No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring VPN GR

Example for Configuring VPN GR

Networking Requirements

NOTE:

Only the AR3260 can be used in this scenario.

As shown in Figure 7-59, CE1 and CE2 belong to the same VPN. PE1, P, PE2 on the backbone network belong to the same AS and use the IS-IS protocol to exchange routing information. CE1 connects to PE1, and CE2 connects to PE2. BGP runs between CE1 and PE1, and OSPF runs between CE2 and PE2.

Figure 7-59  VPN GR networking

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure basic BGP/MPLS IP VPN functions.

  2. Configure IGP GR, BGP GR, and LDP GR on the backbone network. Configure GR for the routing protocols running between the PE and CE devices to ensure uninterrupted VPN traffic forwarding when an active/standby switchover occurs on any of the CE, PE, and P devices.

Procedure

  1. Configure IP addresses for the interfaces on the backbone network.

    # Configure PE1.

    <Huawei> system-view
    [Huawei] sysname PE1
    [PE1] interface loopback 1
    [PE1-LoopBack1] ip address 1.1.1.9 32
    [PE1-LoopBack1] quit
    [PE1] interface gigabitethernet 2/0/0
    [PE1-GigabitEthernet2/0/0] ip address 100.1.1.1 30
    [PE1-GigabitEthernet2/0/0] quit

    The configurations of PE2 and P are similar to the configuration of PE1, and are not mentioned here.

  2. Configure basic BGP/MPLS IP VPN functions on the backbone network.

    Configure IS-IS as the IGP on the backbone network, enable LDP on PE1 and PE2, and set up an MP-IBGP peer relationship between PE1 and PE2.

    # Configure PE1.

    [PE1] mpls lsr-id 1.1.1.9
    [PE1] mpls
    [PE1-mpls] quit
    [PE1] mpls ldp
    [PE1-mpls-ldp] quit
    [PE1] isis 1
    [PE1-isis-1] network-entity 10.0000.0000.0001.00
    [PE1-isis-1] quit
    [PE1] interface loopback 1
    [PE1-LoopBack1] isis enable 1
    [PE1-LoopBack1] quit
    [PE1] interface gigabitethernet 2/0/0
    [PE1-GigabitEthernet2/0/0] ip address 100.1.1.1 30
    [PE1-GigabitEthernet2/0/0] isis enable 1
    [PE1-GigabitEthernet2/0/0] mpls
    [PE1-GigabitEthernet2/0/0] mpls ldp
    [PE1-GigabitEthernet2/0/0] quit
    [PE1] bgp 100
    [PE1-bgp] peer 3.3.3.9 as-number 100
    [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
    [PE1-bgp] ipv4-family vpnv4
    [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
    [PE1-bgp-af-vpnv4] quit
    [PE1-bgp] quit

    # Configure P.

    [P] mpls lsr-id 2.2.2.9
    [P] mpls
    [P-mpls] quit
    [P] mpls ldp
    [P-mpls-ldp] quit
    [P] isis 1
    [P-isis-1] network-entity 10.0000.0000.0002.00
    [P-isis-1] quit
    [P] interface loopback 1
    [P-LoopBack1] isis enable 1
    [P-LoopBack1] quit
    [P] interface gigabitethernet 1/0/0
    [P-GigabitEthernet1/0/0] isis enable 1
    [P-GigabitEthernet1/0/0] mpls
    [P-GigabitEthernet1/0/0] mpls ldp
    [P-GigabitEthernet1/0/0] quit
    [P] interface gigabitethernet 2/0/0
    [P-GigabitEthernet2/0/0] isis enable 1
    [P-GigabitEthernet2/0/0] mpls
    [P-GigabitEthernet2/0/0] mpls ldp
    [P-GigabitEthernet2/0/0] quit

    # Configure PE2.

    [PE2] mpls lsr-id 3.3.3.9
    [PE2] mpls
    [PE2-mpls] quit
    [PE2] mpls ldp
    [PE2-mpls-ldp] quit
    [PE2] isis 1
    [PE2-isis-1] network-entity 10.0000.0000.0003.00
    [PE2-isis-1] quit
    [PE2] interface loopback 1
    [PE2-LoopBack1] isis enable 1
    [PE2-LoopBack1] quit
    [PE2] interface gigabitethernet 1/0/0
    [PE2-GigabitEthernet1/0/0] isis enable 1
    [PE2-GigabitEthernet1/0/0] mpls
    [PE2-GigabitEthernet1/0/0] mpls ldp
    [PE2-GigabitEthernet1/0/0] quit
    [PE2] bgp 100
    [PE2-bgp] peer 1.1.1.9 as-number 100
    [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
    [PE2-bgp] ipv4-family vpnv4
    [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
    [PE2-bgp-af-vpnv4] quit
    [PE2-bgp] quit

    After the configuration is complete, run the display isis peer command on PE1 or PE2. You can see that the IS-IS neighbor relationship is in Up state. Run the display bgp vpnv4 all peer command, and you can see that the BGP peer relationship has been set up and is in Established state. Run the display mpls ldp session command, and you can see that an LDP session has been set up and the session status is Operational.

  3. Configure a VPN instance on the PE devices and bind the instance to the interfaces connected to the CE devices.

    Configure VPN instance vpn1 on PE1 and bind it to the interface connected to CE1. Configure VPN instance vpn1 on PE2 and bind it to the interface connected to CE2. Set up an EBGP peer relationship between CE1 and PE1. Set up an OSPF neighbor relationship between CE2 and PE2.

    # Configure CE1.

    [CE1] interface gigabitethernet 1/0/0
    [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 30
    [CE1-GigabitEthernet1/0/0] quit
    [CE1] bgp 65410
    [CE1-bgp] peer 10.1.1.2 as-number 100
    [CE1-bgp] import-route direct
    [CE1-bgp] quit

    # Configure PE1.

    [PE1] ip vpn-instance vpn1
    [PE1-vpn-instance-vpn1] ipv4-family
    [PE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1
    [PE1-vpn-instance-vpn1-af-ipv4] vpn-target 111:1
    [PE1-vpn-instance-vpn1-af-ipv4] quit
    [PE1-vpn-instance-vpn1] quit
    [PE1] interface gigabitethernet 1/0/0
    [PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpn1
    [PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 30
    [PE1-GigabitEthernet1/0/0] quit
    [PE1] bgp 100
    [PE1-bgp] ipv4-family vpn-instance vpn1
    [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410
    [PE1-bgp-vpn1] quit
    [PE1-bgp] quit

    # Configure PE2.

    [PE2] ip vpn-instance vpn1
    [PE2-vpn-instance-vpn1] ipv4-family
    [PE2-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:2
    [PE2-vpn-instance-vpn1-af-ipv4] vpn-target 111:1
    [PE2-vpn-instance-vpn1-af-ipv4] quit
    [PE2-vpn-instance-vpn1] quit
    [PE2] interface gigabitethernet 2/0/0
    [PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpn1
    [PE2-GigabitEthernet2/0/0] ip address 10.2.1.2 30
    [PE2-GigabitEthernet2/0/0] quit
    [PE2] ospf 2 vpn-instance vpn1
    [PE2-ospf-2] area 0
    [PE2-ospf-2-area-0.0.0.0] network 10.2.1.0 0.0.0.3
    [PE2-ospf-2-area-0.0.0.0] quit
    [PE2-ospf-2] import-route bgp
    [PE2-ospf-2] quit
    [PE2] bgp 100
    [PE2-bgp] ipv4-family vpn-instance vpn1
    [PE2-bgp-vpn1] import-route ospf 2
    [PE2-bgp-vpn1] quit
    [PE2-bgp] quit

    # Configure CE2.

    [CE2] interface gigabitethernet 1/0/0
    [CE2-GigabitEthernet1/0/0] ip address 10.2.1.1 30
    [CE2-GigabitEthernet1/0/0] quit
    [CE2] ospf 2
    [CE2-ospf-2] area 0
    [CE2-ospf-2-area-0.0.0.0] network 10.2.1.0 0.0.0.3
    [CE2-ospf-2-area-0.0.0.0] quit
    [CE2-ospf-2] import-route direct
    [CE2-ospf-2] quit

    The basic BGP/MPLS IP VPN configuration is complete, and CE1 and CE2 can communicate with each other.

  4. Configure IGP GR on the backbone network.

    Configure IGP GR on PE1, P, and PE2.

    # Configure PE1.

    [PE1] isis 1
    [PE1-isis-1] graceful-restart
    [PE1-isis-1] quit

    # Configure P.

    [P] isis 1
    [P-isis-1] graceful-restart
    [P-isis-1] quit

    # Configure PE2.

    [PE2] isis 1
    [PE2-isis-1] graceful-restart
    [PE2-isis-1] quit

    Run the display isis graceful-restart status command on PE1, P, and PE2. The command output shows that IS-IS GR has been configured successfully.

    The display on PE1 is used as an example:

    [PE1] display isis graceful-restart status
                                                                                   
                            Restart information for ISIS(1)                         
                            -------------------------------                         
                                                                                    
    IS-IS(1) Level-1 Restart Status                                                 
    Restart Interval: 300                                                           
    SA Bit Supported                                                                
      Total Number of Interfaces = 2                                                
      Restart Status: RESTART COMPLETE                                              
                                                                                    
    IS-IS(1) Level-2 Restart Status                                                 
    Restart Interval: 300                                                           
    SA Bit Supported                                                                
      Total Number of Interfaces = 2                                                
      Restart Status: RESTART COMPLETE                                              

  5. Configure MPLS LDP GR on the backbone network.

    Configure MPLS LDP GR on PE1, P, and PE2.

    # Configure PE1.

    [PE1] mpls ldp
    [PE1-mpls-ldp] graceful-restart
    [PE1-mpls-ldp] quit

    # Configure P.

    [P] mpls ldp
    [P-mpls-ldp] graceful-restart
    [P-mpls-ldp] quit

    # Configure PE2.

    [PE2] mpls ldp
    [PE2-mpls-ldp] graceful-restart
    [PE2-mpls-ldp] quit

  6. Configure GR for the routing protocols running between the PE and CE devices.

    Configure BGP GR on PE1 and CE1. Configure OSPF GR on PE2 and CE2.

    # Configure PE1.

    [PE1] bgp 100
    [PE1-bgp] graceful-restart
    [PE1-bgp] quit

    # Configure CE1.

    [CE1] bgp 65410
    [CE1-bgp] graceful-restart
    [CE1-bgp] quit

    # Configure PE2.

    [PE2] ospf 2 vpn-instance vpn1
    [PE2-ospf-2] opaque-capability enable
    [PE2-ospf-2] graceful-restart
    [PE2-ospf-2] quit

    # Configure CE2.

    [CE2] ospf 2
    [CE2-ospf-2] opaque-capability enable
    [CE2-ospf-2] graceful-restart
    [CE2-ospf-2] quit

    Run the display ospf brief command on PE2 or CE2. The command output shows that OSPF GR has been configured successfully.

    The display on PE2 is used as an example:

    [PE2] display ospf brief
                                                                                   
             OSPF Process 2 with Router ID 10.2.1.2                                 
                     OSPF Protocol Information                                      
                                                                                    
     RouterID: 10.2.1.2         Border Router:  AREA  AS                            
     ECA-route-type: 0x0306                                                         
     Route Tag: 3489661028                                                          
     PE Router, Multi-VPN-Instance is enabled                                       
     Opaque Capable                                                                 
     Global DS-TE Mode: Non-Standard IETF Mode                                      
     Graceful-restart capability: planned and un-planned, totally                   
     Helper support capability  : enabled                                           
            filter capability   : disabled                                          
            policy capability   : strict lsa check, planned and un-planned          
     Applications Supported: MPLS Traffic-Engineering                               
     Spf-schedule-interval: max 10000ms, start 500ms, hold 1000ms                   
     Default ASE parameters: Metric: 1 Tag: 1 Type: 2                               
     Route Preference: 10                                                           
     ASE Route Preference: 150                                                      
     SPF Computation Count: 17                                                      
     RFC 1583 Compatible                                                            
     Retransmission limitation is disabled                                          
     Area Count: 1   Nssa Area Count: 0                                             
     ExChange/Loading Neighbors: 0                                                  
     Process total up interface count: 1                                            
     Process valid up interface count: 1                                            
                                                                                    
     Area: 0.0.0.0          (MPLS TE not enabled)                                   
     Authtype: None   Area flag: Normal                                             
     SPF scheduled Count: 17                                                        
     ExChange/Loading Neighbors: 0                                                  
     Router ID conflict state: Normal                                               
     Area interface up count: 1                                                     
                                                                                    
     Interface: 10.2.1.2 (GigabitEthernet2/0/0)                                     
     Cost: 1       State: DR        Type: Broadcast    MTU: 1500                    
     Priority: 1                                                                    
     Designated Router: 10.2.1.2                                                    
     Backup Designated Router: 10.2.1.1                                             
     Timers: Hello 10 , Dead 40 , Poll  120 , Retransmit 5 , Transmit Delay 1       

  7. Configure BGP GR on the PE devices.

    BGP GR has been configured in step 6, so you only need to configure BGP GR on PE2 in this step.

    # Configure PE2.

    [PE2] bgp 100
    [PE2-bgp] graceful-restart
    [PE2-bgp] quit

    Run the display bgp vpnv4 all peer verbose command on PE1. The command output shows that IBGP GR has taken effect between PE1 and PE2, and EBGP GR has taken effect between PE1 and CE1.

    [PE1] display bgp vpnv4 all peer verbose
                                                                                    
            BGP Peer is 3.3.3.9,  remote AS 100                                     
            Type: IBGP link                                                         
            BGP version 4, Remote router ID 3.3.3.9                         
            Update-group ID: 1                                                      
            BGP current state: Established, Up for 00h01m04s                        
            BGP current event: RecvKeepalive                                        
            BGP last state: OpenConfirm                                             
            BGP Peer Up count: 3                                                    
            Received total routes: 3                                                
            Received active routes total: 3                                         
            Received mac routes: 0
            Advertised total routes: 2                                              
            Port:  Local - 179      Remote - 56400                                  
            Configured: Connect-retry Time: 32 sec                                  
            Configured: Min Hold Time: 0 sec                                        
            Configured: Active Hold Time: 180 sec   Keepalive Time:60 sec           
            Received  : Active Hold Time: 180 sec                                   
            Negotiated: Active Hold Time: 180 sec   Keepalive Time:60 sec           
            Peer optional capabilities:                                             
            Peer supports bgp multi-protocol extension                              
            Peer supports bgp route refresh capability                              
            Peer supports bgp 4-byte-as capability                                  
            Graceful Restart Capability: advertised and received                    
                Restart Timer Value received from Peer: 150 seconds                 
                Address families preserved for peer in GR:                          
                    IPv4 Unicast (was preserved)                                    
                    VPNv4 (was preserved)                                           
            Address family IPv4 Unicast: advertised and received                    
            Address family VPNv4: advertised and received                           
     Received: Total 7 messages                                                     
                     Update messages                4                               
                     Open messages                  1                               
                     KeepAlive messages             2                               
                     Notification messages          0                               
                     Refresh messages               0                               
     Sent: Total 8 messages                                                         
                     Update messages                3                               
                     Open messages                  2                               
                     KeepAlive messages             3                               
                     Notification messages          0                               
                     Refresh messages               0                               
     Authentication type configured: None                                           
     Last keepalive received: 2013/09/15 19:43:15                                   
     Last keepalive sent    : 2013/09/15 19:43:15                                   
     Last update    received: 2013/09/15 19:42:15                                   
     Last update    sent    : 2013/09/15 19:42:15                                   
     Minimum route advertisement interval is 0 seconds                              
     Optional capabilities:                                                         
     Route refresh capability has been enabled                                      
     4-byte-as capability has been enabled                                          
     Connect-interface has been configured                                          
     Peer Preferred Value: 0                                                        
     Routing policy configured:                                                     
     No routing policy is configured                                                
                                                                                    
             IPv4-family for VPN instance:   vpn1                                   
                                                                                    
            BGP Peer is 10.1.1.1,  remote AS 65410                                  
            Type: EBGP link                                                         
            BGP version 4, Remote router ID 10.1.1.1                        
            Update-group ID: 1                                                      
            BGP current state: Established, Up for 00h05m43s                        
            BGP current event: KATimerExpired                                       
            BGP last state: OpenConfirm                                             
            BGP Peer Up count: 2                                                    
            Received total routes: 2                                                
            Received active routes total: 0                                         
            Received mac routes: 0
            Advertised total routes: 3                                              
            Port:  Local - 179      Remote - 49695                                  
            Configured: Connect-retry Time: 32 sec                                  
            Configured: Min Hold Time: 0 sec                                        
            Configured: Active Hold Time: 180 sec   Keepalive Time:60 sec           
            Received  : Active Hold Time: 180 sec                                   
            Negotiated: Active Hold Time: 180 sec   Keepalive Time:60 sec           
            Peer optional capabilities:                                             
            Peer supports bgp multi-protocol extension                              
            Peer supports bgp route refresh capability                              
            Peer supports bgp 4-byte-as capability                                  
            Graceful Restart Capability: advertised and received                    
                Restart Timer Value received from Peer: 150 seconds                 
                Address families preserved for peer in GR:                          
                    IPv4 Unicast (was preserved)                                    
            Address family IPv4 Unicast: advertised and received                    
     Received: Total 10 messages                                                    
                     Update messages                3                               
                     Open messages                  1                               
                     KeepAlive messages             6                               
                     Notification messages          0                               
                     Refresh messages               0                               
     Sent: Total 15 messages                                                        
                     Update messages                6                               
                     Open messages                  2                               
                     KeepAlive messages             7                               
                     Notification messages          0                               
                     Refresh messages               0                               
     Authentication type configured: None                                           
     Last keepalive received: 2013/09/15 19:42:37                                   
     Last keepalive sent    : 2013/09/15 19:42:37                                   
     Last update    received: 2013/09/15 19:37:37                                   
     Last update    sent    : 2013/09/15 19:42:15                                   
     Minimum route advertisement interval is 30 seconds                             
     Optional capabilities:                                                         
     Route refresh capability has been enabled                                      
     4-byte-as capability has been enabled                                          
     Peer Preferred Value: 0                                                        
     Routing policy configured:                                                     
     No routing policy is configured

  8. Verify the configuration.

    # Run the display switchover state command on PE1 to check the status of the slave SRU. The following information is displayed:

    [PE1] display switchover state
    Slot 15 HA FSM State(master): realtime or routine backup.
    Slot 14 HA FSM State(slave): receiving realtime or routine data.

    # Perform an active/standby switchover on PE1.

    [PE1] slave switchover
    Are you sure to switch over? (y/n)[n]:y

    # Communication between the site connected to CE1 and the site connected to CE2 is not interrupted.

    NOTE:

    Communication between the sites may be interrupted when two or more neighboring devices among CE1, PE1, PE2, and CE2 perform an active/standby switchover at the same time.

Configuration Files

  • PE1 configuration file

    #
    sysname PE1
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 100:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls ldp
     graceful-restart
    #
    isis 1
     graceful-restart
     network-entity 10.0000.0000.0001.00
    #
    interface GigabitEthernet1/0/0
     ip binding vpn-instance vpn1
     ip address 10.1.1.2 255.255.255.252
    #
    interface GigabitEthernet2/0/0
     ip address 100.1.1.1 255.255.255.252
     isis enable 1
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
     isis enable 1
    #
    bgp 100
     graceful-restart
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 3.3.3.9 enable
     #
     ipv4-family vpn-instance vpn1
      peer 10.1.1.1 as-number 65410
    #
    return
  • P configuration file

    #
    sysname P
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls ldp
     graceful-restart
    #
    isis 1
     graceful-restart
     network-entity 10.0000.0000.0002.00
    #
    interface GigabitEthernet1/0/0
     ip address 100.1.1.2 255.255.255.252
     isis enable 1
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address 100.2.1.1 255.255.255.252
     isis enable 1
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
     isis enable 1
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 100:2
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    mpls lsr-id 3.3.3.9
    mpls
    #
    mpls ldp
     graceful-restart
    #
    isis 1
     graceful-restart
     network-entity 10.0000.0000.0003.00
    #
    interface GigabitEthernet1/0/0
     ip address 100.2.1.2 255.255.255.252
     isis enable 1
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip binding vpn-instance vpn1
     ip address 10.2.1.2 255.255.255.252
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
     isis enable 1
    #
    bgp 100
     graceful-restart
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.9 enable
     #
     ipv4-family vpn-instance vpn1
      import-route ospf 2
    #
    ospf 2 vpn-instance vpn1
     import-route bgp
     opaque-capability enable
     graceful-restart
     area 0.0.0.0
      network 10.2.1.0 0.0.0.3
    #
    return
  • CE1 configuration file

    #
    sysname CE1
    #
    interface GigabitEthernet1/0/0
     ip address 10.1.1.1 255.255.255.252
    #
    bgp 65410
     graceful-restart
     peer 10.1.1.2 as-number 100
     #                                                                              
     ipv4-family unicast                                                            
      undo synchronization                                                          
      import-route direct                                                           
      peer 10.1.1.2 enable                                                          
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    interface GigabitEthernet1/0/0
     ip address 10.2.1.1 255.255.255.252
    #
    ospf 2
     import-route direct
     opaque-capability enable
     graceful-restart
     area 0.0.0.0 
      network 10.2.1.0 0.0.0.3
    #
    return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 141933

Downloads: 357

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next