        NO.0  TNL type       : lsp   , TNL ID : 0x4                 
        Backup TNL type      : lsp   , TNL ID : 0x0                
      create time            : 0 days, 0 hours, 3 minutes, 32 seconds 
      up time                : 0 days, 0 hours, 2 minutes, 36 seconds 
      last change time       : 0 days, 0 hours, 2 minutes, 36 seconds 
      VC last up time        : 2013/12/04 16:32:08         
      VC total up time       : 0 days, 0 hours, 2 minutes, 36 seconds 
      CKey                   : 6       
      NKey                   : 5       
      PW redundancy mode     : frr     
      AdminPw interface      : --      
      AdminPw link state     : --     
      Diffserv Mode        : uniform                                                
      Service Class        : --                                                     
      Color                : --                                                     
      DomainId             : --                                                     
      Domain Name          : --                                                     
      BFD for PW           : unavailable                                            
    [S-PE] display mpls switch-l2vc
     Total Switch VC : 1, 1 up, 0 down                     
                                                           
    *Switch-l2vc type             : LDP<---->SVC           
     Peer IP Address              : 1.1.1.9, 5.5.5.9       
     VC ID                        : 100, 200               
     VC Type                      : Ethernet               
     VC State                     : up                     
     Session State                : up, None                
     Local(In)/Remote(Out) Label  : 1033/1029, 100/200     
     InLabel Status               : 0 , 0                   
     Local/Remote MTU             : 1500/1500, 1500        
     Local/Remote Control Word    : Disable/Disable, Disable 
     Local/Remote VCCV Capability : alert ttl lsp-ping bfd /alert ttl lsp-ping bfd , alert ttl lsp-ping bfd
     Switch-l2vc tunnel info      :                                    
                                    1 tunnels for peer 1.1.1.9          
                                    NO.0  TNL Type : lsp   , TNL ID : 0xe 
                                    1 tunnels for peer 5.5.5.9          
                                    NO.0  TNL Type : lsp   , TNL ID : 0x10
     CKey                         : 18, 20                               
     NKey                         : 17, 19                                
     Tunnel policy                : --, --                             
     Create time                  : 0 days, 0 hours, 6 minutes, 8 seconds   
     UP time                      : 0 days, 0 hours, 6 minutes, 7 seconds   
     Last change time             : 0 days, 0 hours, 6 minutes, 7 seconds    
     VC last up time              : 2013/12/01 23:25:03                   
     VC total up time             : 0 days, 0 hours, 6 minutes, 7 seconds

    # CE1 and CE2 can ping each other successfully.

    # The display on CE1 is used as an example.

    [CE1] ping 100.1.1.2
      PING 100.1.1.2: 56  data bytes, press CTRL_C to break
        Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=270 ms
        Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=220 ms
        Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=190 ms
        Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=190 ms
        Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=160 ms
    
      --- 100.1.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 160/206/270 ms

Configuration Files

  • Configuration file of CE1

    #
     sysname CE1
    #
    interface GigabitEthernet1/0/0
     ip address 100.1.1.1 255.255.255.0
    #
    return
  • Configuration file of U-PE1

    #
     sysname U-PE1
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls l2vpn
    #
    mpls ldp
    #
    mpls ldp remote-peer 3.3.3.9
     remote-ip 3.3.3.9
    #
    interface GigabitEthernet1/0/0
     mpls l2vc 3.3.3.9 100
    #
    interface GigabitEthernet2/0/0
     ip address 10.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack0
     ip address 1.1.1.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 10.1.1.0 0.0.0.255
      network 1.1.1.9 0.0.0.0
    #
    return
  • Configuration file of P1

    #
     sysname P1
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip address 10.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address 20.1.1.1 255.255.255.0
     mpls
     mpls ldp
     #
    interface LoopBack0
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 10.1.1.0 0.0.0.255
      network 20.1.1.0 0.0.0.255
      network 2.2.2.9 0.0.0.0
    #
    return
  • Configuration file of the S-PE

    #
     sysname S-PE
    #
    mpls lsr-id 3.3.3.9
    mpls
    #
    mpls l2vpn
    #
     mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 trans 200 recv 100 encapsulation ethernet
    #
    mpls ldp
    #
    mpls ldp remote-peer 1.1.1.9
     remote-ip 1.1.1.9
    #
    mpls ldp remote-peer 5.5.5.9
     remote-ip 5.5.5.9
    #
    interface GigabitEthernet1/0/0
     ip address 20.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address 30.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack0
     ip address 3.3.3.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 30.1.1.0 0.0.0.255
      network 3.3.3.9 0.0.0.0
    #
    return
  • Configuration file of P2

    #
     sysname P2
    #
    mpls lsr-id 4.4.4.9
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip address 30.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address 40.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack0
     ip address 4.4.4.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.9 0.0.0.0
      network 30.1.1.0 0.0.0.255
      network 40.1.1.0 0.0.0.255
    #
    return
  • Configuration file of U-PE2

    #
     sysname U-PE2
    #
    mpls lsr-id 5.5.5.9
    mpls
    #
    mpls l2vpn
    #
    pw-template pwt
     peer-address 3.3.3.9
    #
    mpls ldp
    #
    mpls ldp remote-peer 3.3.3.9
     remote-ip 3.3.3.9
    #
    interface GigabitEthernet1/0/0
     ip address 40.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     mpls static-l2vc pw-template pwt 200 transmit-vpn-label 100 receive-vpn-label 200
    #
    interface LoopBack0
     ip address 5.5.5.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 5.5.5.9 0.0.0.0
      network 40.1.1.0 0.0.0.255
    #
    return
  • Configuration file of CE2

    #
     sysname CE2
    #
    interface GigabitEthernet1/0/0
     ip address 100.1.1.2 255.255.255.0
    
    #
    return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 150761

Downloads: 365

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next