No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Dynamic Single-Segment PW

Example for Configuring a Dynamic Single-Segment PW

Networking Requirements

As shown in Figure 11-12, the MPLS network of an ISP provides the L2VPN service for users. Many users connect to the MPLS network through PE1 and PE2, and users on the PEs change frequently. A proper VPN solution is required to provide secure VPN services for users, save network resources, and simplify configuration when new users connect to the network.

Figure 11-12  Networking diagram for configuring a dynamic single-segment PW (using an LSP tunnel)

Configuration Roadmap

Because users on the two PEs change frequently, manual configuration is inefficient and may cause configuration errors. In this scenario, the two PEs can set up a remote LDP session and use the LDP protocol to synchronize user information through a dynamic PW. Compared with Martini, PWE3 reduces the signaling cost and defines the multi-segment negotiation mode, making networking more flexible. PWE3 is recommended if network resources need to be saved.

The configuration roadmap is as follows:

  1. Configure an IGP protocol on the backbone network so that backbone network devices can communicate.

  2. Configure basic MPLS functions and establish LSP tunnels on the backbone network. Then establish the remote MPLS LDP peer relationship between the PEs at both ends of the PW.

  3. Create MPLS L2VC connections on the PEs.

Procedure

  1. Configure an IP address for each interface on the CEs, PEs, and the P according to Figure 11-12.

    # Configure CE1. The configuration on PE1, P, PE2, and CE2 is similar to the configuration on CE1 and is not mentioned here.

    <Huawei> system-view
    [Huawei] sysname CE1
    [CE1] interface gigabitethernet 1/0/0
    [CE1-GigabitEthernet1/0/0] ip address 10.3.1.1 255.255.255.0
    [CE1-GigabitEthernet1/0/0] quit

  2. Configure an IGP protocol and Loopback address on the MPLS backbone network.

    # Configure PE1. The configuration on P and PE2 is similar to the configuration on PE1 and is not mentioned here.

    [PE1] interface loopback 0
    [PE1-LoopBack0] ip address 10.10.1.1 255.255.255.255
    [PE1-LoopBack0] quit
    [PE1] ospf 1
    [PE1-ospf-1] area 0
    [PE1-ospf-1-area-0.0.0.0] network 10.10.1.1 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
    [PE1-ospf-1-area-0.0.0.0] quit
    [PE1-ospf-1] quit

    After the configuration is complete, run the display ip routing-table command. The command out shows that PE1 and PE2 have learnt the routes to each other's Loopback0 interface through OSPF, and that PE1 and PE2 can ping each other.

  3. Enable MPLS, and set up tunnels and remote LDP sessions.

    Enable MPLS on the MPLS backbone network, and set up an LSP tunnel and remote LDP sessions between the PEs.

    # Configure PE1.

    [PE1] mpls
    [PE1-mpls] mpls ldp
    [PE1-mpls-ldp] quit
    [PE1] interface gigabitethernet 2/0/0
    [PE1-GigabitEthernet2/0/0] ip address 10.1.1.1 255.255.255.0
    [PE1-GigabitEthernet2/0/0] mpls
    [PE1-GigabitEthernet2/0/0] mpls ldp
    [PE1-GigabitEthernet2/0/0] quit
    [PE1] mpls ldp remote-peer 10.10.3.1
    [PE1-mpls-ldp-remote-10.10.3.1] remote-ip 10.10.3.1
    [PE1-mpls-ldp-remote-10.10.3.1] quit
    

    # Configure P.

    [P] mpls
    [P-mpls] mpls ldp
    [P-mpls-ldp] quit
    [P] interface gigabitethernet 1/0/0
    [P-GigabitEthernet1/0/0] ip address 10.1.1.2 255.255.255.0
    [P-GigabitEthernet1/0/0] mpls
    [P-GigabitEthernet1/0/0] mpls ldp
    [P-GigabitEthernet1/0/0] quit
    [P] interface gigabitethernet 2/0/0
    [P-GigabitEthernet2/0/0] ip address 10.2.2.1 255.255.255.0
    [P-GigabitEthernet2/0/0] mpls
    [P-GigabitEthernet2/0/0] mpls ldp
    [P-GigabitEthernet2/0/0] quit
    

    # Configure PE2.

    [PE2] mpls
    [PE2-mpls] mpls ldp
    [PE2-mpls-ldp] quit
    [PE2] interface gigabitethernet 2/0/0
    [PE2-GigabitEthernet2/0/0] ip address 10.2.2.2 255.255.255.0
    [PE2-GigabitEthernet2/0/0] mpls
    [PE2-GigabitEthernet2/0/0] mpls ldp
    [PE2-GigabitEthernet2/0/0] quit
    [PE2] mpls ldp remote-peer 10.10.1.1
    [PE2-mpls-ldp-remote-10.10.1.1] remote-ip 10.10.1.1
    [PE2-mpls-ldp-remote-10.10.1.1] quit
    

    After the configuration is complete, run the display mpls ldp session command on the devices. The command output shows that LDP sessions are established between the PEs and between the P and PEs, and the session status is Operational.

  4. Create VCs.

    Enable MPLS L2VPN on PE1 and PE2, and create a VC on each PE.

    # Configure PE1.

    [PE1] mpls l2vpn
    [PE1-l2vpn] quit
    [PE1] interface gigabitethernet 1/0/0
    [PE1-GigabitEthernet1/0/0] mpls l2vc 10.10.3.1 100
    [PE1-GigabitEthernet1/0/0] quit

    # Configure PE2.

    [PE2] mpls l2vpn
    [PE2-l2vpn] quit
    [PE2] interface gigabitethernet 1/0/0
    [PE2-GigabitEthernet1/0/0] mpls l2vc 10.10.1.1 100
    [PE2-GigabitEthernet1/0/0] quit

  5. Verify the configuration.

    # Run the following command on the PEs to check the L2VPN connections. The command output shows that an L2VC connection is set up and is in Up state.

    # The display on PE1 is used as an example.

    [PE1] display mpls l2vc interface gigabitethernet 1/0/0
     *client interface       : GigabitEthernet1/0/0 is up
      Administrator PW       : no 
      session state          : up
      AC status              : up
      Ignore AC state        : disable
      VC state               : up
      Label state            : 0
      Token state            : 0
      VC ID                  : 100
      VC type                : Ethernet                                           
      destination            : 10.10.3.1                                          
      local group ID         : 0            remote group ID      : 0              
      local VC label         : 1031         remote VC label      : 1030           
      local AC OAM State     : up                                                
      local PSN OAM State    : up                                                
      local forwarding state : forwarding                                        
      local status code      : 0x0                                               
      remote AC OAM state    : up                                                
      remote PSN OAM state   : up                                                
      remote forwarding state: forwarding                                        
      remote status code     : 0x0                                               
      ignore standby state   : no                                                
      BFD for PW             : unavailable                                       
      VCCV State             : up                                                
      manual fault           : not set                                           
      active state           : active                                            
      forwarding entry       : exist                                             
      link state             : up                                               
      local VC MTU           : 1500         remote VC MTU        : 1500         
      local VCCV             : alert ttl lsp-ping bfd                            
      remote VCCV            : alert ttl lsp-ping bfd                           
      local control word     : disable      remote control word  : disable      
      tunnel policy name     : --                                               
      PW template name       : --                                               
      primary or secondary   : primary                                          
      load balance type      : flow                                             
      Access-port            : false                                            
      Switchover Flag        : false                                            
      VC tunnel/token info   : 1 tunnels/tokens                                  
        NO.0  TNL type       : lsp   , TNL ID : 0x8                              
        Backup TNL type      : lsp   , TNL ID : 0x0                              
      create time            : 0 days, 13 hours, 41 minutes, 24 seconds           
      up time                : 0 days, 0 hours, 46 minutes, 55 seconds            
      last change time       : 0 days, 0 hours, 46 minutes, 55 seconds            
      VC last up time        : 2013/12/02 00:16:31                                
      VC total up time       : 0 days, 0 hours, 46 minutes, 55 seconds            
      CKey                   : 8                                                  
      NKey                   : 7                                                  
      PW redundancy mode     : frr                                                
      AdminPw interface      : --                                                 
      AdminPw link state     : --                                                 
      Diffserv Mode          : uniform                                            
      Service Class          : --                                                 
      Color                  : --                                                 
      DomainId               : --                                                 
      Domain Name            : --  

    # CE1 and CE2 can ping each other.

    # The display on CE1 is used as an example.

    [CE1] ping 10.3.1.2
      PING 10.3.1.2: 56  data bytes, press CTRL_C to break
        Reply from 10.3.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
        Reply from 10.3.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms
        Reply from 10.3.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms
        Reply from 10.3.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms
        Reply from 10.3.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms
      --- 10.3.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 2/15/31 ms 

Configuration Files

  • Configuration file of CE1

    #
    sysname CE1
    #
    interface GigabitEthernet1/0/0
     ip address 10.3.1.1 255.255.255.0
    #
    return
  • Configuration file of PE1

    #
    sysname PE1
    #
    mpls lsr-id 10.10.1.1
    mpls
    #
    mpls l2vpn
    #
    mpls ldp
    #
    mpls ldp remote-peer 10.10.3.1
     remote-ip 10.10.3.1 
    #
    interface GigabitEthernet1/0/0
     mpls l2vc 10.10.3.1 100 
    #
    interface GigabitEthernet2/0/0
     ip address 10.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack0
     ip address 10.10.1.1 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 10.10.1.1 0.0.0.0
      network 10.1.1.0 0.0.0.255
    #
    return
  • Configuration file of the P

    #
    sysname P
    #
    mpls lsr-id 10.10.2.1
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip address 10.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address 10.2.2.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack0
     ip address 10.10.2.1 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 10.10.2.1 0.0.0.0
      network 10.1.1.0 0.0.0.255
      network 10.2.2.0 0.0.0.255
    #
    return
  • Configuration file of PE2

    #
    sysname PE2
    #
    mpls lsr-id 10.10.3.1
    mpls
    #
    mpls l2vpn
    #
    mpls ldp
    #
    mpls ldp remote-peer 10.10.1.1
     remote-ip 10.10.1.1
    #
    interface GigabitEthernet1/0/0
     mpls l2vc 10.10.1.1 100 
    #
    interface GigabitEthernet2/0/0
     ip address 10.2.2.2 255.255.255.0 
     mpls
     mpls ldp
    #
    interface LoopBack0
     ip address 10.10.3.1 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 10.10.3.1 0.0.0.0
      network 10.2.2.0 0.0.0.255
    #
    return
  • Configuration file of CE2

    #
    sysname CE2
    #
    interface GigabitEthernet1/0/0
     ip address 10.3.1.2 255.255.255.0
    #
    return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 152445

Downloads: 369

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next