No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Inter-AS VPN Option C (Solution 1)

Configuring Inter-AS VPN Option C (Solution 1)

If virtual private network (VPN) routes need to be established over a Multiprotocol Label Switching (MPLS) backbone network spanning multiple autonomous areas (ASs), inter-AS VPN is required. If each AS needs to exchange a large number of VPN routes, inter-AS VPN Option C is a good choice to prevent the autonomous area border routers (ASBRs) from becoming bottlenecks that impede network expansion.

Pre-configuration Tasks

Before configuring inter-AS VPN Option C, complete the following tasks:

  • Configuring an Interior Gateway Protocol (IGP) for the MPLS backbone network of each AS to ensure IP connectivity on the backbone network within each AS
  • Configuring the basic MPLS functions and MPLS Label Distribution Protocol (LDP) or Resource Reservation Protocol-Traffic Engineering (RSVP-TE) for the MPLS backbone network of each AS
  • In each AS, configuring VPN instances on the PE devices connected to CE devices and associating the VPN instances with PE interfaces connected to CE devices
  • Configuring route exchange between the PE and CE devices in each AS

For details about the configurations, see Configuring Basic BGP/MPLS IP VPN Functions.

Context

The following solutions can be used to implement inter-AS VPN Option C:
  • Solution 1: After learning the labeled BGP routes of the public network in the remote AS from the remote ASBR, the local ASBR allocates labels for these routes, and advertises these routes to the IBGP peer that supports the label switching capability. In this manner, a complete LSP is set up.
  • Solution 2: The IBGP peer relationship between the PE and ASBR is not needed. In this solution, an ASBR learns the labeled public BGP routes of the remote AS from the peer ASBR. Then these labeled public BGP routes are imported to an IGP to trigger the establishment of an LDP LSP. In this manner, a complete LDP LSP can be established between the two PEs.

Solution 1 is described in this section, and solution 2 is described in Configuring Inter-AS VPN Option C (Solution 2).

Configuration Procedure

All the following tasks are mandatory. Perform these tasks in this sequence to complete inter-AS VPN Option C configuration.

When VPN services need to be transmitted over TE tunnels or when multiple tunnels need to perform load balancing to fully use network resources, you also need to complete the task of Configuring Tunnel Policies.

NOTE:

In inter-AS VPN Option C mode, do not enable LDP between ASBRs. If LDP is enabled on the interfaces between ASBRs, LDP sessions are then established between the ASBRs. When a lot of BGP routes exist, many LDP labels are occupied.

Enabling the Labeled IPv4 Route Exchange

Context

In inter-AS VPN Option C, establish an inter-AS VPN LSP. The related PEs and ASBRs exchange public network routes with the MPLS labels.

The public network routes with the MPLS labels are advertised by the MP-BGP. The label mapping information of a route is carried by advertising BGP updates. This feature is implemented through BGP extension attributes, which requires BGP peers to process the labeled IPv4 routes.

By default, BGP peers cannot process labeled IPv4 routes.

Procedure

  • Configure a PE device.
    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run peer ipv4-address as-number as-number

      An IBGP peer relationship is established between the local PE and ASBR in the same AS.

    4. Run peer ipv4-address connect-interface loopback interface-number

      A loopback interface is specified as the outbound interface of the BGP session.

    5. Run peer ipv4-address label-route-capability

      Exchange of the labeled IPv4 routes with the ASBR in the same AS is enabled.

  • Configure an ASBR.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The view of the interface connected with the peer ASBR is displayed.

    3. Run ip address ip-address { mask | mask-length }

      The interface IP address is configured.

    4. Run mpls

      The MPLS capability is enabled.

    5. Run quit

      Return to the system view.

    6. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    7. Run peer ipv4-address as-number as-number

      An IBGP peer relationship is established between the local PE and the remote PE in the same AS.

    8. Run peer ipv4-address connect-interface loopback interface-number

      A loopback interface is specified as the outbound interface of the BGP session.

    9. Run peer ipv4-address label-route-capability

      Exchange of the labeled IPv4 routes with the remote PE in the same AS is enabled.

    10. Run peer ipv4-address as-number as-number

      The peer ASBR is specified as the EBGP peer.

    11. (Optional) Run peer { ipv4-address | group-name } ebgp-max-hop [ hop-count ]

      The maximum number of hops is configured for the EBGP connection.

      Generally, one or multiple directly connected physical links exist between EBGP peers. If the directly connected physical links are not available, run the peer ebgp-max-hop command to ensure that the TCP connection can be set up between the EBGP peers through multiple hops.

      If BGP uses a loopback interface establish an EBGP peer relationship, you must run the peer ebgp-max-hop command and set to hot count to a value larger than or equal to 2. Otherwise, the peer relationship cannot be established. If hop-count is not specified, the default value 255 is used.

    12. Run peer ipv4-address label-route-capability [ check-tunnel-reachable ]

      The exchange of the labeled IPv4 routes with the peer ASBR is enabled.

      • If tunnel reachability checking is enabled, BGP advertises IPv4 unicast routes to peers when routed tunnels are unreachable or advertises labeled routes to peers when routed tunnels are reachable. This eliminates the risk of establishing an MP-EBGP peer relationship between PEs over a faulty LSP because this will cause data forwarding failures.
      • If tunnel reachability checking is disabled, BGP advertises labeled routes to peers whether the tunnels for imported routes are reachable or not.

Configuring a Routing Policy to Control Label Distribution

Context

You need to configure a routing policy to control label allocation for each inter-AS BGP LSP. If labeled IPv4 routes are advertised to a PE of the local AS, you need to re-allocate MPLS labels to these routes. If routes sent by a PE of the local AS are advertised to the peer ASBR, you need to allocate MPLS labels to these routes.

Procedure

  1. Create a routing policy.

    Perform the following steps on the ASBR.

    1. Run system-view

      The system view is displayed.

    2. Run route-policy policy-name1 permit node node

      The routing policy applied to the local PE is created.

      For the labeled IPv4 routes received from peer ASBRs, and sent to the PEs in the same AS, this policy ensures that a new MPLS label is allocated.

    3. Run if-match mpls-label

      The IPv4 routes with labels are matched.

    4. Run apply mpls-label

      The label is allocated to the IPv4 route.

    5. Run quit

      Return to the system view.

    6. Run route-policy policy-name2 permit node node

      The routing policy applied to the peer ASBR is created.

      For the labeled IPv4 routes received from PE in the local AS, and sent to the remote ASBR, this policy ensures that a new MPLS label is allocated.

    7. Run apply mpls-label

      The label is allocated to the IPv4 route.

  2. Apply the routing policy.

    Perform the following steps on the ASBR.

    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run peer ipv4-address route-policy policy-name1 export

      The routing policy adopted when the route is advertised to the local PE is created.

    4. Run peer ipv4-address route-policy policy-name2 export

      The routing policy adopted when the route is advertised to the peer ASBR is created.

  3. (Optional) Control the creation of ingress LSPs for labeled BGP routes based on routing policies.

    Perform the following steps on each PE.

    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run ingress-lsp trigger route-policy route-policy-name

      The function to create ingress LSPs for labeled BGP routes based on routing policies is configured.

      On a MAN where the hybrid access mode is used, a large number of labeled BGP routes are used to establish end-to-end LSPs. On certain intermediate nodes where VPN services do not need to be supported, excessive ingress LSPs are created, wasting network resources. In this case, you can run the ingress-lsp trigger command to create ingress LSPs based on a routing policy to save network resources.

Establishing an MP-EBGP Peer Relationship Between PE Devices

Context

By introducing extended community attributes into BGP, MP-EBGP can advertise VPNv4 routes between PEs.

Procedure

  • Configure a PE device to advertise its loopback interface IP addresses used for peer relationship establishment to the ASBRs of other ASs and peer PE devices. You can also configure an ASBR to send the loopback interface IP addresses of a PE device used for peer relationship establishment to the ASBRs of other ASs and peer PE devices.
    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run network ip-address [ mask | mask-length ] [ route-policy route-policy-name ]

      The loopback address of the PE in the local AS is advertised to the remote ASBR.

  • (Optional) Disable an ASBR from advertising BGP supernet labeled routes.

    In an inter-AS VPN Option C scenario, a PE uses a routing policy to assign a label to its loopback address route and advertises this route as a BGP labeled route. When an ASBR receives the route, the route is a BGP supernet labeled route in which the destination address and next hop address are the same or the destination address is more detailed than the next hop address. In V2R3C00 or earlier, the ASBR does not advertise the received BGP supernet labeled route. After the ASBR is upgraded to a version later than V2R3C00, the ASBR can advertise the received BGP supernet labeled route to other BGP peers. This advertisement may change the traffic path on the network before and after the upgrade. To ensure that the traffic path remains unchanged, disable the ASBR from advertising BGP supernet labeled routes.

    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run supernet label-route advertise disable

      The ASBR is disabled from advertising BGP supernet labeled routes.

      After you disable the ASBR from advertising BGP supernet labeled routes, to advertise the loopback address route of a PE in the local AS to a PE in another AS, run the network command on the ASBR to advertise the BGP route to the loopback address of the PE in the same AS.

  • Perform the following steps on the PE device:
    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run peer ipv4-address as-number { as-number-plain | as-number-dot }

      The peer PE is specified as the EBGP peer.

    4. Run peer ipv4-address connect-interface loopback interface-number

      The source interface that sends BGP packets is specified.

    5. Run peer ipv4-address ebgp-max-hop [ hop-count ]

      The maximum hop of the EBGP peer is configured.

      PEs of different ASs are generally not directly connected. To set up the EBGP peer between PEs of different ASs, configure the maximum hop between PEs and ensure the PEs are reachable.

    6. (Optional) Run peer { group-name | ipv4-address } mpls-local-ifnet disable

      The ability to establish an MPLS local IFNET tunnel between PEs is disabled.

      In the Option C scenario, PEs establish an MP-EBGP peer relationship. Therefore, an MPLS local IFNET tunnel between PEs is established over the MP-EBGP peer relationship. The MPLS local IFNET tunnel fails to transmit traffic because PEs are indirectly connected.

      If a fault occurs on the BGP LSP between PEs, traffic is iterated to the MPLS local IFNET tunnel, not an FRR bypass tunnel. As the MPLS local IFNET tunnel cannot forward traffic, traffic is interrupted. To prevent the traffic interruption, run this command to disable the establishment of an MPLS local IFNET tunnel between PEs.

    7. Run ipv4-family vpnv4 [ unicast ]

      The BGP VPNv4 address family is displayed.

    8. Run peer ipv4-address enable

      The exchange of VPN IPv4 routes with the peer PE is enabled.

Related Tasks

To improve scalability, specify an RR in each AS and establish MP-EBGP peer relationships between the RRs in ASs to save all VPNv4 routes on the RRs. Then configure PEs in each AS as the RR's clients to exchange VPNv4 routing information with the RR. The configuration is as follows:

  • Configure a PE device to advertise its loopback interface IP addresses used for peer relationship establishment to the ASBRs of other ASs and peer PE devices. You can also configure an ASBR to send the loopback interface IP addresses of a PE device used for peer relationship establishment to the ASBRs of other ASs and peer PE devices. The configuration procedure is the same as the above mentioned procedure.
  • Establish an MP-EBGP peer relationship between the RRs. The configuration procedure is similar to the procedure for establishing an MP-EBGP peer relationship between two PE devices, except that you need to run the peer ipv4-address next-hop-invariable command in the BGP-VPNv4 address family view of the RRs to configure them not to change the next hop when advertising routes to the EBGP peers.
  • Configure PE devices as the clients of the RR in the local AS to exchange VPNv4 routing information with the RR. For details about the configurations, see Configuring Route Reflection to Optimize the VPN Backbone Layer.

Verifying the Inter-AS VPN Option C Configuration (Solution 1)

Prerequisites

The configuration of inter-AS VPN Option C (Solution 1) is complete.

Procedure

  • Run the display bgp vpnv4 all peer command to check the BGP peers on the PE device. You can find the status of the EBGP peer between PEs is "Established".
  • Run the display bgp vpnv4 all routing-table command to check the VPN IPv4 routing table on the PE or ASBR. You can view that the PE has the VPN IPv4 routes while the ASBR has no VPN IPv4 route.
  • Run the display bgp routing-table label command to check information about the label of the IPv4 route on the ASBR.
  • Run the display ip routing-table vpn-instance vpn-instance-name command to check the VPN routing table on the PE device. The command displays all VPN routes to all the CE devices in the VPN routing table of the PE device.
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 143723

Downloads: 361

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next