No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Martini VPLS

Example for Configuring Martini VPLS

Networking Requirements

Figure 12-14 shows a backbone network built by an enterprise. Few branch sites are distributed on the network (only two sites are shown in this example). Site1 connects to PE1 through CE1 and then connects to the backbone network. Site2 connects to PE2 through CE2 and then connects to the backbone network. Users at Site1 and Site2 need to communicate at Layer 2 and user information needs to be reserved when Layer 2 packets are transmitted over the backbone network.

Figure 12-14  Networking diagram for configuring Martini VPLS

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure transparent transmission of Layer 2 packets over the backbone network using VPLS to enable users at Site1 and Site2 to communicate at Layer 2 and reserve user information when Layer 2 packets are transmitted over the backbone network.

  2. Use Martini VPLS to implement Layer 2 communication between CEs on an enterprise network with few sites.

  3. Configure the IGP routing protocol on the backbone network to implement data transmission on the public network between PEs.

  4. Configure basic MPLS functions and LDP on the backbone network to support VPLS.

  5. Establish tunnels for transmitting data between PEs to prevent data from being known by the public network.

  6. Enable MPLS L2VPN on PEs to implement VPLS.

  7. Create VSIs on PEs, specify LDP as the signaling protocol, and bind VSIs to AC interfaces to implement Martini VPLS.

Procedure

  1. Configure IP addresses for interfaces on the CE, PE and P devices according to Figure 12-14.

    # Configure CE1. The configuration on PE1, P, PE2, and CE2 is similar to the configuration on CE1 and is not mentioned here.

    <Huawei> system-view
    [Huawei] sysname CE1
    [CE1] interface gigabitethernet 1/0/0
    [CE1-GigabitEthernet1/0/0] ip address 100.1.1.1 255.255.255.0
    [CE1-GigabitEthernet1/0/0] quit

  2. Configure the IGP protocol. OSPF is used in this example.

    When configuring OSPF, advertise the 32-bit address of the loopback interface (LSR IDs) on PE1, P and PE2.

    # Configure PE1. The configuration on P and PE2 is similar to the PE1, and is not mentioned here.

    [PE1] interface loopback 1
    [PE1-LoopBack1] ip address 1.1.1.9 255.255.255.255
    [PE1-LoopBack1] quit
    [PE1] ospf 1
    [PE1-ospf-1] area 0
    [PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
    [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] quit
    [PE1-ospf-1] quit
    

    After the configuration is complete, run the display ip routing-table command on PE1, P, and PE2. You can view the routes learned by PE1, P, and PE2 from each other.

  3. Configure basic MPLS functions and LDP.

    # Configure PE1.

    [PE1] mpls lsr-id 1.1.1.9
    [PE1] mpls
    [PE1-mpls] quit
    [PE1] mpls ldp
    [PE1-mpls-ldp] quit
    [PE1] interface gigabitethernet 2/0/0
    [PE1-GigabitEthernet2/0/0] mpls
    [PE1-GigabitEthernet2/0/0] mpls ldp
    [PE1-GigabitEthernet2/0/0] quit

    # Configure the P.

    [P] mpls lsr-id 2.2.2.9
    [P] mpls
    [P-mpls] quit
    [P] mpls ldp
    [P-mpls-ldp] quit
    [P] interface gigabitethernet 2/0/0
    [P-GigabitEthernet2/0/0] mpls
    [P-GigabitEthernet2/0/0] mpls ldp
    [P-GigabitEthernet2/0/0] quit
    [P] interface gigabitethernet 1/0/0
    [P-GigabitEthernet1/0/0] mpls
    [P-GigabitEthernet1/0/0] mpls ldp
    [P-GigabitEthernet1/0/0] quit

    # Configure PE2.

    [PE2] mpls lsr-id 3.3.3.9
    [PE2] mpls
    [PE2-mpls] quit
    [PE2] mpls ldp
    [PE2-mpls-ldp] quit
    [PE2] interface gigabitethernet 1/0/0
    [PE2-GigabitEthernet1/0/0] mpls
    [PE2-GigabitEthernet1/0/0] mpls ldp
    [PE2-GigabitEthernet1/0/0] quit

    After the configuration is complete, run the display mpls ldp session command on PE1, P and PE2. You can see that peer relationships are set up between PE1 and P, and between P and PE2. The status of the peer relationship is Operational. Run the display mpls lsp command to view the LSP status.

  4. Set up remote LDP sessions between PEs.

    # Configure PE1.

    [PE1] mpls ldp remote-peer 3.3.3.9
    [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
    [PE1-mpls-ldp-remote-3.3.3.9] quit

    # Configure PE2.

    [PE2] mpls ldp remote-peer 1.1.1.9
    [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
    [PE2-mpls-ldp-remote-1.1.1.9] quit

    After the configuration is complete, run the display mpls ldp session command on PE1 or PE2, and you can see that the status of the peer relationship between PE1 and PE2 is Operational. That is, the peer relationship is set up.

    Take the display on PE1 for example.

    [PE1] display mpls ldp session
                                                                                    
     LDP Session(s) in Public Network                                               
     Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)                  
     A '*' before a session means the session is being deleted.                     
     ------------------------------------------------------------------------------ 
     PeerID             Status      LAM  SsnRole  SsnAge      KASent/Rcv            
     ------------------------------------------------------------------------------ 
     2.2.2.9:0          Operational DU   Passive  0000:00:11  46/45                 
     3.3.3.9:0          Operational DU   Passive  0000:00:01  8/8                   
     ------------------------------------------------------------------------------ 
     TOTAL: 2 session(s) Found.                                                     
                                                                                    

  5. Enable MPLS L2VPN on PEs.

    # Configure PE1.

    [PE1] mpls l2vpn
    [PE1-l2vpn] quit

    # Configure PE2.

    [PE2] mpls l2vpn
    [PE2-l2vpn] quit

  6. Configure LDP VPLS on PEs.

    # Configure PE1.

    [PE1] vsi a2 static
    [PE1-vsi-a2] pwsignal ldp
    [PE1-vsi-a2-ldp] vsi-id 2
    [PE1-vsi-a2-ldp] peer 3.3.3.9
    [PE1-vsi-a2-ldp] quit
    [PE1-vsi-a2] quit

    # Configure PE2.

    [PE2] vsi a2 static
    [PE2-vsi-a2] pwsignal ldp
    [PE2-vsi-a2-ldp] vsi-id 2
    [PE2-vsi-a2-ldp] peer 1.1.1.9
    [PE2-vsi-a2-ldp] quit
    [PE2-vsi-a2] quit

  7. Bind the interface on the PE to the VSI.

    # Configure PE1.

    [PE1] interface gigabitethernet 1/0/0
    [PE1-GigabitEthernet1/0/0] l2 binding vsi a2
    [PE1-GigabitEthernet1/0/0] quit

    # Configure PE2.

    [PE2] interface gigabitethernet 2/0/0
    [PE2-GigabitEthernet2/0/0] l2 binding vsi a2
    [PE2-GigabitEthernet2/0/0] quit

  8. Verify the configuration.

    # After the network becomes stable, run the display vsi name a2 verbose command on PE1, and you can see that VSI a2 sets up a PW to PE2, and the status of the VSI is Up.

    [PE1] display vsi name a2 verbose
    
     ***VSI Name               : a2
        Administrator VSI      : no
        Isolate Spoken         : disable
        VSI Index              : 0
        PW Signaling           : ldp
        Member Discovery Style : static
        PW MAC Learn Style     : unqualify
        Encapsulation Type     : vlan
        MTU                    : 1500
        Diffserv Mode          : uniform
        Service Class          : --                                                 
        Color                  : --
        DomainId               : 255
        Domain Name            : 
        Ignore AcState         : disable
        P2P VSI                : disable
        Create Time            : 0 days, 0 hours, 1 minutes, 3 seconds
        VSI State              : up
    
        VSI ID                 : 2
       *Peer Router ID         : 3.3.3.9
        Negotiation-vc-id      : 2
        primary or secondary   : primary
        ignore-standby-state   : no
        VC Label               : 1024
        Peer Type              : dynamic
        Session                : up
        Tunnel ID              : 
        Broadcast Tunnel ID    : 0x0
        Broad BackupTunnel ID  : 0x0 
        CKey                   : 6
        NKey                   : 5
        Stp Enable             : 0
        PwIndex                : 0
        Control Word           : disable
        BFD for PW             : unavailable      
    
        Interface Name         : GigabitEthernet1/0/0
        State                  : up
        Access Port            : false
        Last Up Time           : 2017/07/02 17:13:47
        Total Up Time          : 0 days, 0 hours, 1 minutes, 3 seconds
    
      **PW Information:
    
       *Peer Ip Address        : 3.3.3.9
        PW State               : up
        Local VC Label         : 4096
        Remote VC Label        : 4096
        Remote Control Word    : disable
        PW Type                : label 
        Local  VCCV            : alert lsp-ping 
        Remote VCCV            : alert lsp-ping
        Tunnel ID              : 0x1a 
        Broadcast Tunnel ID    : 0x1a 
        Broad BackupTunnel ID  : 0x0 
        Ckey                   : 0x6
        Nkey                   : 0x5
        Main PW Token          : 0x1a 
        Slave PW Token         : 0x0 
        Tnl Type               : LSP 
        OutInterface           : GigabitEthernet2/0/0 
        Backup OutInterface    :  
        Stp Enable             : 0 
        PW Last Up Time        : 2017/07/02 17:14:47
        PW Total Up Time       : 0 days, 0 hours, 0 minutes, 3 seconds
    

    # CE1 and CE2 can ping each other.

    Take the display on CE1 for example.

    [CE1] ping 100.1.1.2
      PING 100.1.1.2: 56  data bytes, press CTRL_C to break
        Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
        Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms
        Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms
        Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms
        Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms
      --- 100.1.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 2/15/31 ms 

Configuration Files

  • Configuration file of CE1

    #
     sysname CE1
    #
    interface GigabitEthernet1/0/0
     ip address 100.1.1.1 255.255.255.0
    #
    return
  • Configuration file of PE1

    #
     sysname PE1
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls l2vpn
    #
    vsi a2 static 
     pwsignal ldp 
      vsi-id 2    
      peer 3.3.3.9
    #
    mpls ldp
    #
    mpls ldp remote-peer 3.3.3.9
     remote-ip 3.3.3.9
    #
    interface GigabitEthernet1/0/0
     l2 binding vsi a2
    #
    interface GigabitEthernet2/0/0
     ip address 10.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 10.1.1.0 0.0.0.255
    #
    return
  • Configuration file of P

    #
     sysname P
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip address 10.2.2.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address 10.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 10.1.1.0 0.0.0.255
      network 10.2.2.0 0.0.0.255
    #
    return
  • Configuration file of PE2

    #
     sysname PE2
    #
    mpls lsr-id 3.3.3.9
    mpls
    #
    mpls l2vpn
    #
    vsi a2 static
     pwsignal ldp
      vsi-id 2
      peer 1.1.1.9
    #
    mpls ldp
    #
    mpls ldp remote-peer 1.1.1.9
     remote-ip 1.1.1.9
    #
    interface GigabitEthernet1/0/0
     ip address 10.2.2.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     l2 binding vsi a2
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 10.2.2.0 0.0.0.255
    #
    return
  • Configuration file of CE2

    #
     sysname CE2
    #
    interface GigabitEthernet1/0/0
     ip address 100.1.1.2 255.255.255.0
    #
    return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 143726

Downloads: 361

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next