No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Inter-AS VPN Option C (Solution 2)

Configuring Inter-AS VPN Option C (Solution 2)

If virtual private network (VPN) routes need to be established over a Multiprotocol Label Switching (MPLS) backbone network spanning multiple autonomous areas (ASs), inter-AS VPN is required. If each AS needs to exchange a large number of VPN routes, inter-AS VPN-Option C is a good choice to prevent the autonomous area border routers (ASBRs) from becoming bottlenecks that impede network expansion.

Pre-configuration Tasks

Before configuring inter-AS VPN Option C, complete the following tasks:

  • Configuring an Interior Gateway Protocol (IGP) for the MPLS backbone network of each AS to ensure IP connectivity on the backbone network within each AS
  • Configuring the basic MPLS functions and MPLS Label Distribution Protocol (LDP) or Resource Reservation Protocol-Traffic Engineering (RSVP-TE) for the MPLS backbone network of each AS
  • In each AS, configuring VPN instances on the PE devices connected to CE devices and associating the VPN instances with PE interfaces connected to CE devices
  • Configuring route exchange between the PE and CE devices in each AS

For details about the configurations, see Configuring Basic BGP/MPLS IP VPN Functions.

Context

The following solutions can be used to implement inter-AS VPN-Option C:

  • Solution 1: After learning the labeled BGP routes of the public network in the remote AS from the remote ASBR, the local ASBR allocates labels for these routes, and advertises these routes to the IBGP peer that supports the label switching capability. In this manner, a complete LSP is set up.
  • Solution 2: The IBGP peer relationship between the PE and ASBR is not needed. In this solution, an ASBR learns the labeled public BGP routes of the remote AS from the peer ASBR. Then these labeled public BGP routes are imported to an IGP to trigger the establishment of an LDP LSP. In this manner, a complete LDP LSP can be established between the two PEs.

If an ASBR is ready to access a large number of PEs, solution 2 is recommended for its easy configuration.

NOTE:

In inter-AS VPN Option C mode, do not enable LDP between ASBRs. If LDP is enabled on the interfaces between ASBRs, LDP sessions are then established between the ASBRs. When a lot of BGP routes exist, many LDP labels are occupied.

Configuration Procedure

All the following tasks are mandatory. Perform these tasks in this sequence to complete inter-AS VPN Option C configuration.

When VPN services need to be transmitted over TE tunnels or when multiple tunnels need to perform load balancing to fully use network resources, you also need to complete the task of Configuring Tunnel Policies.

Establishing the EBGP Peer Relationship Between ASBRs

Context

An EBGP peer relationship is established between ASBRs to advertise routes destined for the loopback interfaces on PEs.

Perform the following steps on ASBRs.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The view of the interface that connects the remote ASBR is displayed.

  3. Run ip address ip-address { mask | mask-length }

    The IP address is configured.

  4. Run quit

    Return to the system view.

  5. Run bgp { as-number-plain | as-number-dot }

    The BGP view is displayed.

  6. Run peer ipv4-address as-number as-number

    The remote ASBR is configured as the EBGP peer.

  7. (Optional) Run peer { ipv4-address | group-name } ebgp-max-hop [ hop-count ]

    The maximum number of hops is configured for the EBGP connection.

    Generally, one or multiple directly connected physical links exist between EBGP peers. If the directly connected physical link(s) are not available, run the peer ebgp-max-hop command to ensure that the TCP connection can be set up between the EBGP peers through multiple hops.

Advertising the Routes of the PE in the Local AS to the Remote PE

Context

After the routes of the loopback interface on a PE in an AS are advertised to the remote PE in another AS, the MP-EBGP peer relationship is established between PEs.

Procedure

  • The loopback address of the PE in the local AS is advertised to the remote ASBR.

    Perform the following steps on the local ASBR:

    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run network ip-address [ mask | mask-length ]

      The loopback address of the PE in the local AS is advertised to the remote ASBR.

  • The BGP routes are imported to IGP.

    Perform the following steps on the peer ASBR:

    1. Run system-view

      The system view is displayed.

    2. Run ospf process-id

      The OSPF view is displayed.

    3. Run import-route bgp [ cost cost ] [ route-policy route-policy-name ]

      The BGP routes are imported to IGP.

Enabling the Capability of Exchanging Labeled IPv4 Routes

Context

To establish an inter-AS BGP LSP, you must enable ASBRs to exchange labeled IPv4 routes.

Perform the following steps on ASBRs.

Procedure

  • Creating a routing policy.
    1. Run system-view

      The system view is displayed.

    2. Run route-policy route-policy-name permit node node

      The routing policy applied to advertise routes to the remote ASBR is configured.

    3. Run apply mpls-label

      Labels for IPv4 routes are distributed.

    4. Run quit

      Return to the system view.

  • Applying a Routing Policy
    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run peer ipv4-address route-policy route-policy-name export

      The routing policy applied to advertise routes to the remote ASBR is configured.

    4. Run quit

      Return to the system view.

  • Enabling the function of labeled IPv4 route exchange.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The view of the interface connecting the remote ASBR is displayed.

    3. Run mpls

      The MPLS function is enabled.

    4. Run quit

      Return to the system view.

    5. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

Establishing an LDP LSP for the Labeled BGP Routes of the Public Network

Context

By enabling LDP on ASBRs to allocate labels for BGP routes, you can establish LDP LSPs for labeled BGP routes of the public network that are filtered in the IP prefix list.

Perform the following steps on ASBRs.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run mpls

    The MPLS view is displayed.

  3. Run lsp-trigger bgp-label-route [ ip-prefix ip-prefix-name ]

    An LDP LSP is established for the labeled BGP routes of the public network that is filtered by the IP prefix list.

Establishing the MP-EBGP Peer Relationship Between PEs

Prerequisites

By introducing extended community attributes into BGP, MP-IBGP can advertise VPNv4 routes between PEs. PEs of different ASs are generally not directly connected. To set up an EBGP connection between the PEs of different ASs, you must configure the permitted maximum number of hops between PEs.

Perform the following steps on PEs.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run bgp { as-number-plain | as-number-dot }

    The BGP view is displayed.

  3. Run peer ipv4-address as-number as-number

    The remote PE is specified as the EBGP peer.

  4. Run peer ipv4-address connect-interface interface-type interface-number ipv4-source-address

    The source interface that sends BGP packets is specified.

  5. Run peer ipv4-address ebgp-max-hop [ hop-count ]

    The maximum number of hops permitted to establish the EBGP peer is specified.

  6. (Optional) Run peer { group-name | ipv4-address } mpls-local-ifnet disable

    The ability to establish an MPLS local IFNET tunnel between PEs is disabled.

    In the Option C scenario, PEs establish an MP-EBGP peer relationship. Therefore, an MPLS local IFNET tunnel between PEs is established over the MP-EBGP peer relationship. The MPLS local IFNET tunnel fails to transmit traffic because PEs are indirectly connected.

    If a fault occurs on the BGP LSP between PEs, traffic is iterated to the MPLS local IFNET tunnel, not an FRR bypass tunnel. As the MPLS local IFNET tunnel cannot forward traffic, traffic is interrupted. To prevent the traffic interruption, run this command to disable the establishment of an MPLS local IFNET tunnel between PEs.

  7. Run ipv4-family vpnv4

    The BGP VPNv4 sub-address family view is displayed.

  8. Run peer ipv4-address enable

    The VPNv4 route exchange capability with the remote PE is enabled.

Verifying the Inter-AS VPN Option C Configuration (Solution 2)

Prerequisites

The configurations of the Inter-AS VPN Option C (Solution 2) function are complete.

Procedure

  • Run the display bgp vpnv4 all peer command to check information about the specified VPNv4 peer on a PE. You can find that the EBGP peer relationship between PEs is established.
  • Run the display bgp vpnv4 all routing-table command to check information about the VPN-IPv4 routing table on a PE or an ASBR. You can find that BGP VPNv4 routes and BGP VPN instance routes are on the PE, rather than on the ASBR.
  • Run the display bgp routing-table label command to check information about the labels of IPv4 routes on an ASBR.
  • Run the display ip routing-table vpn-instance vpn-instance-name command to check the VPN routing table on a PE device. You can find that the VPN routing table of the PE has the VPN routes to the CE related to the specified VPN instance.
  • Run the display mpls route-state [ { exclude | include } { idle | ready | settingup } * | destination-address mask-length ] [ verbose ] command to check the matching relationship between routes and the LSP on an ASBR. You can find the routes with the type as L, that is, the labeled BGP routes of the public network.
  • Run the display ip routing-table command to check information about the routing table on an ASBR. You can find that the routes to the remote PE are labeled BGP routes of the public network: The routing table is "Public", the protocol type is "BGP", and the label has a non-zero value.
  • Run the display mpls lsp [ vpn-instance vpn-instance-name ] [ protocol ldp ] [ { exclude | include } ip-address mask-length ] [ outgoing-interface interface-type interface-number ] [ in-label in-label-value ] [ out-label out-label-value ] [ lsr-role { egress | ingress | transit } ] [ verbose ] command to check whether an LDP LSP is established on an ASBR. You can find that an LDP LSP is established between the ASBR and the remote PE. Besides, the LDP ingress LSP to the remote PE can be found on the local PE.
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 153602

Downloads: 372

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next