No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Inter-AS Martini VPLS in OptionA Mode

Example for Configuring Inter-AS Martini VPLS in OptionA Mode

Networking Requirements

As shown in Figure 12-15, on an enterprise network, Site1 connects to PE1 through CE1 and then connects to the VPLS domain of AS 100. Site2 connects to PE2 through CE2 and then connects to the VPLS domain of AS 200. The network environments of the branch sites are stable. AS 100 and AS 200 communicate with each other through ASBR-PE1 and ASBR-PE2. IS-IS is used as the IGP on the MPLS backbone network in an AS. Users at Site1 and Site2 need to communicate at Layer 2 and user information needs to be reserved when Layer 2 packets are transmitted over the backbone network.

Figure 12-15  Networking diagram of configuring inter-AS Martini VPLS in OptionA mode

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure transparent transmission of Layer 2 packets over the backbone network using VPLS to enable users at Site1 and Site2 to communicate at Layer 2 and reserve user information when Layer 2 packets are transmitted over the backbone network.

  2. Use Martini VPLS to implement Layer 2 communication between CEs when the network environments of the branch sites are stable.

  3. Configure the IGP routing protocol on the backbone network to implement communication between devices within an AS on the public network.

  4. Configure basic MPLS functions and LDP on PEs on the backbone network to support VPLS.

  5. Establish tunnels for transmitting data between PEs within an AS to prevent data from being known by the public network. Establish dynamic LSPs between ASBR-PEs and PEs in the same AS. If PEs and ASBR-PEs are not directly connected, establish remote LDP sessions.

  6. Enable MPLS L2VPN on PEs to implement VPLS.

  7. Create a VSI on PEs, specify LDP as the signaling protocol, and bind the VSI to the AC interface in the same AS to implement Martini VPLS.

  8. To implement VPLS inter-AS OptionA, configure the peer ASBR as the CE on the ASBR PE, and bind VSIs to peer interfaces.

Procedure

  1. Configure IP addresses for interfaces according to Figure 12-15.

    # Configure CE1. The configuration on PE1, ASBR-PE1, ASBR-PE2, PE2, and CE2 is similar to the configuration on CE1 and is not mentioned here.

    <Huawei> system-view
    [Huawei] sysname CE1
    [CE1] interface gigabitethernet 1/0/0
    [CE1-GigabitEthernet1/0/0] ip address 100.1.1.1 255.255.255.0
    [CE1-GigabitEthernet1/0/0] quit

  2. Configure the IGP on the MPLS backbone network.

    Configure the IGP on the MPLS backbone network to achieve connectivity between the PEs and ASBR PEs. Note that IS-IS must be enabled on Loopback0.

    # Configure PE1. The configuration on ASBR-PE1, ASBR-PE2, and PE2 is similar to the PE1, and is not mentioned here.

    [PE1] isis 1
    [PE1-isis-1] network-entity 10.0000.0000.0001.00
    [PE1-isis-1] quit
    [PE1] interface gigabitethernet 2/0/0
    [PE1-GigabitEthernet2/0/0] isis enable 1
    [PE1-GigabitEthernet2/0/0] quit
    [PE1] interface loopback 0
    [PE1-LoopBack0] isis enable 1
    [PE1-LoopBack0] quit

    After the configuration is complete, the ASBR-PE and PE in the same AS can establish an IS-IS neighbor. Run the display isis peer command, and you can see that the IS-IS neighbor is in Up state.

    The information displayed on PE1 is used as an example.

    [PE1] display isis peer
                                                                                    
                              Peer information for ISIS(1)                          
                                                                                    
      System Id     Interface          Circuit Id       State HoldTime Type     PRI 
    ------------------------------------------------------------------------------- 
    0000.0000.0002  GE2/0/0            0000.0000.0002.01 Up   23s      L1(L1L2) 64  
    0000.0000.0002  GE2/0/0            0000.0000.0002.01 Up   22s      L2(L1L2) 64  
                                                                                    
    Total Peer(s): 2                                                                

    ASBR-PEs and PEs in the same AS can Ping each other.

    The information displayed on PE1 is used as an example.

    [PE1] ping 2.2.2.9
      PING 2.2.2.9: 56  data bytes, press CTRL_C to break
        Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255 time=180 ms
        Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255 time=90 ms
        Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255 time=60 ms
        Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255 time=60 ms
        Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255 time=100 ms
    
      --- 2.2.2.9 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 60/98/180 ms   

  3. Configure basic MPLS functions and LDP.

    Enable basic MPLS functions on the MPLS backbone network. Establish a dynamic LDP LSP between the PE and ASBR PE in the same AS.

    # Configure PE1. The configuration on ASBR-PE1, ASBR-PE2, and PE2 is similar to the PE1, and is not mentioned here.

    [PE1] mpls lsr-id 1.1.1.9
    [PE1] mpls
    [PE1-mpls] quit
    [PE1] mpls ldp
    [PE1-mpls-ldp] quit
    [PE1] interface gigabitethernet 2/0/0
    [PE1-GigabitEthernet2/0/0] mpls
    [PE1-GigabitEthernet2/0/0] mpls ldp
    [PE1-GigabitEthernet2/0/0] quit

    After this step, an LSP is established between the PE and ASBR-PE in the same AS.

    Run the display mpls ldp session command to view the LDP LSP status.

    ASBR-PE1 is used as an example.

    [ASBR-PE1] display mpls ldp session
    
     LDP Session(s) in Public Network
     Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
     A '*' before a session means the session is being deleted.
     ------------------------------------------------------------------------------
     PeerID             Status      LAM  SsnRole  SsnAge      KASent/Rcv
     ------------------------------------------------------------------------------
     1.1.1.9:0          Operational DU   Active   0000:00:19  79/79
     ------------------------------------------------------------------------------
     TOTAL: 1 session(s) Found.

  4. Configure LDP VPLS and bind VSIs to interfaces.

    Configure VSIs on PEs and ASBR PEs respectively and bind the VSIs to the related interfaces.

    # Configure PE1.

    [PE1] mpls l2vpn
    [PE1-l2vpn] quit
    [PE1] vsi a1 static
    [PE1-vsi-a1] pwsignal ldp
    [PE1-vsi-a1-ldp] vsi-id 2
    [PE1-vsi-a1-ldp] peer 2.2.2.9
    [PE1-vsi-a1-ldp] quit
    [PE1-vsi-a1] quit
    [PE1] interface gigabitethernet 1/0/0
    [PE1-GigabitEthernet1/0/0] l2 binding vsi a1
    [PE1-GigabitEthernet1/0/0] quit

    # Configure ASBR-PE1.

    [ASBR-PE1] mpls l2vpn
    [ASBR-PE1-l2vpn] quit
    [ASBR-PE1] vsi a1 static
    [ASBR-PE1-vsi-a1] pwsignal ldp
    [ASBR-PE1-vsi-a1-ldp] vsi-id 2
    [ASBR-PE1-vsi-a1-ldp] peer 1.1.1.9
    [ASBR-PE1-vsi-a1-ldp] quit
    [ASBR-PE1-vsi-a1] quit
    [ASBR-PE1] interface gigabitethernet 2/0/0
    [ASBR-PE1-GigabitEthernet2/0/0] l2 binding vsi a1
    [ASBR-PE1-GigabitEthernet2/0/0] quit

    # Configure ASBR-PE2.

    [ASBR-PE2] mpls l2vpn
    [ASBR-PE2-l2vpn] quit
    [ASBR-PE2] vsi a1 static
    [ASBR-PE2-vsi-a1] pwsignal ldp
    [ASBR-PE2-vsi-a1-ldp] vsi-id 3
    [ASBR-PE2-vsi-a1-ldp] peer 4.4.4.9
    [ASBR-PE2-vsi-a1-ldp] quit
    [ASBR-PE2-vsi-a1] quit
    [ASBR-PE2] interface gigabitethernet 1/0/0
    [ASBR-PE2-GigabitEthernet1/0/0] l2 binding vsi a1
    [ASBR-PE2-GigabitEthernet1/0/0] quit

    # Configure PE2.

    [PE2] mpls l2vpn
    [PE2-l2vpn] quit
    [PE2] vsi a1 static
    [PE2-vsi-a1] pwsignal ldp
    [PE2-vsi-a1-ldp] vsi-id 3
    [PE2-vsi-a1-ldp] peer 3.3.3.9
    [PE2-vsi-a1-ldp] quit
    [PE2-vsi-a1] quit
    [PE2] interface gigabitethernet 2/0/0
    [PE2-GigabitEthernet2/0/0] l2 binding vsi a1
    [PE2-GigabitEthernet2/0/0] quit

  5. Verify the configuration.

    After the preceding configurations are complete, run the display vsi name a1 verbose command on PE1, and you can see that the VSI named a1 has established a PW to PE2, and the status of the VSI is Up.

    # Take the display on PE1 and ASBR-PE2 for example.

    [PE1] display vsi name a1 verbose
    
     ***VSI Name               : a1
        Administrator VSI      : no
        Isolate Spoken         : disable
        VSI Index              : 0
        PW Signaling           : ldp
        Member Discovery Style : static
        PW MAC Learn Style     : unqualify
        Encapsulation Type     : vlan
        MTU                    : 1500
        Diffserv Mode          : uniform
        Service Class          : --                                                 
        Color                  : --
        DomainId               : 255
        Domain Name            :
        Ignore AcState         : disable
        P2P VSI                : disable
        Create Time            : 0 days, 3 hours, 30 minutes, 31 seconds
        VSI State              : up
    
        VSI ID                 : 2
       *Peer Router ID         : 2.2.2.9
        Negotiation-vc-id      : 2
        primary or secondary   : primary
        ignore-standby-state   : no
        VC Label               : 23552
        Peer Type              : dynamic
        Session                : up
        Tunnel ID              : 
        Broadcast Tunnel ID    : 0x0
        Broad BackupTunnel ID  : 0x0 
        CKey                   : 6
        NKey                   : 5
        Stp Enable             : 0
        PwIndex                : 0
        Control Word           : disable 
        BFD for PW             : unavailable
    
        Interface Name         : GigabitEthernet1/0/0
        State                  : up
        Access Port            : false
        Last Up Time           : 2017/07/02 15:41:59
        Total Up Time          : 0 days, 0 hours, 1 minutes, 2 seconds
    
       **PW Information:
    
       *Peer Ip Address        : 2.2.2.9
        PW State               : up
        Local VC Label         : 23552
        Remote VC Label        : 23552
        Remote Control Word    : disable 
        PW Type                : label
        Local  VCCV            : alert lsp-ping
        Remote VCCV            : alert lsp-ping
        Tunnel ID              : 0x20020
        Broadcast Tunnel ID    : 0x20020
        Broad BackupTunnel ID  : 0x0
        Ckey                   : 0x6
        Nkey                   : 0x5
        Main PW Token          : 0x20020
        Slave PW Token         : 0x0
        Tnl Type               : LSP
        OutInterface           : GigabitEthernet2/0/0
        Backup OutInterface    : 
        Stp Enable             : 0
        PW Last Up Time        : 2017/07/02 15:41:59
        PW Total Up Time       : 0 days, 0 hours, 1 minutes, 3 seconds

    # CE1 and CE2 can ping each other.

    Take the display on CE1 for example.

    [CE1] ping 100.1.1.2
      PING 100.1.1.2: 56  data bytes, press CTRL_C to break
        Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=172 ms
        Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=156 ms
        Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=156 ms
        Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=156 ms
        Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=156 ms
    
      --- 100.1.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 156/159/172 ms

Configuration Files

  • Configuration file of CE1

    #
     sysname CE1
    #
    interface GigabitEthernet1/0/0
     ip address 100.1.1.1 255.255.255.0
    #
    return
  • Configuration file of PE1

    #
     sysname PE1
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls l2vpn
    #
    vsi a1 static
     pwsignal ldp
      vsi-id 2
      peer 2.2.2.9
    #
    mpls ldp
    #
    isis 1
     network-entity 10.0000.0000.0001.00
    #
    interface GigabitEthernet1/0/0
     l2 binding vsi a1
    #
    interface GigabitEthernet2/0/0
     ip address 10.1.1.1 255.255.255.0
     isis enable 1
     mpls
     mpls ldp
    #
    interface LoopBack0
     ip address 1.1.1.9 255.255.255.255
     isis enable 1
    #
    return
  • Configuration file of ASBR-PE1

    #
     sysname ASBR-PE1
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls l2vpn
    #
    vsi a1 static
     pwsignal ldp
      vsi-id 2
      peer 1.1.1.9
    #
    mpls ldp
    #
    isis 1
     network-entity 10.0000.0000.0002.00
    #
    interface GigabitEthernet1/0/0
     ip address 10.1.1.2 255.255.255.0
     isis enable 1
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     l2 binding vsi a1
    #
    interface LoopBack0
     ip address 2.2.2.9 255.255.255.255
     isis enable 1
    #
    return
  • Configuration file of ASBR-PE2

    #
     sysname ASBR-PE2
    #
    mpls lsr-id 3.3.3.9
    mpls
    #
    mpls l2vpn
    #
    vsi a1 static
     pwsignal ldp
      vsi-id 3
      peer 4.4.4.9
    #
    mpls ldp
    #
    isis 1
     network-entity 10.0000.0000.0003.00
    #
    interface GigabitEthernet1/0/0
     l2 binding vsi a1
    #
    interface GigabitEthernet2/0/0
     ip address 30.1.1.1 255.255.255.0
     isis enable 1
     mpls
     mpls ldp
    #
    interface LoopBack0
     ip address 3.3.3.9 255.255.255.255
     isis enable 1
    #
    return
  • Configuration file of PE2

    #
     sysname PE2
    #
    mpls lsr-id 4.4.4.9
    mpls
    #
    mpls l2vpn
    #
    vsi a1 static
     pwsignal ldp
      vsi-id 3
      peer 3.3.3.9
    #
    mpls ldp
    #
    isis 1
     network-entity 10.0000.0000.0004.00
    #
    interface GigabitEthernet1/0/0
     ip address 30.1.1.2 255.255.255.0
     isis enable 1
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     l2 binding vsi a1
    #
    interface LoopBack0
     ip address 4.4.4.9 255.255.255.255
     isis enable 1
    # 
    return
  • Configuration file of CE2

    #
     sysname CE2
    #
    interface GigabitEthernet1/0/0
     ip address 100.1.1.2 255.255.255.0
    #
    return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 154386

Downloads: 372

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next