No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Static Multi-Segment PW

Example for Configuring a Static Multi-Segment PW

Networking Requirements

As shown in Figure 11-13, sites of an enterprise at different geographical locations connect to the MPLS network of an ISP through CE1 and CE2. The S-PE has powerful functions, and U-PE1 and U-PE2 function as access devices and cannot directly establish remote LDP sessions. To simplify configuration, the enterprise hopes that the two CEs communicate with each other like on a LAN. That is, data packets of users traverse the ISP network without being modified by the PEs. The enterprise will not increase sites in the future and wants to use exclusive VPN resources of the ISP to protect user data security.

Figure 11-13  Networking diagram for configuring a static multi-segment PW

Configuration Roadmap

Because the enterprise will not increase sites in the future and wants to use exclusive VPN resources, you can configure a static PW to meet the customer requirements. To use hierarchical networking, configure a static multi-segment PW.

The configuration roadmap is as follows:

  1. Configure a common routing protocol on the backbone network so that backbone network devices can communicate.

  2. Configure basic MPLS functions and establish LSPs on the backbone network.

  3. Establish static MPLS L2VC connections on U-PEs.

  4. Configure PW switching on the S-PE for a multi-segment PW.

Procedure

  1. Configure an IP address for each interface on the devices according to Figure 11-13.

    # Configure CE1. The configuration on U-PE1, P1, S-PE, P2, U-PE2, and CE2 is similar to the configuration on CE1 and is not mentioned here.

    <Huawei> system-view
    [Huawei] sysname CE1
    [CE1] interface gigabitethernet 1/0/0
    [CE1-GigabitEthernet1/0/0] ip address 100.1.1.1 255.255.255.0
    [CE1-GigabitEthernet1/0/0] quit

  2. Configure an IGP protocol and Loopback address on the MPLS backbone network.

    # Configure U-PE1. The configuration on P1, S-PE, P2, and U-PE2 is similar to the configuration on U-PE1 and is not mentioned here.

    [U-PE1] interface loopback 0
    [U-PE1-LoopBack0] ip address 1.1.1.9 255.255.255.255
    [U-PE1-LoopBack0] quit
    [U-PE1] ospf 1
    [U-PE1-ospf-1] area 0
    [U-PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
    [U-PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [U-PE1-ospf-1-area-0.0.0.0] quit
    [U-PE1-ospf-1] quit
    

  3. Configure basic MPLS functions and set up LSP tunnels.

    Configure basic MPLS functions on the MPLS backbone network, and set up LSP tunnels between U-PE1 and S-PE, and between SPE and U-PE2. U-PE1 is used as an example. The configurations of other devices are similar to the configuration of U-PE1 and are not mentioned here.

    # Configure U-PE1.

    [U-PE1] mpls lsr-id 1.1.1.9
    [U-PE1] mpls
    [U-PE1-mpls] mpls ldp
    [U-PE1-mpls-ldp] quit
    [U-PE1] interface gigabitethernet 2/0/0
    [U-PE1-GigabitEthernet2/0/0] ip address 10.1.1.1 255.255.255.0
    [U-PE1-GigabitEthernet2/0/0] mpls
    [U-PE1-GigabitEthernet2/0/0] mpls ldp
    [U-PE1-GigabitEthernet2/0/0] quit

  4. Create VCs.

    Enable MPLS L2VPN on U-PE1, U-PE2, and S-PE, and set up VCs on U-PE1 and U-PE2.

    # Configure U-PE1.

    [U-PE1] mpls l2vpn
    [U-PE1-l2vpn] quit
    [U-PE1] pw-template pwt
    [U-PE1-pw-template-pwt] peer-address 3.3.3.9
    [U-PE1-pw-template-pwt] quit
    [U-PE1] interface gigabitethernet 1/0/0
    [U-PE1-GigabitEthernet1/0/0] mpls static-l2vc pw-template pwt 100 transmit-vpn-label 100 receive-vpn-label 100
    [U-PE1-GigabitEthernet1/0/0] quit

    # Configure S-PE.

    [S-PE] mpls l2vpn
    [S-PE-l2vpn] quit
    [S-PE] mpls switch-l2vc 5.5.5.9 100 trans 200 recv 200 between 1.1.1.9 100 trans 100 recv 100 encapsulation ethernet

    # Configure U-PE2.

    [U-PE2] mpls l2vpn
    [U-PE2-l2vpn] quit
    [U-PE2] pw-template pwt
    [U-PE2-pw-template-pwt] peer-address 3.3.3.9 
    [U-PE2-pw-template-pwt] quit
    [U-PE2] interface gigabitethernet 1/0/0
    [U-PE2-GigabitEthernet1/0/0] mpls static-l2vc pw-template pwt 100 transmit-vpn-label 200 receive-vpn-label 200
    [U-PE2-GigabitEthernet1/0/0] quit
    NOTE:

    The transmit-vpn-label configured on the U-PE must be the same as the recv label on the S-PE, and the receive-vpn-label configured on the U-PE must be the same as the trans label on the S-PE. Otherwise, CEs cannot communicate.

  5. Verify the configuration.

    # Run the following command on the PEs to check the L2VPN connections. The command output shows that an L2VC connection is set up and is in Up state.

    # The display on U-PE1 and the S-PE is used as an example.

    [U-PE1] display mpls static-l2vc interface gigabitethernet 1/0/0
     *Client Interface     : GigabitEthernet1/0/0 is up
      AC Status            : up
      VC State             : up
      VC ID                : 100
      VC Type              : Ethernet 
      Destination          : 3.3.3.9    
      Transmit VC Label    : 100        
      Receive VC Label     : 100        
      Label Status         : 0          
      Token Status         : 0          
      Control Word         : Disable    
      VCCV Capabilty       : alert ttl lsp-ping bfd  
      active state         : active        
      Link State           : up            
      Tunnel Policy        : --            
      PW Template Name     : pwt          
      Main or Secondary    : Main         
      load balance type    : flow         
      Access-port          : false         
      VC tunnel/token info : 1 tunnels/tokens 
      NO.0  TNL Type       : lsp   , TNL ID : 0x4 
      Backup TNL Type      : lsp   , TNL ID : 0x0 
      Create time          : 0 days, 4 hours, 38 minutes, 4 seconds 
      UP time              : 0 days, 0 hours, 12 minutes, 6 seconds 
      Last change time     : 0 days, 0 hours, 12 minutes, 6 seconds 
      VC last up time      : 2013/12/04 15:29:44                    
      VC total up time     : 0 days, 0 hours, 12 minutes, 6 seconds 
      CKey                 : 2 
      NKey                 : 1
      Diffserv Mode        : uniform                                                
      Service Class        : --                                                     
      Color                : --                                                     
      DomainId             : --                                                     
      Domain Name          : --                                                     
      BFD for PW           : unavailable                                            
    [S-PE] display mpls switch-l2vc
     Total Switch VC : 1, 1 up, 0 down                    
                                                          
    *Switch-l2vc type             : SVC<---->SVC          
     Peer IP Address              : 5.5.5.9, 1.1.1.9      
     VC ID                        : 100, 100              
     VC Type                      : Ethernet              
     VC State                     : up                    
     In/Out Label                 : 200/200, 100/100      
     InLabel Status               : 0 , 0                 
     Control Word                 : Disable, Disable      
     VCCV Capability              : alert ttl lsp-ping bfd , alert ttl lsp-ping bfd
     Switch-l2vc tunnel info      :                                
                                    1 tunnels for peer 5.5.5.9     
                                    NO.0  TNL Type : lsp   , TNL ID : 0x10 
                                    1 tunnels for peer 1.1.1.9            
                                    NO.0  TNL Type : lsp   , TNL ID : 0xe 
     CKey                         : 8, 10                                
     NKey                         : 7, 9                                 
     Tunnel policy                : --, --                               
     Create time                  : 0 days, 0 hours, 7 minutes, 19 seconds
     UP time                      : 0 days, 0 hours, 0 minutes, 34 seconds
     Last change time             : 0 days, 0 hours, 0 minutes, 34 seconds
     VC last up time              : 2013/12/01 22:31:43                   
     VC total up time             : 0 days, 0 hours, 0 minutes, 34 seconds  

    # CE1 and CE2 can ping each other successfully.

    # The display on CE1 is used as an example.

    [CE1] ping 100.1.1.2
      PING 100.1.1.2: 56  data bytes, press CTRL_C to break
        Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=188 ms
        Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=187 ms
        Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=187 ms
        Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=188 ms
        Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=188 ms
    
      --- 100.1.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 187/187/188 ms

Configuration Files

  • Configuration file of CE1

    #
    sysname CE1
    #
    interface GigabitEthernet1/0/0
     ip address 100.1.1.1 255.255.255.0
    #
    return
  • Configuration file of U-PE1

    #
    sysname U-PE1
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls l2vpn
    #
    pw-template pwt
     peer-address 3.3.3.9
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     mpls static-l2vc pw-template pwt 100 transmit-vpn-label 100 receive-vpn-label 100
    #
    interface GigabitEthernet2/0/0
     ip address 10.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack0
     ip address 1.1.1.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 10.1.1.0 0.0.0.255
      network 1.1.1.9 0.0.0.0
    #
    return
  • Configuration file of P1

    #
    sysname P1
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip address 10.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address 20.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack0
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 10.1.1.0 0.0.0.255
      network 20.1.1.0 0.0.0.255
      network 2.2.2.9 0.0.0.0
    #
    return
  • Configuration file of S-PE

    #
    sysname S-PE
    #
    mpls lsr-id 3.3.3.9
    mpls
    #
    mpls l2vpn
    #
    mpls switch-l2vc 5.5.5.9 100 trans 200 recv 200 between 1.1.1.9 100 trans 100 recv 100 encapsulation ethernet
    # 
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip address 20.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address 30.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack0
     ip address 3.3.3.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 30.1.1.0 0.0.0.255
      network 3.3.3.9 0.0.0.0
    #
    return
  • Configuration file of P2

    #
    sysname P2
    #
    mpls lsr-id 4.4.4.9
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip address 30.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address 40.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack0
     ip address 4.4.4.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.9 0.0.0.0
      network 30.1.1.0 0.0.0.255
      network 40.1.1.0 0.0.0.255
    #
    return
  • Configuration file of U-PE2

    #
    sysname U-PE2
    #
    mpls lsr-id 5.5.5.9
    mpls
    #
    mpls l2vpn
    #
    pw-template pwt
     peer-address 3.3.3.9
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip address 40.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     mpls static-l2vc pw-template pwt 100 transmit-vpn-label 200 receive-vpn-label 200
    #
    interface LoopBack0
     ip address 5.5.5.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 5.5.5.9 0.0.0.0
      network 40.1.1.0 0.0.0.255
    #
    return
  • Configuration file of CE2

    #
    sysname CE2
    #
    interface GigabitEthernet1/0/0
     ip address 100.1.1.2 255.255.255.0
    #
    return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 152185

Downloads: 367

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next