No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring L3VPN with LDP Signals Carried by DSVPN

Example for Configuring L3VPN with LDP Signals Carried by DSVPN

Networking Requirements

As shown in Figure 7-64, a large-scale enterprise has deployed a production network vpn1 and an office network vpn2 in the headquarters and branches respectively. The enterprise establishes an IP/MPLS backbone network in its headquarters, and its branches located in different areas use Spoke-PE to connect to the IP/MPLS backbone network through the Internet. In this example, the backbone network has only a Hub-P and PE1 and the enterprise has only two branches. Spoke-PE2 and Spoke-PE3 in branches dynamically obtain their public addresses. (Configurations related to dynamic address allocation is omitted in this example and public addresses are manually specified.) Because the Internet cannot provide the MPLS function for the enterprise, the production networks and office networks in branches cannot communicate with those in the headquarters.

The enterprise wants to expand the IP/MPLS backbone network, deploy BGP/MPLS IP VPN in the headquarters and branches, and use LDP LSP to transmit data from vpn1 and vpn2 to implement secure interconnection between the headquarters and branches and between branches. VPN data between branches needs to be forwarded by the headquarters so that the headquarters can monitor traffic in real-time.

Figure 7-64  Networking diagram for configuring L3VPN with LDP signals carried by DSVPN
Device Interface and IP Address Device Interface and IP Address
Spoke-PE2 PE1
Spoke-PE3 Hub-P

Configuration Roadmap

To expand the IP/MPLS backbone network and deploy BGP/MPLS IP VPN for an enterprise, you need to add the Spoke-PE devices in the branches to the IP/MPLS backbone network in the headquarters. MPLS LDP packets between the headquarters and branches need to be transmitted over GRE tunnels because the Internet cannot provide the MPLS function. As there are a large number of branches and devices in the branches dynamically obtain their public addresses, DSVPN is used to establish GRE tunnels between the headquarters and branches. As a result, L3VPN with LDP signals carried by DSVPN can meet the requirements of the enterprise.

The configuration roadmap for L3VPN with LDP signals carried by DSVPN is as follows:
  1. Configure branch devices to save only summarized routes to the headquarters, configure OSPF on Hub-P and Spoke-PEs to advertise routes, and set the OSPF network type to point-to-multipoint (P2MP), so that all VPN data between branches is forwarded by the headquarters.

  2. Enable MPLS LDP on tunnel interfaces of Spoke-PE2, Spoke-PE3, and Hub-P and set up MPLS LSP tunnels to implement LDP over mGRE.

  3. Configure L3VPN on Spoke-PE2, Spoke-PE3, and PE1 to implement secure interconnection between the headquarters and branches and between branches. Because there are a large number of branches, a route reflector can be used to reduce the number of MP-IBGP connections between PEs.

NOTE:

Do not configure NHRP redirection on the Hub because LDP over mGRE does not need to establish tunnels for direct communication between branches.

Procedure

  1. Configure interface IP addresses and OSPF on Hub-P and PE1 to implement interconnection on the IP/MPLS backbone network.

    # Configure PE1.

    <Huawei> system-view
    [Huawei] sysname PE1
    [PE1] interface gigabitethernet 1/0/0
    [PE1-GigabitEthernet1/0/0] ip address 172.1.1.1 24
    [PE1-GigabitEthernet1/0/0] quit
    [PE1] interface loopback 1
    [PE1-LoopBack1] ip address 1.1.1.9 32
    [PE1-LoopBack1] quit
    [PE1] ospf 1
    [PE1-ospf-1] area 0
    [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
    [PE1-ospf-1-area-0.0.0.0] quit
    [PE1-ospf-1] quit
    

    The configuration of Hub-P is similar to that of PE1, and is not mentioned here.

    After the configuration is complete, an OSPF neighbor relationship can be set up between Hub-P and PE1. Run the display ospf peer command. You can see that the neighbor status is Full. Run the display ip routing-table command. You can see that Hub-P and PE1 have learnt the routes to Loopback1 of each other.

  2. Configure interface IP addresses and static routes on Hub-P, Spoke-PE2, and Spoke-PE3 to ensure that public routes are reachable.

    Because Hub-P, Spoke-PE2, and Spoke-PE3 are directly connected to the Internet, IP addresses and default static routes are manually specified here.

    # Configure Spoke-PE2.

    <Huawei> system-view
    [Huawei] sysname Spoke-PE2
    [Spoke-PE2] interface gigabitethernet 1/0/0
    [Spoke-PE2-GigabitEthernet1/0/0] ip address 202.2.1.2 24
    [Spoke-PE2-GigabitEthernet1/0/0] quit
    [Spoke-PE2] interface loopback 1
    [Spoke-PE2-LoopBack1] ip address 2.2.2.9 32
    [Spoke-PE2-LoopBack1] quit
    [Spoke-PE2] ip route-static 0.0.0.0 0 202.2.1.1
    

    The configurations of Spoke-PE3 and Hub-P are similar to that of Spoke-PE2, and are not mentioned here.

    After the configuration is complete, devices can ping each other and public routes are reachable.

  3. Create tunnel interfaces and configure DSVPN on Hub-P, Spoke-PE2, and Spoke-PE3.

    1. Create an mGRE interface, configure an IP address, and specify a source tunnel interface.

      # Configure Spoke-PE2.

      [Spoke-PE2] interface tunnel 0/0/1
      [Spoke-PE2-Tunnel0/0/1] ip address 172.10.1.2 24
      [Spoke-PE2-Tunnel0/0/1] tunnel-protocol gre p2mp
      [Spoke-PE2-Tunnel0/0/1] source gigabitethernet 1/0/0
      [Spoke-PE2-Tunnel0/0/1] quit
      

      The configurations of Spoke-PE3 and Hub-P are similar to that of Spoke-PE2, and are not mentioned here.

    2. Configure OSPF to advertise the MPLS LSR ID as DSVPN subnet information through the tunnel interface.

      # Configure Spoke-PE2.

      [Spoke-PE2] ospf 1
      [Spoke-PE2-ospf-1] area 0
      [Spoke-PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
      [Spoke-PE2-ospf-1-area-0.0.0.0] network 172.10.1.0 0.0.0.255
      [Spoke-PE2-ospf-1-area-0.0.0.0] quit
      [Spoke-PE2-ospf-1] quit

      The configurations of Spoke-PE3 and Hub-P are similar to that of Spoke-PE2, and are not mentioned here.

    3. Configure NHRP and set the OSPF network type to P2MP. Do not configure NHRP redirection on the Hub-P.

      # Configure Hub-P.

      [Hub-P] interface tunnel 0/0/1
      [Hub-P-Tunnel0/0/1] nhrp entry multicast dynamic
      [Hub-P-Tunnel0/0/1] ospf network-type p2mp
      [Hub-P-Tunnel0/0/1] ospf dr-priority 100
      [Hub-P-Tunnel0/0/1] quit
      

      # Configure Spoke-PE2.

      [Spoke-PE2] interface tunnel 0/0/1
      [Spoke-PE2-Tunnel0/0/1] nhrp entry 172.10.1.1 202.1.1.2 register
      [Spoke-PE2-Tunnel0/0/1] ospf network-type p2mp
      [Spoke-PE2-Tunnel0/0/1] ospf dr-priority 0
      [Spoke-PE2-Tunnel0/0/1] quit
      

      # Configure Spoke-PE3.

      [Spoke-PE3] interface tunnel 0/0/1
      [Spoke-PE3-Tunnel0/0/1] nhrp entry 172.10.1.1 202.1.1.2 register
      [Spoke-PE3-Tunnel0/0/1] ospf network-type p2mp
      [Spoke-PE3-Tunnel0/0/1] ospf dr-priority 0
      [Spoke-PE3-Tunnel0/0/1] quit
      

    After the configuration is complete, run the display nhrp peer all command on Hub-P to view registration information about Spoke-PE2 and Spoek-PE3.

    [Hub] display nhrp peer all
    ------------------------------------------------------------------------------- 
    Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag         
    ------------------------------------------------------------------------------- 
    172.10.1.2      32    202.2.1.2       172.10.1.2      dynamic      route tunnel 
    ------------------------------------------------------------------------------- 
    Tunnel interface: Tunnel0/0/1                                                   
    Created time    : 00:02:36                                                      
    Expire time     : 01:57:24                                                      
    ------------------------------------------------------------------------------- 
    Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag         
    ------------------------------------------------------------------------------- 
    172.10.1.3      32    202.3.1.2       172.10.1.3      dynamic      route tunnel 
    ------------------------------------------------------------------------------- 
    Tunnel interface: Tunnel0/0/1                                                   
    Created time    : 00:00:04                                                      
    Expire time     : 01:59:56                                                      
                                                                                    
    Number of nhrp peers: 2                                                         

    Run the display ip routing-table command on all devices on the IP/MPLS backbone network. You can see that all devices have learnt the routes to Loopback1 of other devices.

  4. Enable basic MPLS functions and MPLS LDP on Spoke-PE2, Spoke-PE3, Hub-P, and PE1.

    # Configure PE1.

    [PE1] mpls lsr-id 1.1.1.9
    [PE1] mpls
    [PE1-mpls] quit
    [PE1] mpls ldp
    [PE1-mpls-ldp] quit

    The configurations of Spoke-PE2, Spoke-PE3 and Hub-P are similar to that of PE1, and are not mentioned here.

  5. Enable MPLS LDP on the interfaces of Spoke-PE2, Spoke-PE3, Hub-P, and PE1.

    Enable MPLS LDP on interfaces of Hub-P and PE1 that are directly connected to each other and enable MPLS LDP on tunnel interfaces of Spoke-PE2, Spoke-PE3 and Hub-P to establish MPLS LSP tunnels.

    # Configure PE1.

    [PE1] interface gigabitethernet 1/0/0
    [PE1-GigabitEthernet1/0/0] mpls
    [PE1-GigabitEthernet1/0/0] mpls ldp
    [PE1-GigabitEthernet1/0/0] quit
    

    # Configure Hub-P.

    [Hub-P] interface gigabitethernet 2/0/0
    [Hub-P-GigabitEthernet2/0/0] mpls
    [Hub-P-GigabitEthernet2/0/0] mpls ldp
    [Hub-P-GigabitEthernet2/0/0] quit
    [Hub-P] interface tunnel 0/0/1
    [Hub-P-Tunnel0/0/1] mpls
    [Hub-P-Tunnel0/0/1] mpls ldp
    [Hub-P-Tunnel0/0/1] quit

    # Configure Spoke-PE2.

    [Spoke-PE2] interface tunnel 0/0/1
    [Spoke-PE2-Tunnel0/0/1] mpls
    [Spoke-PE2-Tunnel0/0/1] mpls ldp
    [Spoke-PE2-Tunnel0/0/1] quit

    # Configure Spoke-PE3.

    [Spoke-PE3] interface tunnel 0/0/1
    [Spoke-PE3-Tunnel0/0/1] mpls
    [Spoke-PE3-Tunnel0/0/1] mpls ldp
    [Spoke-PE3-Tunnel0/0/1] quit

    After the configuration is complete, PE1, Spoke-PE2, and Spoke-PE3 can establish LDP sessions with Hub-P. Run the display mpls ldp session command. You can see that the MPLS LDP session status is Operational.

  6. Configure VPN instances on Spoke-PE2, Spoke-PE3, and PE1 and bind VPN instances to interfaces.

    # Configure PE1.

    [PE1] ip vpn-instance vpn1
    [PE1-vpn-instance-vpn1] ipv4-family
    [PE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1
    [PE1-vpn-instance-vpn1-af-ipv4] vpn-target 111:1 both
    [PE1-vpn-instance-vpn1-af-ipv4] quit
    [PE1-vpn-instance-vpn1] quit
    [PE1] ip vpn-instance vpn2
    [PE1-vpn-instance-vpn2] ipv4-family
    [PE1-vpn-instance-vpn2-af-ipv4] route-distinguisher 100:2
    [PE1-vpn-instance-vpn2-af-ipv4] vpn-target 222:2 both
    [PE1-vpn-instance-vpn2-af-ipv4] quit
    [PE1-vpn-instance-vpn2] quit
    [PE1] interface gigabitethernet 2/0/0
    [PE1-GigabitEthernet2/0/0] ip binding vpn-instance vpn1
    [PE1-GigabitEthernet2/0/0] ip address 192.168.1.1 24
    [PE1-GigabitEthernet2/0/0] quit
    [PE1] interface gigabitethernet 3/0/0
    [PE1-GigabitEthernet3/0/0] ip binding vpn-instance vpn2
    [PE1-GigabitEthernet3/0/0] ip address 192.168.2.1 24
    [PE1-GigabitEthernet3/0/0] quit

    # Configure Spoke-PE2.

    [Spoke-PE2] ip vpn-instance vpn1
    [Spoke-PE2-vpn-instance-vpn1] ipv4-family
    [Spoke-PE2-vpn-instance-vpn1-af-ipv4] route-distinguisher 200:1
    [Spoke-PE2-vpn-instance-vpn1-af-ipv4] vpn-target 111:1 both
    [Spoke-PE2-vpn-instance-vpn1-af-ipv4] quit
    [Spoke-PE2-vpn-instance-vpn1] quit
    [Spoke-PE2] ip vpn-instance vpn2
    [Spoke-PE2-vpn-instance-vpn2] ipv4-family
    [Spoke-PE2-vpn-instance-vpn2-af-ipv4] route-distinguisher 200:2
    [Spoke-PE2-vpn-instance-vpn2-af-ipv4] vpn-target 222:2 both
    [Spoke-PE2-vpn-instance-vpn2-af-ipv4] quit
    [Spoke-PE2-vpn-instance-vpn2] quit
    [Spoke-PE2] interface gigabitethernet 2/0/0
    [Spoke-PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpn1
    [Spoke-PE2-GigabitEthernet2/0/0] ip address 192.168.11.1 24
    [Spoke-PE2-GigabitEthernet2/0/0] quit
    [Spoke-PE2] interface gigabitethernet 3/0/0
    [Spoke-PE2-GigabitEthernet3/0/0] ip binding vpn-instance vpn2
    [Spoke-PE2-GigabitEthernet3/0/0] ip address 192.168.12.1 24
    [Spoke-PE2-GigabitEthernet3/0/0] quit

    # Configure Spoke-PE3.

    [Spoke-PE3] ip vpn-instance vpn1
    [Spoke-PE3-vpn-instance-vpn1] ipv4-family
    [Spoke-PE3-vpn-instance-vpn1-af-ipv4] route-distinguisher 300:1
    [Spoke-PE3-vpn-instance-vpn1-af-ipv4] vpn-target 111:1 both
    [Spoke-PE3-vpn-instance-vpn1-af-ipv4] quit
    [Spoke-PE3-vpn-instance-vpn1] quit
    [Spoke-PE3] ip vpn-instance vpn2
    [Spoke-PE3-vpn-instance-vpn2] ipv4-family
    [Spoke-PE3-vpn-instance-vpn2-af-ipv4] route-distinguisher 300:2
    [Spoke-PE3-vpn-instance-vpn2-af-ipv4] vpn-target 222:2 both
    [Spoke-PE3-vpn-instance-vpn2-af-ipv4] quit
    [Spoke-PE3-vpn-instance-vpn2] quit
    [Spoke-PE3] interface gigabitethernet 2/0/0
    [Spoke-PE3-GigabitEthernet2/0/0] ip binding vpn-instance vpn1
    [Spoke-PE3-GigabitEthernet2/0/0] ip address 192.168.21.1 24
    [Spoke-PE3-GigabitEthernet2/0/0] quit
    [Spoke-PE3] interface gigabitethernet 3/0/0
    [Spoke-PE3-GigabitEthernet3/0/0] ip binding vpn-instance vpn2
    [Spoke-PE3-GigabitEthernet3/0/0] ip address 192.168.22.1 24
    [Spoke-PE3-GigabitEthernet3/0/0] quit

    After the configuration is complete, run the display ip vpn-instance verbose command on each device to view the configuration of VPN instances.

  7. Set up MP-IBGP peer relationships between Spoke-PE2, Spoke-PE3, and PE1.

    Configure PE1 as a route reflector. Spoke-PE2 and Spoke-PE3 can set up MP-IBGP peer relationships with PE1.

    # Configure PE1.

    [PE1] bgp 100
    [PE1-bgp] group rr1 internal
    [PE1-bgp] peer rr1 connect-interface loopback 1
    [PE1-bgp] peer 2.2.2.9 group rr1
    [PE1-bgp] peer 3.3.3.9 group rr1
    [PE1-bgp] ipv4-family vpnv4
    [PE1-bgp-af-vpnv4] peer rr1 enable
    [PE1-bgp-af-vpnv4] peer 2.2.2.9 group rr1
    [PE1-bgp-af-vpnv4] peer 3.3.3.9 group rr1
    [PE1-bgp-af-vpnv4] reflector cluster-id 100
    [PE1-bgp-af-vpnv4] peer rr1 reflect-client
    [PE1-bgp-af-vpnv4] undo policy vpn-target
    [PE1-bgp-af-vpnv4] quit
    [PE1-bgp] ipv4-family vpn-instance vpn1
    [PE1-bgp-vpn1] import-route direct
    [PE1-bgp-vpn1] quit
    [PE1-bgp] ipv4-family vpn-instance vpn2
    [PE1-bgp-vpn2] import-route direct
    [PE1-bgp-vpn2] quit
    [PE1-bgp] quit

    # Configure Spoke-PE2.

    [Spoke-PE2] bgp 100
    [Spoke-PE2-bgp] peer 1.1.1.9 as-number 100
    [Spoke-PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
    [Spoke-PE2-bgp] ipv4-family vpnv4
    [Spoke-PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
    [Spoke-PE2-bgp-af-vpnv4] quit
    [Spoke-PE2-bgp] ipv4-family vpn-instance vpn1
    [Spoke-PE2-bgp-vpn1] import-route direct
    [Spoke-PE2-bgp-vpn1] quit
    [Spoke-PE2-bgp] ipv4-family vpn-instance vpn2
    [Spoke-PE2-bgp-vpn2] import-route direct
    [Spoke-PE2-bgp-vpn2] quit
    [Spoke-PE2-bgp] quit

    # Configure Spoke-PE3.

    [Spoke-PE3] bgp 100
    [Spoke-PE3-bgp] peer 1.1.1.9 as-number 100
    [Spoke-PE3-bgp] peer 1.1.1.9 connect-interface loopback 1
    [Spoke-PE3-bgp] ipv4-family vpnv4
    [Spoke-PE3-bgp-af-vpnv4] peer 1.1.1.9 enable
    [Spoke-PE3-bgp-af-vpnv4] quit
    [Spoke-PE3-bgp] ipv4-family vpn-instance vpn1
    [Spoke-PE3-bgp-vpn1] import-route direct
    [Spoke-PE3-bgp-vpn1] quit
    [Spoke-PE3-bgp] ipv4-family vpn-instance vpn2
    [Spoke-PE3-bgp-vpn2] import-route direct
    [Spoke-PE3-bgp-vpn2] quit
    [Spoke-PE3-bgp] quit

    After the configuration is complete, run the display bgp vpnv4 all peer command on Spoke-PE2, Spoke-PE3, and PE1. You can see that Spoke-PE2, Spoke-PE3, and PE1 have set up BGP peer relationships with PE1 and are in Established state.

    The display on PE1 is used as an example:
    [PE1] display bgp vpnv4 all peer
                                                                                    
     BGP local router ID : 1.1.1.9                                          
     Local AS number : 100                                                          
     Total number of peers : 2                Peers in established state : 2        
                                                                                    
      Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv
                                                                                    
      2.2.2.9         4         100        5       12     0 00:02:00 Established       2
      3.3.3.9         4         100        5       11     0 00:01:02 Established       2

  8. Verify the configuration.

    # After the configuration is complete, Spoke-PE2, Spoke-PE3, and PE1 can learn the routes to vpn1 and vpn2 of each other.

    # The display on PE1 is used as an example:

    [PE1] display ip routing-table vpn-instance vpn1
    Route Flags:
    R - relay, D - download to fib                                     
    ------------------------------------------------------------------------------  
    Routing Tables: vpn1                                                            
             Destinations : 6        Routes : 6                                     
                                                                                    
    Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface      
                                                                                    
        192.168.1.0/24  Direct  0    0           D   192.168.1.1     GigabitEthernet2/0/0  
        192.168.1.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet2/0/0  
      192.168.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet2/0/0  
       192.168.11.0/24  IBGP    255  0          RD   2.2.2.9         GigabitEthernet1/0/0  
       192.168.21.0/24  IBGP    255  0          RD   3.3.3.9         GigabitEthernet1/0/0  
    255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0    
    
    [PE1] display ip routing-table vpn-instance vpn2
    Route Flags:
    R - relay, D - download to fib                                     
    ------------------------------------------------------------------------------  
    Routing Tables: vpn2                                                            
             Destinations : 6        Routes : 6                                     
                                                                                    
    Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface      
                                                                                    
        192.168.2.0/24  Direct  0    0           D   192.168.2.1     GigabitEthernet3/0/0  
        192.168.2.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet3/0/0  
      192.168.2.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet3/0/0  
       192.168.12.0/24  IBGP    255  0          RD   2.2.2.9         GigabitEthernet1/0/0  
       192.168.22.0/24  IBGP    255  0          RD   3.3.3.9         GigabitEthernet1/0/0  
    255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0    
    

    # Devices in the same VPN can successfully ping each other, whereas devices in different VPNs cannot.

    # The display on Spoke-PE2 is used as an example:

    [Spoke-PE2] ping -vpn-instance vpn1 -a 192.168.11.1 192.168.1.1
      PING 192.168.1.1: 56  data bytes, press CTRL_C to break                       
        Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=254 time=10 ms              
        Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=254 time=1 ms               
        Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=254 time=1 ms               
        Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=254 time=1 ms               
        Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=254 time=1 ms               
                                                                                    
      --- 192.168.1.1 ping statistics ---                                           
        5 packet(s) transmitted                                                     
        5 packet(s) received                                                        
        0.00% packet loss                                                           
        round-trip min/avg/max = 1/2/10 ms                                          
                                                                                    
    [Spoke-PE2] ping -vpn-instance vpn2 -a 192.168.12.1 192.168.2.1
      PING 192.168.2.1: 56  data bytes, press CTRL_C to break                       
        Reply from 192.168.2.1: bytes=56 Sequence=1 ttl=254 time=1 ms               
        Reply from 192.168.2.1: bytes=56 Sequence=2 ttl=254 time=1 ms               
        Reply from 192.168.2.1: bytes=56 Sequence=3 ttl=254 time=10 ms              
        Reply from 192.168.2.1: bytes=56 Sequence=4 ttl=254 time=1 ms               
        Reply from 192.168.2.1: bytes=56 Sequence=5 ttl=254 time=1 ms               
                                                                                    
      --- 192.168.2.1 ping statistics ---                                           
        5 packet(s) transmitted                                                     
        5 packet(s) received                                                        
        0.00% packet loss                                                           
        round-trip min/avg/max = 1/2/10 ms                                          

Configuration Files

NOTE:

This example does not provide configuration files of devices on the Internet.

  • PE1 configuration file

    #
     sysname PE1
    #
    ip vpn-instance vpn1                                                            
     ipv4-family                                                                    
      route-distinguisher 100:1                                                     
      vpn-target 111:1 export-extcommunity                                          
      vpn-target 111:1 import-extcommunity                                          
    #                                                                               
    ip vpn-instance vpn2                                                            
     ipv4-family                                                                    
      route-distinguisher 100:2                                                     
      vpn-target 222:2 export-extcommunity                                          
      vpn-target 222:2 import-extcommunity                                          
    #                                                                               
    mpls lsr-id 1.1.1.9                                                             
    mpls                                                                            
    #                                                                               
    mpls ldp 
    #
    interface GigabitEthernet1/0/0
     ip address 172.1.1.1 255.255.255.0                                             
     mpls                                                                           
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip binding vpn-instance vpn1                                                   
     ip address 192.168.1.1 255.255.255.0
    #
    interface GigabitEthernet3/0/0
     ip binding vpn-instance vpn2                                                   
     ip address 192.168.2.1 255.255.255.0
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100                                                                         
     group rr1 internal                                                             
     peer rr1 connect-interface LoopBack1                                           
     peer 2.2.2.9 as-number 100                                                     
     peer 2.2.2.9 group rr1                                                         
     peer 3.3.3.9 as-number 100                                                     
     peer 3.3.3.9 group rr1                                                         
     #                                                                              
     ipv4-family unicast                                                            
      undo synchronization                                                          
      peer rr1 enable                                                               
      peer 2.2.2.9 enable                                                           
      peer 2.2.2.9 group rr1                                                        
      peer 3.3.3.9 enable                                                           
      peer 3.3.3.9 group rr1                                                        
     #                                                                              
     ipv4-family vpnv4                                                              
      reflector cluster-id 100                                                      
      undo policy vpn-target                                                        
      peer rr1 enable                                                               
      peer rr1 reflect-client                                                       
      peer 2.2.2.9 enable                                                           
      peer 2.2.2.9 group rr1                                                        
      peer 3.3.3.9 enable                                                           
      peer 3.3.3.9 group rr1                                                        
     #                                                                              
     ipv4-family vpn-instance vpn1                                                  
      import-route direct                                                           
     #                                                                              
     ipv4-family vpn-instance vpn2                                                  
      import-route direct                                                           
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0                                                       
      network 172.1.1.0 0.0.0.255
    #
    return
  • Hub-P configuration file

    #
     sysname Hub-P
    #
    mpls lsr-id 4.4.4.9                                                             
    mpls                                                                            
    #                                                                               
    mpls ldp                                                                        
    #
    interface GigabitEthernet1/0/0
     ip address 202.1.1.2 255.255.255.0
    #
    interface GigabitEthernet2/0/0
     ip address 172.1.1.2 255.255.255.0                                             
     mpls                                                                           
     mpls ldp
    #
    interface LoopBack1                                                             
     ip address 4.4.4.9 255.255.255.255                                             
    #                                                                               
    interface Tunnel0/0/1                                                           
     ip address 172.10.1.1 255.255.255.0                                            
     tunnel-protocol gre p2mp                                                       
     source GigabitEthernet1/0/0                                                    
     ospf network-type p2mp                                                         
     ospf dr-priority 100                                                           
     mpls                                                                           
     mpls ldp                                                                       
     nhrp entry multicast dynamic                                                   
    #                                                                               
    ospf 1                                                                          
     area 0.0.0.0                                                                   
      network 4.4.4.9 0.0.0.0                                                       
      network 172.1.1.0 0.0.0.255                                                   
      network 172.10.1.0 0.0.0.255                                                  
    #                                                                               
    ip route-static 0.0.0.0 0.0.0.0 202.1.1.1
    #
    return
  • Spoke-PE2 configuration file

    #
     sysname Spoke-PE2
    #
    ip vpn-instance vpn1                                                            
     ipv4-family                                                                    
      route-distinguisher 200:1                                                     
      vpn-target 111:1 export-extcommunity                                          
      vpn-target 111:1 import-extcommunity                                          
    #                                                                               
    ip vpn-instance vpn2                                                            
     ipv4-family                                                                    
      route-distinguisher 200:2                                                     
      vpn-target 222:2 export-extcommunity                                          
      vpn-target 222:2 import-extcommunity                                          
    #                                                                               
    mpls lsr-id 2.2.2.9                                                             
    mpls                                                                            
    #                                                                               
    mpls ldp                                                                        
    # 
    interface GigabitEthernet1/0/0
     ip address 202.2.1.2 255.255.255.0
    #
    interface GigabitEthernet2/0/0
     ip binding vpn-instance vpn1                                                   
     ip address 192.168.11.1 255.255.255.0 
    #
    interface GigabitEthernet3/0/0
     ip binding vpn-instance vpn2                                                   
     ip address 192.168.12.1 255.255.255.0
    #
    interface LoopBack1                                                             
     ip address 2.2.2.9 255.255.255.255                                             
    #                                                                               
    interface Tunnel0/0/1                                                           
     ip address 172.10.1.2 255.255.255.0                                            
     tunnel-protocol gre p2mp                                                       
     source GigabitEthernet1/0/0                                                    
     ospf network-type p2mp                                                         
     ospf dr-priority 0                                                            
     mpls                                                                           
     mpls ldp                                                                       
     nhrp entry 172.10.1.1 202.1.1.2 register                                       
    #                                                                               
    bgp 100                                                                         
     peer 1.1.1.9 as-number 100                                                     
     peer 1.1.1.9 connect-interface LoopBack1                                       
     #                                                                              
     ipv4-family unicast                                                            
      undo synchronization                                                          
      peer 1.1.1.9 enable                                                           
     #                                                                              
     ipv4-family vpnv4                                                              
      policy vpn-target                                                             
      peer 1.1.1.9 enable                                                           
     #                                                                              
     ipv4-family vpn-instance vpn1                                                  
      import-route direct                                                           
     #                                                                              
     ipv4-family vpn-instance vpn2                                                  
      import-route direct                                                           
    #                                                                               
    ospf 1                                                                          
     area 0.0.0.0                                                                   
      network 2.2.2.9 0.0.0.0                                                       
      network 172.10.1.0 0.0.0.255                                                  
    #                                                                               
    ip route-static 0.0.0.0 0.0.0.0 202.2.1.1
    #
    return
  • Spoke-PE3 configuration file

    #
     sysname Spoke-PE3
    #
    ip vpn-instance vpn1                                                            
     ipv4-family                                                                    
      route-distinguisher 300:1                                                     
      vpn-target 111:1 export-extcommunity                                          
      vpn-target 111:1 import-extcommunity                                          
    #                                                                               
    ip vpn-instance vpn2                                                            
     ipv4-family                                                                    
      route-distinguisher 300:2                                                     
      vpn-target 222:2 export-extcommunity                                          
      vpn-target 222:2 import-extcommunity                                          
    #                                                                               
    mpls lsr-id 3.3.3.9                                                             
    mpls                                                                            
    #                                                                               
    mpls ldp                                                                        
    #
    interface GigabitEthernet1/0/0
     ip address 202.3.1.2 255.255.255.0
    #
    interface GigabitEthernet2/0/0
     ip binding vpn-instance vpn1                                                   
     ip address 192.168.21.1 255.255.255.0
    #
    interface GigabitEthernet3/0/0
     ip binding vpn-instance vpn2                                                   
     ip address 192.168.22.1 255.255.255.0 
    #
    interface LoopBack1                                                             
     ip address 3.3.3.9 255.255.255.255                                             
    #                                                                               
    interface Tunnel0/0/1                                                           
     ip address 172.10.1.3 255.255.255.0                                            
     tunnel-protocol gre p2mp                                                       
     source GigabitEthernet1/0/0                                                   
     ospf network-type p2mp                                                         
     ospf dr-priority 0                                                            
     mpls                                                                           
     mpls ldp                                                                       
     nhrp entry 172.10.1.1 202.1.1.2 register                                       
    #                                                                               
    bgp 100                                                                         
     peer 1.1.1.9 as-number 100                                                     
     peer 1.1.1.9 connect-interface LoopBack1                                       
     #                                                                              
     ipv4-family unicast                                                            
      undo synchronization                                                          
      peer 1.1.1.9 enable                                                           
     #                                                                              
     ipv4-family vpnv4                                                              
      policy vpn-target                                                             
      peer 1.1.1.9 enable                                                           
     #                                                                              
     ipv4-family vpn-instance vpn1                                                  
      import-route direct                                                           
     #                                                                              
     ipv4-family vpn-instance vpn2                                                  
      import-route direct                                                           
    #                                                                               
    ospf 1                                                                          
     area 0.0.0.0                                                                   
      network 3.3.3.9 0.0.0.0                                                       
      network 172.10.1.0 0.0.0.255                                                  
    #                                                                               
    ip route-static 0.0.0.0 0.0.0.0 202.3.1.1 
    #
    return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 152381

Downloads: 369

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next