No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Communication Between Local VPNs

Example for Configuring Communication Between Local VPNs

Networking Requirements

As shown in Figure 7-44, company A and company B realize communication between their respective headquarters and branches through BGP/MPLS IP VPN. The network deployment is as follows:
  • CE1 connects to the headquarters of company A, and CE3 connects to the branches of company A. CE1 and CE3 belong to vpna.
  • CE2 connects to the headquarters of company B, and CE4 connects to the branches of company B. CE2 and CE4 belong to vpnb.

Headquarters of company A and headquarters of company B need to communicate with each other for business.

Figure 7-44  Networking diagram for configuring communication between local VPNs

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure VPN instances on PE1 and configure different VPN targets for the instances to isolate VPNs.

  2. On PE1, bind the VPN instances to the interfaces connected to CEs to provide access for VPN users.

  3. Import direct routes to the local CEs into the VPN routing table on PE1. On each CE connected to PE1, configure a static route to the other local CE to enable the CEs to communicate with each other.

Procedure

  1. # Assign IP addresses to interfaces on CEs according to Figure 7-44.

    # Configure CE1. The configuration on CE2 is similar to the configuration on CE1 and is not mentioned here.

    <Huawei> system-view
    [Huawei] sysname CE1
    [CE1] interface gigabitethernet 1/0/0
    [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24
    [CE1-GigabitEthernet1/0/0] quit
    

  2. Configure VPN instances on PEs and bind the instances to the interfaces connected to CEs.

    # Configure PE1.

    <Huawei> system-view
    [Huawei] sysname PE1
    [PE1] ip vpn-instance vpna
    [PE1-vpn-instance-vpna] ipv4-family
    [PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
    [PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 export-extcommunity
    [PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 222:2 import-extcommunity
    [PE1-vpn-instance-vpna-af-ipv4] quit
    [PE1-vpn-instance-vpna] quit
    [PE1] ip vpn-instance vpnb
    [PE1-vpn-instance-vpnb] ipv4-family
    [PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2
    [PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 export-extcommunity
    [PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 111:1 import-extcommunity
    [PE1-vpn-instance-vpnb-af-ipv4] quit
    [PE1-vpn-instance-vpnb] quit
    [PE1] interface gigabitethernet 1/0/0
    [PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna
    [PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 24
    [PE1-GigabitEthernet1/0/0] quit
    [PE1] interface gigabitethernet 2/0/0
    [PE1-GigabitEthernet2/0/0] ip binding vpn-instance vpnb
    [PE1-GigabitEthernet2/0/0] ip address 10.2.1.2 24
    [PE1-GigabitEthernet2/0/0] quit
    

    Each PE can ping its connected CE. The information displayed on PE1 and CE1 is used as an example.

    [PE1] ping -vpn-instance vpna 10.1.1.1
      PING 10.1.1.1: 56  data bytes, press CTRL_C to break
        Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=5 ms
        Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=3 ms
        Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=3 ms
        Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=3 ms
        Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=16 ms
    
      --- 10.1.1.1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 3/6/16 ms  

  3. Configure BGP and import the direct routes to local CEs to the VPN routing table.

    # Configure PE1.

    [PE1] bgp 100
    [PE1-bgp] ipv4-family vpn-instance vpna
    [PE1–bgp-vpna] import-route direct
    [PE1–bgp-vpna] quit
    [PE1-bgp] ipv4-family vpn-instance vpnb
    [PE1–bgp-vpnb] import-route direct
    [PE1–bgp-vpnb] quit
    [PE1–bgp] quit
    

  4. Configure static routes on the CEs.

    # Configure CE1.

    [CE1] ip route-static 10.2.1.0 24 10.1.1.2
    

    # Configure CE2.

    [CE2] ip route-static 10.1.1.0 24 10.2.1.2
    

  5. Verify the configuration.

    # After the configuration is complete, run the display ip routing-table vpn-instance vpna command on PE1. The command output shows that the VPNs have imported routes of each other. The VPN instance vpna is used as an example.

    [PE1] display ip routing-table vpn-instance vpna
    Route Flags:
    R - relay, D - download to fib
    ------------------------------------------------------------------------------
    Routing Tables: vpna
             Destinations : 6        Routes : 6
    
    Destination/Mask    Proto  Pre  Cost       Flags NextHop         Interface
    
           10.1.1.0/24  Direct 0    0            D   10.1.1.2        GigabitEthernet1/0/0
           10.1.1.2/32  Direct 0    0            D   127.0.0.1       GigabitEthernet1/0/0
         10.1.1.255/32  Direct 0    0            D   127.0.0.1       GigabitEthernet1/0/0
           10.2.1.0/24  BGP    255  0            D   10.2.1.2        GigabitEthernet2/0/0
           10.2.1.2/32  BGP    255  0            D   127.0.0.1       InLoopBack0
    255.255.255.255/32  Direct 0    0            D   127.0.0.1       InLoopBack0    

    # CE1 and CE2 can ping each other.

    [CE1] ping 10.2.1.1
      PING 10.2.1.1: 56  data bytes, press CTRL_C to break
        Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms
        Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms
        Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms
        Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=253 time=50 ms
        Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms
      --- 10.2.1.1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 34/48/72 ms  

Configuration Files

  • PE1 configuration file

    #
     sysname PE1
    #
    ip vpn-instance vpna
     ipv4-family
      route-distinguisher 100:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 222:2 import-extcommunity
    #
    ip vpn-instance vpnb
     ipv4-family 
      route-distinguisher 100:2
      vpn-target 222:2 export-extcommunity
      vpn-target 222:2 111:1 import-extcommunity
    #
    interface GigabitEthernet1/0/0
     ip binding vpn-instance vpna
     ip address 10.1.1.2 255.255.255.0
    # 
    interface GigabitEthernet2/0/0
     ip binding vpn-instance vpnb
     ip address 10.2.1.2 255.255.255.0
    #
    bgp 100
     #
     ipv4-family unicast
      undo synchronization
     #
     ipv4-family vpn-instance vpna
      import-route direct
     #
     ipv4-family vpn-instance vpnb
      import-route direct
    #
    return
  • PE2 configuration file

    #
     sysname PE2
    #
    ip vpn-instance vpna
     ipv4-family
      route-distinguisher 100:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 222:2 import-extcommunity
    #
    ip vpn-instance vpnb
     ipv4-family 
      route-distinguisher 100:2
      vpn-target 222:2 export-extcommunity
      vpn-target 222:2 111:1 import-extcommunity
    #
    interface GigabitEthernet1/0/0
     ip binding vpn-instance vpna
     ip address 10.3.1.2 255.255.255.0
    # 
    interface GigabitEthernet2/0/0
     ip binding vpn-instance vpnb
     ip address 10.4.1.2 255.255.255.0
    #
    bgp 100
     #
     ipv4-family unicast
      undo synchronization
     #
     ipv4-family vpn-instance vpna
      import-route direct
     #
     ipv4-family vpn-instance vpnb
      import-route direct
    #
    return
  • CE1 configuration file

    #
     sysname CE1
    #
    interface GigabitEthernet1/0/0
     ip address 10.1.1.1 255.255.255.0
    #
    ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
    #
    return
  • CE2 configuration file

    #
     sysname CE2
    #
    interface GigabitEthernet1/0/0
     ip address 10.2.1.1 255.255.255.0
    #
    ip route-static 10.1.1.0 255.255.255.0 10.2.1.2
    #
    return
  • CE3 configuration file

    #
     sysname CE3
    #
    interface GigabitEthernet1/0/0
     ip address 10.3.1.1 255.255.255.0
    #
    ip route-static 10.4.1.0 255.255.255.0 10.3.1.2
    #
    return
  • CE4 configuration file

    #
     sysname CE4
    #
    interface GigabitEthernet1/0/0
     ip address 10.4.1.1 255.255.255.0
    #
    ip route-static 10.3.1.0 255.255.255.0 10.4.1.2
    #
    return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 142445

Downloads: 359

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next