No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring PBR to an LSP for VPN Packets

Configuring PBR to an LSP for VPN Packets

Policy-based routing (PBR) to an LSP enables the device to forward VPN packets through LSPs on the MPLS backbone network through PBR, without the need to search the forwarding table of the VPN instance.

Context

The AR supports PBR to an LSP for VPN packets, which can be used for VPN data forwarding.

If VPN packets do not match the PBR rules, they are forwarded according to common VPN data forwarding process. If VPN packets match the PBR rules, they are forwarded through the specified LSP.

NOTE:

PBR to an LSP for VPN packets requires two or more LSPs. If PBR to an LSP for VPN packets are used together with LDP FRR, the LSPs must work in active/standby mode. In other situations, the LSPs can work in active/standby mode or load balancing mode.

Perform the following configuration on the ingress PE device.

Pre-configuration Tasks

Before configuring PBR to an LSP for VPN packets, complete the following tasks:

  • Configuring an ACL to filter packets if you want to filter packets based on IP addresses

  • Configuring at least two LSPs from the ingress PE device to the egress PE device

  • Configuring LDP FRR if necessary

Procedure

  1. Configure PBR to an LSP for VPN packets.
    1. Run system-view

      The system view is displayed.

    2. Run policy-based-route policy-name { deny | permit } node node-id

      A routing policy or a policy node is created.

    3. Run if-match acl acl-number

      An if-match clause is configured to match the IP addresses of packets.

      Or run if-match packet-length min-length max-length

      An if-match clause is configured to match the lengths of IP packets.

    4. Run apply lsp vpn vpn-instance-name ce-address [ pe-address [ p-address | interface-type interface-number | secondary ] ]

      PBR to an LSP are configured for VPN packets.

    5. (Optional) Run ip policy-based-route refresh-time [ refreshtime-value ]

      The interval at which local PBR updates LSPs is configured.

      By default, the interval at which local PBR updates LSPs is 5000 ms.

  2. Apply PBR.

    Enable PBR in the system (local PBR).

    1. Run system-view

      The system view is displayed.

    2. Run ip local policy-based-route policy-name

      Local PBR is enabled.

      Local PBR takes effect only to locally originated packets and only one local PBR rule can be configured.

Verifying the Configuration

After completing the configuration of PBR to an LSP, run the tracert lsp [ -a source-ip | -exp exp-value | -h ttl-value | -r reply-mode | -t time-out ] * { ip destination-address mask-length [ ip-address ] [ nexthop nexthop-address | draft6 ] | te tunnel interface-number [ hot-standby ] [ draft6 ] } command to check the VPN packet transmission path. The command output shows that VPN packets are transmitted through the specified LSP.

NOTE:

Before running the tracert lsp command on a CE device to check the packet forwarding path, run the ttl propagate vpn command on the ingress and egress PE devices directly connected to the CE device to enable MPLS IP TTL replication.

Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 154174

Downloads: 372

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next