No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring PBR to an LSP for VPN Packets

Example for Configuring PBR to an LSP for VPN Packets

Networking Requirements

As shown in Figure 7-51, the BGP/MPLS IP VPN backbone network consists of PE1, PE2, P1, and P2. CE1 and CE2 connect to the backbone network through PE1 and PE2 respectively. The path PE1->P2->PE2 is the primary LSP, and the path PE1->P1->PE2 is the backup LSP.

If the PBR is configured on PE1, packets of 10 to 1000 bytes long sent from CE1 to CE2 are forwarded through P2.

Figure 7-51  Networking diagram for configuring the PBR to an LSP for VPN packets

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure BGP/MPLS VPN according to Example for Configuring BGP/MPLS IP VPN.

  2. Configure the PBR and policy node on the PE that requires the configuration of the PBR to an LSP. Set a matching rule of IP packet length and specify an LSP for forwarding VPN instance packets that meet the matching rule in the policy-based route view.

  3. Apply the PBR to the outbound interface bound to the VPN instance on the PE.

Procedure

  1. Configure BGP/MPLS VPN.

    For the configuration procedure, refer to Example for Configuring BGP/MPLS IP VPN.

    After the configuration is complete, run the display mpls lsp command to check LSPs on PE1.

    [PE1] display mpls lsp
    ----------------------------------------------------------------------
                     LSP Information: BGP  LSP
    ----------------------------------------------------------------------
    FEC                In/Out Label  In/Out IF                      Vrf Name
    10.1.1.0/24        15360/NULL    -/-                            vpna
    ----------------------------------------------------------------------
                     LSP Information: LDP LSP
    ----------------------------------------------------------------------
    FEC                In/Out Label  In/Out IF                      Vrf Name
    2.2.2.9/32         NULL/3        -/GE1/0/0
    2.2.2.9/32         1024/3        -/GE1/0/0
    3.3.3.9/32         NULL/1024     -/GE1/0/0
    3.3.3.9/32         NULL/1024     -/GE2/0/0
    4.4.4.9/32         NULL/3        -/GE2/0/0
    4.4.4.9/32         1025/3        -/GE2/0/0
    1.1.1.9/32         3/NULL        -/-     

    The LSPs to PE2 have two outbound interfaces: GE1/0/0 and GE2/0/0.

  2. Configure the PBR to an LSP on PE1.

    [PE1] policy-based-route policy1 permit node 10
    [PE1-policy-based-route-policy1-10] if-match packet-length 10 1000
    [PE1-policy-based-route-policy1-10] apply lsp vpn vpna 10.3.1.1 3.3.3.9 172.3.1.2
    [PE1-policy-based-route-policy1-10] quit

  3. Enable the PBR on PE1.

    [PE1] ip local policy-based-route policy1
    

  4. Clear statistics on GE2/0/0 of PE1.

    [PE1] quit
    <PE1> reset counters interface GigabitEthernet 2/0/0

  5. Verify the configuration.

    # Ping CE2 from CE1 to check the forwarding path of the packets.

    [CE1] ping –c 1500 –s 950 10.3.1.1

    # Check packet statistics on the interface of PE1.

    <PE1> display interface gigabitethernet 2/0/0
    GigabitEthernet2/0/0 current state : UP                                         
    Line protocol current state : UP                                                
    Last line protocol up time : 2012-09-14 18:13:40                                
    Description:HUAWEI, AR Series, GigabitEthernet2/0/0 Interface                   
    Route Port,The Maximum Transmit Unit is 1500                                    
    Internet Address is 172.3.1.1/24                                                
    IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 80fb-0635-45b6 
    Last physical up time   : 2012-09-14 18:13:40                                   
    Last physical down time : 2012-09-14 18:13:23                                   
    Current system time: 2012-09-14 18:23:37                                        
    Port Mode: COMMON COPPER                                                        
    Speed : 1000,  Loopback: NONE                                                   
    Duplex: FULL,  Negotiation: ENABLE                                              
    Mdi   : AUTO                                                                    
    Last 300 seconds input rate 456 bits/sec, 0 packets/sec                         
    Last 300 seconds output rate 472 bits/sec, 0 packets/sec                        
    Input peak rate 18088 bits/sec,Record time: 2012-09-14 18:22:50                 
    Output peak rate 18016 bits/sec,Record time: 2012-09-14 18:22:50                
                                                                                    
    Input:  30 packets, 25402 bytes                                                 
      Unicast:                 26,  Multicast:                   4                  
      Broadcast:                0,  Jumbo:                       0                  
      Discard:                  0,  Total Error:                 0                  
                                                                                    
      CRC:                      0,  Giants:                      0                  
      Jabbers:                  0,  Throttles:                   0                  
      Runts:                    0,  Symbols:                     0                  
      Ignoreds:                 0,  Frames:                      0                  
                                                                                    
    Output:  31 packets, 25970 bytes                                                
      Unicast:                 27,  Multicast:                   4                  
      Broadcast:                0,  Jumbo:                       0                  
      Discard:                  0,  Total Error:                 0                  
                                                                                    
      Collisions:               0,  ExcessiveCollisions:         0                  
      Late Collisions:          0,  Deferreds:                   0                  
                                                                                    
        Input bandwidth utilization threshold : 100.00%                             
        Output bandwidth utilization threshold: 100.00%                             
        Input bandwidth utilization  : 0.01%                                        
        Output bandwidth utilization : 0.01%                                        
    

    # Run the display interface gigabitethernet 1/0/0 and display interface gigabitethernet 2/0/0 commands repeatedly on PE1 to check the change of packet statistics on interfaces of PE1. The command output shows that packets are forwarded along the specified LSP.

Configuration Files

  • PE1 configuration file

    #
     sysname PE1
    #
    ip vpn-instance vpna
     ipv4-family
      route-distinguisher 100:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
     mpls lsr-id 1.1.1.9
     mpls
    #
    mpls ldp
    #
    interface GigabitEthernet3/0/0
     ip binding vpn-instance vpna
     ip address 10.1.1.2 255.255.255.0
    #
    interface GigabitEthernet1/0/0
     ip address 172.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address 172.3.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 3.3.3.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 3.3.3.9 enable
     #
     ipv4-family vpn-instance vpna
      peer 10.1.1.1 as-number 65410
      import-route direct
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 172.3.1.0 0.0.0.255
      network 172.1.1.0 0.0.0.255
    #
     policy-based-route policy1 permit  node 10
      if-match packet-length  10  1000
      apply lsp vpn vpna 10.3.1.1 3.3.3.9 172.3.1.2
    #
    ip local policy-based-route policy1
    #
    return
  • P1 configuration file

    #
     sysname P1
    #
     mpls lsr-id 2.2.2.9
     mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip address 172.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address 172.2.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 172.2.1.0 0.0.0.255
      network 172.1.1.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
     sysname PE2
    #
    ip vpn-instance vpna
     ipv4-family
      route-distinguisher 100:2
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
     mpls lsr-id 3.3.3.9
     mpls
    #
    mpls ldp
    #
    interface GigabitEthernet3/0/0
     ip binding vpn-instance vpna
     ip address 10.3.1.2 255.255.255.0
    #
    interface GigabitEthernet1/0/0
     ip address 172.2.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address 172.4.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.9 enable
     #
     ipv4-family vpn-instance vpna
      peer 10.3.1.1 as-number 65430
      import-route direct
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 172.2.1.0 0.0.0.255
      network 172.4.1.0 0.0.0.255
    #
    return
  • P2 configuration file

    #
     sysname P2
    #
    mpls lsr-id 4.4.4.9
     mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip address 172.3.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address 172.4.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 4.4.4.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.9 0.0.0.0
      network 172.3.1.0 0.0.0.255
      network 172.4.1.0 0.0.0.255
    #
    return
  • CE1 configuration file

    #
     sysname CE1
    #
    interface GigabitEthernet1/0/0
     ip address 10.1.1.1 255.255.255.0
    #
    bgp 65410
     peer 10.1.1.2 as-number 100
     #
     ipv4-family unicast
      import-route direct
      undo synchronization
      peer 10.1.1.2 enable
    #
    return
  • CE2 configuration file

    #
     sysname CE2
    #
    interface GigabitEthernet1/0/0
     ip address 10.3.1.1 255.255.255.0
    #
    bgp 65430
     peer 10.3.1.2 as-number 100
     #
     ipv4-family unicast
      import-route direct
      undo synchronization
      peer 10.3.1.2 enable
    #
    return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 143466

Downloads: 361

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next