Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring HoVPN
Networking Requirements
Figure 7-52 shows a
hierarchical VPN network consisting of a provincial backbone network
and a city MPLS VPN network.
- The SPE is located on the provincial backbone network and connects to the city MPLS VPN network.
- The UPE is located on the city network and connects to VPN users.
The routing and forwarding capabilities of the UPE are lower than those of the SPE and PEs. The HoVPN networking can enable users in vpna to communicate with each other while reducing the loads on the UPE.
Configuration Roadmap
The configuration roadmap is as follows:
- Configure an IGP on the backbone network to implement IP interworking.
- Configure basic MPLS capabilities and MPLS LDP on the backbone network to set up MPLS LSPs.
- Set up MP-IBGP peer relationships between the UPE and SPE and between the PE and SPE to exchange VPN routing information.
- On the UPE and PEs, create VPN instances and set up EBGP peer relationships with CEs to exchange VPN routing information.
- On the SPE, create a VPN instance and specify the UPE as its underlayer PE (or user-end PE). Advertise the default route of the VPN instance to the UPE to reduce the loads on the UPE.
Procedure
- Configure OSPF on the backbone network to implement IP
interworking.
# Configure the UPE.
<Huawei> system-view [Huawei] sysname UPE [UPE] interface loopback 1 [UPE-LoopBack1] ip address 1.1.1.9 32 [UPE-LoopBack1] quit [UPE] interface gigabitethernet 2/0/0 [UPE-GigabitEthernet2/0/0] ip address 172.1.1.1 24 [UPE-GigabitEthernet2/0/0] quit [UPE] ospf [UPE-ospf-1] area 0 [UPE-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [UPE-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [UPE-ospf-1-area-0.0.0.0] quit [UPE-ospf-1] quit
The configuration on the SPE and PEs is similar to the configuration on the UPE and is not mentioned here.
After the configuration is complete, OSPF neighbor relationships are set up between the UPE, SPE, and PE. Run the display ospf peer command on these devices. The command output shows that the neighbor relationships are in Full state. Run the display ip routing-table command on these devices. The command output shows that they have learned the route to the loopback interface of each other.
- Configure basic MPLS capabilities and MPLS LDP on the backbone
network to set up LDP LSPs.
# Configure the UPE.
[UPE] mpls lsr-id 1.1.1.9 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp [UPE-mpls-ldp] quit [UPE] interface gigabitethernet 2/0/0 [UPE-GigabitEthernet2/0/0] mpls [UPE-GigabitEthernet2/0/0] mpls ldp [UPE-GigabitEthernet2/0/0] quit
The configuration on the SPE and PEs is similar to the configuration on the UPE and is not mentioned here.
After the configuration is complete, LDP sessions are established between UPE and SPE, and between SPE and PE. Run the display mpls ldp session command on these devices. The command output shows that the status is Operational. Run the display mpls ldp lsp command. Information about the established LDP LSPs is displayed.
- Set up MP-IBGP peer relationships between the UPE and SPE
and between the PE and SPE.
# Configure the UPE.
[UPE] bgp 100 [UPE-bgp] peer 2.2.2.9 as-number 100 [UPE-bgp] peer 2.2.2.9 connect-interface loopback 1 [UPE-bgp] ipv4-family vpnv4 [UPE-bgp-af-vpnv4] peer 2.2.2.9 enable [UPE-bgp-af-vpnv4] quit [UPE-bgp] quit
# Configure the SPE.
[SPE] bgp 100 [SPE-bgp] peer 1.1.1.9 as-number 100 [SPE-bgp] peer 1.1.1.9 connect-interface loopback 1 [SPE-bgp] peer 3.3.3.9 as-number 100 [SPE-bgp] peer 3.3.3.9 connect-interface loopback 1 [SPE-bgp] ipv4-family vpnv4 [SPE-bgp-af-vpnv4] peer 1.1.1.9 enable [SPE-bgp-af-vpnv4] peer 3.3.3.9 enable [SPE-bgp-af-vpnv4] quit [SPE-bgp] quit
# Configure the PE.
[PE] bgp 100 [PE-bgp] peer 2.2.2.9 as-number 100 [PE-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE-bgp] ipv4-family vpnv4 [PE-bgp-af-vpnv4] peer 2.2.2.9 enable [PE-bgp-af-vpnv4] quit [PE-bgp] quit
- On the UPE and PEs, create a VPN instance and set up EBGP
peer relationships with the CEs.
# Configure the UPE.
[UPE] ip vpn-instance vpna [UPE-vpn-instance-vpna] ipv4-family [UPE-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1 [UPE-vpn-instance-vpna-af-ipv4] vpn-target 1:1 [UPE-vpn-instance-vpna-af-ipv4] quit [UPE-vpn-instance-vpna] quit [UPE] interface gigabitethernet 1/0/0 [UPE-GigabitEthernet1/0/0] ip binding vpn-instance vpna [UPE-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [UPE-GigabitEthernet1/0/0] quit [UPE] bgp 100 [UPE-bgp] ipv4-family vpn-instance vpna [UPE-bgp-vpna] peer 10.1.1.1 as-number 65410 [UPE-bgp-vpna] import-route direct [UPE-bgp-vpna] quit [UPE-bgp] quit
# Configure CE1.
<Huawei> system-view [Huawei] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0] quit [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit
# Configure the PE.
[PE] ip vpn-instance vpna [PE-vpn-instance-vpna] ipv4-family [PE-vpn-instance-vpna-af-ipv4] route-distinguisher 100:2 [PE-vpn-instance-vpna-af-ipv4] vpn-target 1:1 [PE-vpn-instance-vpna-af-ipv4] quit [PE-vpn-instance-vpna] quit [PE] interface gigabitethernet 1/0/0 [PE-GigabitEthernet1/0/0] ip binding vpn-instance vpna [PE-GigabitEthernet1/0/0] ip address 10.2.1.2 24 [PE-GigabitEthernet1/0/0] quit [PE] bgp 100 [PE-bgp] ipv4-family vpn-instance vpna [PE-bgp-vpna] peer 10.2.1.1 as-number 65420 [PE-bgp-vpna] import-route direct [PE-bgp-vpna] quit [PE-bgp] quit
# Configure CE2.
<Huawei> system-view [Huawei] sysname CE2 [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] ip address 10.2.1.1 24 [CE2-GigabitEthernet1/0/0] quit [CE2] bgp 65420 [CE2-bgp] peer 10.2.1.2 as-number 100 [CE2-bgp] import-route direct [CE2-bgp] quit
After the configuration is complete, run the display ip vpn-instance verbose command on the UPE and PEs to check the configuration of VPN instances. Run the ping -vpn-instance command on the UPE and PEs to ping the connected CEs. The ping operations succeed.
If a PE has multiple interfaces bound to the same VPN instance, you need to specify the source IP addresses by setting -a source-ip-address in the ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address command to ping the remote CE. If the source IP address is not specified, the ping operation fails.
UPE is used as an example.[UPE] display ip vpn-instance verbose Total VPN-Instances configured : 1 Total IPv4 VPN-Instances configured : 1 Total IPv6 VPN-Instances configured : 0 VPN-Instance Name and ID : vpna, 1 Interfaces : GigabitEthernet1/0/0 Address family ipv4 Create date : 2012/09/14 14:34:10 Up time : 0 days, 00 hours, 16 minutes and 01 seconds Route Distinguisher : 100:1 Export VPN Targets : 1:1 Import VPN Targets : 1:1 Label Policy : label per route Log Interval : 5 - On the SPE, create a VPN instance, specify the UPE as its
underlayer PE, and advertise the default route of the VPN instance
to the UPE.
# Configure the VPN instance.
[SPE] ip vpn-instance vpna [SPE-vpn-instance-vpna] route-distinguisher 200:1 [SPE-vpn-instance-vpna] vpn-target 1:1 [SPE-vpn-instance-vpna] quit
# Specify the UPE for the SPE.
[SPE] bgp 100 [SPE-bgp] ipv4-family vpnv4 [SPE-bgp-af-vpnv4] peer 1.1.1.9 upe
# Advertise the default route of the VPN instance to the UPE.
[SPE-bgp-af-vpnv4] peer 1.1.1.9 default-originate vpn-instance vpna [SPE-bgp-af-vpnv4] quit [SPE-bgp] quit
- Verify the configuration.
# After the configuration is complete, CE1 has no route to the network segment of the interface on CE2, but CE1 has a default route with the next hop as UPE. CE2 has a BGP route to the network segment of the interface on CE1. CE1 and CE2 can ping each other.
[CE1] display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 EBGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 10.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [CE1] ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=252 time=2 ms Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=252 time=1 ms Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=252 time=1 ms Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=252 time=1 ms Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=252 time=1 ms --- 10.2.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/2 ms [CE2] display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 EBGP 255 0 D 10.2.1.2 GigabitEthernet1/0/0 10.2.1.0/24 Direct 0 0 D 10.2.1.1 GigabitEthernet1/0/0 10.2.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 10.2.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
# Run the display bgp vpnv4 all routing-table command on the UPE. The command output shows a default route of vpna with the next hop as SPE.
[UPE] display bgp vpnv4 all routing-table BGP Local router ID is 1.1.1.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 4 Route Distinguisher: 100:1 Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.1.1.0/24 0.0.0.0 0 0 ? * 10.1.1.1 0 0 65410? *> 10.1.1.2/32 0.0.0.0 0 0 ? Route Distinguisher: 200:1 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 0.0.0.0 2.2.2.9 0 100 0 i VPN-Instance vpna, Router ID 1.1.1.9: Total Number of Routes: 4 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 0.0.0.0 2.2.2.9 0 100 0 i *> 10.1.1.0/24 0.0.0.0 0 0 ? 10.1.1.1 0 0 65410? *> 10.1.1.2/32 0.0.0.0 0 0 ?
Configuration Files
CE1 configuration file
# sysname CE1 # interface GigabitEthernet1/0/0 ip address 10.1.1.1 255.255.255.0 # bgp 65410 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable # returnUPE configuration file
# sysname UPE # ip vpn-instance vpna ipv4-family route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 # interface GigabitEthernet2/0/0 ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable # ipv4-family vpn-instance vpna peer 10.1.1.1 as-number 65410 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # return
SPE configuration file
# sysname SPE # ip vpn-instance vpna ipv4-family route-distinguisher 200:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface GigabitEthernet1/0/0 ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 ip address 172.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 3.3.3.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable peer 1.1.1.9 upe peer 1.1.1.9 default-originate vpn-instance vpna peer 3.3.3.9 enable # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 172.1.1.0 0.0.0.255 network 172.2.1.0 0.0.0.255 # return
PE configuration file
# sysname PE # ip vpn-instance vpna ipv4-family route-distinguisher 100:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpna ip address 10.2.1.2 255.255.255.0 # interface GigabitEthernet2/0/0 ip address 172.2.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable # ipv4-family vpn-instance vpna peer 10.2.1.1 as-number 65420 import-route direct # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 172.2.1.0 0.0.0.255 # return
CE2 configuration file
# sysname CE2 # interface GigabitEthernet1/0/0 ip address 10.2.1.1 255.255.255.0 # bgp 65420 peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable # return