No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a VLL Connection in Martini Mode

Example for Configuring a VLL Connection in Martini Mode

Networking Requirements

As shown in Figure 10-21, the MPLS network of an ISP provides the L2VPN service for users. Many users connect to the MPLS network through PE1 and PE2, and users on the PEs change frequently. A proper VPN solution is required to provide secure VPN services for users and to simplify configuration when new users connect to the network.

A Martini VLL connection can be set up between CE1 and CE2 to meet these requirements.

Figure 10-21  Martini VLL

Configuration Roadmap

Because users on the PEs change frequently, manual configuration is inefficient and may cause configuration errors. In this scenario, the two PEs can set up a remote LDP connection and use the LDP protocol to synchronize user information (VC IDs). This implementation is the Martini mode.

The configuration roadmap is as follows:

  1. Configure an IGP on the PE and P devices on the backbone network to ensure reachability between them, and enable MPLS.

  2. This example uses the default tunnel policy to set up an LSP tunnel. The LSP tunnel is used as a dedicated tunnel to transmit data of private networks on the public network.

  3. Set up a remote LDP session between the PEs to exchange VC labels between the PEs.

  4. Enable MPLS L2VPN and create VC connections on the PEs. Enabling MPLS L2VPN is the prerequisite for VLL configuration.

Procedure

  1. Configure IP addresses for interfaces on the CE, PE and P devices according to Figure 10-21.

    # Configure CE1. The configuration on PE1, P, PE2, and CE2 is similar to the configuration on CE1 and is not mentioned here.

    <Huawei> system-view
    [Huawei] sysname CE1
    [CE1] interface gigabitethernet 1/0/0
    [CE1-GigabitEthernet1/0/0] ip address 100.1.1.1 255.255.255.0
    [CE1-GigabitEthernet1/0/0] quit

  2. Configure IGP on the MPLS backbone network. (In this example, OSPF is used.)

    When configuring OSPF, advertise the 32-bit addresses of loopback interfaces on PEs and P. The loopback interface addresses are the LSR IDs.

    # Configure PE1. The configuration on P and PE2 is similar to the configuration on PE1 and is not mentioned here.

    [PE1] ospf 1
    [PE1-ospf-1] area 0
    [PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
    [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] quit
    [PE1-ospf-1] quit
    

  3. Configure the basic MPLS capabilities and MPLS LDP on the MPLS network.

    # Configure PE1.

    [PE1] mpls lsr-id 1.1.1.9
    [PE1] mpls
    [PE1-mpls] quit
    [PE1] mpls ldp
    [PE1-mpls-ldp] quit
    [PE1] interface gigabitethernet 2/0/0
    [PE1-GigabitEthernet2/0/0] mpls
    [PE1-GigabitEthernet2/0/0] mpls ldp
    [PE1-GigabitEthernet2/0/0] quit

    # Configure the P.

    [P] mpls lsr-id 2.2.2.9
    [P] mpls
    [P-mpls] quit
    [P] mpls ldp
    [P-mpls-ldp] quit
    [P] interface gigabitethernet 2/0/0
    [P-GigabitEthernet2/0/0] mpls
    [P-GigabitEthernet2/0/0] mpls ldp
    [P-GigabitEthernet2/0/0] quit
    [P] interface gigabitethernet 1/0/0
    [P-GigabitEthernet1/0/0] mpls
    [P-GigabitEthernet1/0/0] mpls ldp
    [P-GigabitEthernet1/0/0] quit

    # Configure PE2.

    [PE2] mpls lsr-id 3.3.3.9
    [PE2] mpls
    [PE2-mpls] quit
    [PE2] mpls ldp
    [PE2-mpls-ldp] quit
    [PE2] interface gigabitethernet 1/0/0
    [PE2-GigabitEthernet1/0/0] mpls
    [PE2-GigabitEthernet1/0/0] mpls ldp
    [PE2-GigabitEthernet1/0/0] quit

  4. Set up a remote LDP session between PEs.

    # Configure PE1.

    [PE1] mpls ldp remote-peer 3.3.3.9
    [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
    [PE1-mpls-ldp-remote-3.3.3.9] quit

    # Configure PE2.

    [PE2] mpls ldp remote-peer 1.1.1.9
    [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
    [PE2-mpls-ldp-remote-1.1.1.9] quit

    After the configuration, run the display mpls ldp session command on PE1 to view the establishment of the LDP session. You can find that an LDP session is set up between PE1 and PE2.

    Take the display on PE1 for example.

    [PE1] display mpls ldp session
                                                                                    
     LDP Session(s) in Public Network                                               
     Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)                  
     A '*' before a session means the session is being deleted.                     
     ------------------------------------------------------------------------------ 
     PeerID             Status      LAM  SsnRole  SsnAge      KASent/Rcv            
     ------------------------------------------------------------------------------ 
     2.2.2.9:0          Operational DU   Passive  0000:00:11  46/45                 
     3.3.3.9:0          Operational DU   Passive  0000:00:01  8/8                   
     ------------------------------------------------------------------------------ 
     TOTAL: 2 session(s) Found.                                                     
                                                                                    

  5. Enable MPLS L2VPN and create VCs on the PEs.

    # Configure PE1: Create a VC on GE1/0/0, which is connected to CE1.

    [PE1] mpls l2vpn
    [PE1-l2vpn] quit
    [PE1] interface gigabitethernet 1/0/0
    [PE1-GigabitEthernet1/0/0] mpls l2vc 3.3.3.9 101
    [PE1-GigabitEthernet1/0/0] quit

    # Configure PE2: Create a VC on GE2/0/0, which is connected to CE2.

    [PE2] mpls l2vpn
    [PE2-l2vpn] quit
    [PE2] interface gigabitethernet 2/0/0
    [PE2-GigabitEthernet2/0/0] mpls l2vc 1.1.1.9 101
    [PE2-GigabitEthernet2/0/0] quit

  6. Verify the configuration.

    # View the L2VPN connection information on the PEs, and you can see that an L2VC is set up and is in Up state.

    # Take the display on PE1 for example.

    [PE1] display mpls l2vc interface gigabitethernet 1/0/0
     *client interface       : GigabitEthernet1/0/0 is up                                  
      Administrator PW       : no                                                   
      session state          : up                                                   
      AC status              : up                                                   
      Ignore AC state        : disable
      VC state               : up                                                   
      Label state            : 0                                                    
      Token state            : 0                                                    
      VC ID                  : 101                                                  
      VC type                : Ethernet                                             
      destination            : 3.3.3.9                                              
      local group ID         : 0            remote group ID      : 0                
      local VC label         : 1024         remote VC label      : 1024             
      local AC OAM State     : up                                                   
      local PSN OAM State    : up                                                   
      local forwarding state : forwarding                                           
      local status code      : 0x0                                                  
      remote AC OAM state    : up                                                   
      remote PSN OAM state   : up                                                   
      remote forwarding state: forwarding                                           
      remote status code     : 0x0                                                  
      ignore standby state   : no                                                   
      BFD for PW             : unavailable                                          
      VCCV State             : up                                                   
      manual fault           : not set                                              
      active state           : active                                               
      forwarding entry       : exist                                                
      link state             : up                                                   
      local VC MTU           : 1500         remote VC MTU        : 1500             
      local VCCV             : alert ttl lsp-ping bfd                               
      remote VCCV            : alert ttl lsp-ping bfd                               
      local control word     : disable      remote control word  : disable          
      tunnel policy name     : --                                                   
      PW template name       : --                                                   
      primary or secondary   : primary                                              
      load balance type      : flow                                                 
      Access-port            : false                                                
      Switchover Flag        : false                                                
      VC tunnel/token info   : 1 tunnels/tokens                                     
        NO.0  TNL type       : lsp   , TNL ID : 0x5                                 
        Backup TNL type      : lsp   , TNL ID : 0x0                                 
      create time            : 0 days, 0 hours, 27 minutes, 15 seconds              
      up time                : 0 days, 0 hours, 2 minutes, 22 seconds               
      last change time       : 0 days, 0 hours, 2 minutes, 22 seconds               
      VC last up time        : 2011/09/26 15:29:03                                  
      VC total up time       : 0 days, 0 hours, 2 minutes, 22 seconds               
      CKey                   : 5                                                    
      NKey                   : 4                                                    
      PW redundancy mode     : frr                                                  
      AdminPw interface      : --                                                   
      AdminPw link state     : --                                                   
      Diffserv Mode          : uniform                                              
      Service Class          : --                                                   
      Color                  : --                                                   
      DomainId               : --                                                   
      Domain Name            : --                                                   
                                                                                    

    # CE1 and CE2 can ping each other.

    # Take the display on CE1 for example.

    [CE1] ping 100.1.1.2
      PING 100.1.1.2: 56  data bytes, press CTRL_C to break
        Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
        Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms
        Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms
        Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms
        Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms
      --- 100.1.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 2/15/31 ms 

Configuration Files

  • Configuration file of CE1

    #
     sysname CE1
    #
    interface GigabitEthernet1/0/0
     ip address 100.1.1.1 255.255.255.0
    #
    return
  • Configuration file of PE1

    #
     sysname PE1
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls l2vpn
    #
    mpls ldp
    #
    mpls ldp remote-peer 3.3.3.9
     remote-ip 3.3.3.9
    #
    interface GigabitEthernet1/0/0
     mpls l2vc 3.3.3.9 101
    #
    interface GigabitEthernet2/0/0
     ip address 10.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 10.1.1.0 0.0.0.255
    #
    return
  • Configuration file of P

    #
     sysname P
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip address 10.2.2.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address 10.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 10.1.1.0 0.0.0.255
      network 10.2.2.0 0.0.0.255
    #
    return
  • Configuration file of PE2

    #
     sysname PE2
    #
    mpls lsr-id 3.3.3.9
    mpls
    #
    mpls l2vpn
    #
    mpls ldp
    #
    mpls ldp remote-peer 1.1.1.9
     remote-ip 1.1.1.9
    #
    interface GigabitEthernet1/0/0
     ip address 10.2.2.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     mpls l2vc 1.1.1.9 101
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 10.2.2.0 0.0.0.255
    #
    return
  • Configuration file of CE2

    #
     sysname CE2
    #
    interface GigabitEthernet1/0/0
     ip address 100.1.1.2 255.255.255.0
    #
    return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 154113

Downloads: 372

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next