No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring TDM PWE3 (Using the 8E1T1-M Interface Card)

Example for Configuring TDM PWE3 (Using the 8E1T1-M Interface Card)

Networking Requirements

NOTE:

Only the AR2220, AR2240 (using SRU40, SRU60, SRU80, SRU200, SRU400), AR3200 (using SRU40, SRU60, SRU80, SRU200, SRU400), and AR3600 (using SRUX5) series routers can be used in this scenario.

As shown in Figure 11-17, the carrier MPLS network provides the L2VPN service for users who access the network through low-speed TDM links. The backbone devices are connected through the 4GECS interface cards on which the Combo interfaces work as electrical interfaces with a rate of 1000 Mbit/s. Many users connect to the network through PE1 and PE2, and users on the PEs change frequently. (This example lists only two user devices CE1 and CE2, and they are connected to the PEs which have 8E1T1-M interface cards installed.) A proper VPN solution is required to provide secure VPN services for users, save network resources, and simplify configuration when new users connect to the network.

Figure 11-17  Configuring TDM PWE3 using the 8E1T1-M interface card

Configuration Roadmap

Because users on the PEs change frequently, manual configuration is inefficient and may cause configuration errors. In this scenario, the two PEs can set up a remote LDP session and use the LDP protocol to synchronize user information through a dynamic PW. Compared with Martini, PWE3 reduces signaling costs and defines the multi-hop negotiation mode, making networking more flexible. PWE3 is recommended if network resources need to be saved. TDM PWE3 can be used to meet user requirements based on users' access modes.

The configuration roadmap is as follows:

  1. Run an IGP protocol on the backbone network so that backbone devices can communicate.

  2. Enable basic MPLS capabilities, set up an LSP tunnel on the backbone network, and establish a remote MPLS LDP peer relationship between the PEs at two ends of the PW.

  3. Create an MPLS L2VC connection between CE1/PRI interfaces on the PEs to implement TDM PWE3, so that users can communicate with each other.

  4. Configure all the devices to work in clock synchronization state to ensure that CEs can accurately exchange data with each other. In this example, the system clock of PE1 is used as the clock source.

Procedure

  1. Configure IP addresses for the interfaces on the MPLS backbone network.

    # Configure PE1. The configuration on P and PE2 is similar to the configuration on PE1 and is not mentioned here.

    <Huawei> system-view
    [Huawei] sysname PE1
    [PE1] interface loopback 1
    [PE1-LoopBack1] ip address 1.1.1.9 255.255.255.255
    [PE1-LoopBack1] quit
    [PE1] interface gigabitethernet 1/0/0
    [PE1-GigabitEthernet1/0/0] ip address 172.1.1.1 255.255.255.0
    [PE1-GigabitEthernet1/0/0] quit

  2. Configure an IGP protocol on the MPLS backbone network.

    Configure an IGP protocol on the MPLS backbone network. In this example, OSPF is used.

    # Configure PE1. The configuration on P and PE2 is similar to the configuration on PE1 and is not mentioned here.

    [PE1] ospf 1
    [PE1-ospf-1] area 0
    [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
    [PE1-ospf-1-area-0.0.0.0] quit
    [PE1-ospf-1] quit

    After the configuration is complete, run the display ip routing-table command. You can view that the devices have learnt routes to Loopback1 of each other.

  3. Enable MPLS, and set up LSPs and remote LDP sessions.

    Enable MPLS on the MPLS backbone network and set up a remote MPLS peer relationship between the PEs.

    # Configure PE1.

    [PE1] mpls lsr-id 1.1.1.9
    [PE1] mpls
    [PE1-mpls] quit
    [PE1] mpls ldp
    [PE1-mpls-ldp] quit
    [PE1] interface gigabitethernet 1/0/0
    [PE1-GigabitEthernet1/0/0] mpls
    [PE1-GigabitEthernet1/0/0] mpls ldp
    [PE1-GigabitEthernet1/0/0] quit
    [PE1] mpls ldp remote-peer 3.3.3.9
    [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
    [PE1-mpls-ldp-remote-3.3.3.9] quit
    

    # Configure P.

    [P] mpls lsr-id 2.2.2.9
    [P] mpls
    [P-mpls] quit
    [P] mpls ldp
    [P-mpls-ldp] quit
    [P] interface gigabitethernet 1/0/0
    [P-GigabitEthernet1/0/0] mpls
    [P-GigabitEthernet1/0/0] mpls ldp
    [P-GigabitEthernet1/0/0] quit
    [P] interface gigabitethernet 2/0/0
    [P-GigabitEthernet2/0/0] mpls
    [P-GigabitEthernet2/0/0] mpls ldp
    [P-GigabitEthernet2/0/0] quit
    

    # Configure PE2.

    [PE2] mpls lsr-id 3.3.3.9
    [PE2] mpls
    [PE2-mpls] quit
    [PE2] mpls ldp
    [PE2-mpls-ldp] quit
    [PE2] interface gigabitethernet 1/0/0
    [PE2-GigabitEthernet1/0/0] mpls
    [PE2-GigabitEthernet1/0/0] mpls ldp
    [PE2-GigabitEthernet1/0/0] quit
    [PE2] mpls ldp remote-peer 1.1.1.9
    [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
    [PE2-mpls-ldp-remote-1.1.1.9] quit
    

    After the configuration is complete, run the display mpls ldp session command. You can view that LDP sessions are established between PEs and between PEs and P, and the session status is Operational.

  4. Configure user devices to access the PEs.

    Configure interface parameters on the CEs and PEs because user devices access the PEs through low-speed TDM links.

    # Configure CE1.

    <Huawei> system-view
    [Huawei] sysname CE1
    [CE1] controller e1 1/0/0
    [CE1-E1 1/0/0] using e1
    [CE1-E1 1/0/0] quit
    [CE1] interface serial 1/0/0:0
    [CE1-Serial1/0/0:0] link-protocol ppp
    [CE1-Serial1/0/0:0] ip address 192.168.1.1 255.255.255.0
    [CE1-Serial1/0/0:0] quit
    

    # Configure PE1.

    [PE1] controller e1 2/0/0
    [PE1-E1 2/0/0] using e1
    [PE1-E1 2/0/0] quit
    [PE1] interface serial 2/0/0:0
    [PE1-Serial2/0/0:0] link-protocol tdm
    [PE1-Serial2/0/0:0] quit
    

    # Configure PE2.

    [PE2] controller e1 2/0/0
    [PE2-E1 2/0/0] using e1
    [PE2-E1 2/0/0] quit
    [PE2] interface serial 2/0/0:0
    [PE2-Serial2/0/0:0] link-protocol tdm
    [PE2-Serial2/0/0:0] quit
    

    # Configure CE2.

    <Huawei> system-view
    [Huawei] sysname CE2
    [CE2] controller e1 1/0/0
    [CE2-E1 1/0/0] using e1
    [CE2-E1 1/0/0] quit
    [CE2] interface serial 1/0/0:0
    [CE2-Serial1/0/0:0] link-protocol ppp
    [CE2-Serial1/0/0:0] ip address 192.168.1.2 255.255.255.0
    [CE2-Serial1/0/0:0] quit
    

  5. Create a VC connection.

    Enable MPLS L2VPN on PE1 and PE2, and create a VC connection between them.

    # Configure PE1.

    [PE1] mpls l2vpn
    [PE1-l2vpn] quit
    [PE1] pw-template pe2pe
    [PE1-pw-template-pe2pe] peer-address 3.3.3.9
    [PE1-pw-template-pe2pe] jitter-buffer depth 8
    [PE1-pw-template-pe2pe] tdm-encapsulation-number 8
    [PE1-pw-template-pe2pe] quit
    [PE1] interface serial 2/0/0:0
    [PE1-Serial2/0/0:0] mpls l2vc pw-template pe2pe 100
    [PE1-Serial2/0/0:0] quit

    # Configure PE2.

    [PE2] mpls l2vpn
    [PE2-l2vpn] quit
    [PE2] pw-template pe2pe
    [PE2-pw-template-pe2pe] peer-address 1.1.1.9
    [PE2-pw-template-pe2pe] jitter-buffer depth 8
    [PE2-pw-template-pe2pe] tdm-encapsulation-number 8
    [PE2-pw-template-pe2pe] quit
    [PE2] interface serial 2/0/0:0
    [PE2-Serial2/0/0:0] mpls l2vc pw-template pe2pe 100
    [PE2-Serial2/0/0:0] quit

  6. Configure the clock synchronization function.

    Configure all the devices to work in clock synchronization state; otherwise, CEs cannot accurately exchange data with each other. The system clock of PE1 is used as the clock source for all the devices.

    # Configure PE1.

    [PE1] interface gigabitethernet 1/0/0
    [PE1-GigabitEthernet1/0/0] clock master
    [PE1-GigabitEthernet1/0/0] quit
    [PE1] controller e1 2/0/0
    [PE1-E1 2/0/0] combo-port copper
    [PE1-E1 2/0/0] clock system
    [PE1-E1 2/0/0] quit
    

    # Configure CE1.

    [CE1] controller e1 1/0/0
    [CE1-E1 1/0/0] clock slave
    [CE1-E1 1/0/0] quit
    

    # Configure the P.

    [P] interface gigabitethernet 1/0/0
    [P-GigabitEthernet1/0/0] clock slave
    [P-GigabitEthernet1/0/0] quit
    [P] clock source 0 1/0/0
    [P] interface gigabitethernet 2/0/0
    [P-GigabitEthernet2/0/0] clock master
    [P-GigabitEthernet2/0/0] quit
    

    # Configure PE2.

    [PE2] interface gigabitethernet 1/0/0
    [PE2-GigabitEthernet1/0/0] clock slave
    [PE2-GigabitEthernet1/0/0] quit
    [PE2] clock source 0 1/0/0
    [PE2] controller e1 2/0/0
    [PE2-E1 2/0/0] clock system
    [PE2-E1 2/0/0] quit
    

    # Configure CE2.

    [CE2] controller e1 1/0/0
    [CE2-E1 1/0/0] clock slave
    [CE2-E1 1/0/0] quit
    

  7. Verify the configuration.

    # Check the L2VPN connections on PEs. You can see that an L2VC connection has been set up and is in the Up state.

    # The display on PE1 is used as an example:

    [PE1] display mpls l2vc interface serial 2/0/0:0
     *client interface       : Serial2/0/0:0 is up                                  
      Administrator PW       : no                                                   
      session state          : up                                                   
      AC status              : up                                                   
      Ignore AC state        : disable
      VC state               : up                          
      Label state            : 0                                                    
      Token state            : 0                                                    
      VC ID                  : 100                                                  
      VC type                : SAT E1 over Packet                                   
      destination            : 3.3.3.9                                              
      local group ID         : 0            remote group ID      : 0                
      local VC label         : 1039         remote VC label      : 1045             
      local TDM Encap Num    : 8            remote TDM Encap Num : 8                
      jitter-buffer          : 8                                                    
      idle-code              : ff                                                   
      local rtp-header       : disable      remote rtp-header    : disable          
      local bit-rate         : 32           remote bit-rate      : 32               
      local AC OAM State     : up                                                   
      local PSN OAM State    : up                                                   
      local forwarding state : forwarding                                           
      local status code      : 0x0                                                  
      remote AC OAM state    : up                                                   
      remote PSN OAM state   : up                                                   
      remote forwarding state: forwarding                                           
      remote status code     : 0x0                                                  
      ignore standby state   : no                                                   
      BFD for PW             : unavailable                                          
      VCCV State             : up                                                   
      manual fault           : not set                                              
      active state           : active                                               
      forwarding entry       : exist                                                
      link state             : up                                                   
      local VC MTU           : --           remote VC MTU        : --               
      local VCCV             : alert ttl lsp-ping bfd                               
      remote VCCV            : alert ttl lsp-ping bfd                               
      local control word     : disable      remote control word  : disable          
      tunnel policy name     : --                                                   
      PW template name       : pe2pe                                                
      primary or secondary   : primary                                              
      load balance type      : flow                                                 
      Access-port            : false                                                
      Switchover Flag        : false                                                
      VC tunnel/token info   : 1 tunnels/tokens                                     
        NO.0  TNL type       : lsp   , TNL ID : 0x5                                 
        Backup TNL type      : lsp   , TNL ID : 0x0                                 
      create time            : 0 days, 0 hours, 1 minutes, 36 seconds               
      up time                : 0 days, 0 hours, 1 minutes, 36 seconds               
      last change time       : 0 days, 0 hours, 1 minutes, 36 seconds               
      VC last up time        : 2013/11/02 09:30:04                                  
      VC total up time       : 0 days, 0 hours, 1 minutes, 36 seconds               
      CKey                   : 9                                                    
      NKey                   : 8                                                    
      PW redundancy mode     : frr                                                  
      AdminPw interface      : --                                                   
      AdminPw link state     : --                                                   
      Diffserv Mode          : pipe                                                 
      Service Class          : ef                                                   
      Color                  : green                                                
      DomainId               : --                                                   
      Domain Name            : --                                                   

    # CE1 and CE2 can ping each other.

    # The display on CE1 is used as an example:

    [CE1] ping 192.168.1.2
      PING 192.168.1.2: 56  data bytes, press CTRL_C to break                       
        Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time=16 ms              
        Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time=15 ms              
        Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time=15 ms              
        Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time=15 ms              
        Reply from 192.168.1.2: bytes=56 Sequence=5 ttl=255 time=14 ms              
                                                                                    
      --- 192.168.1.2 ping statistics ---                                           
        5 packet(s) transmitted                                                     
        5 packet(s) received                                                        
        0.00% packet loss                                                           
        round-trip min/avg/max = 14/15/16 ms                                        

Configuration Files

  • Configuration file of CE1

    #
    sysname CE1
    #
    controller E1 1/0/0
     using e1
    #
    interface Serial1/0/0:0
     link-protocol ppp
     ip address 192.168.1.1 255.255.255.0
    #
    return
  • Configuration file of PE1

    #
    sysname PE1
    #
    mpls lsr-id 1.1.1.9
    mpls
    #
    mpls l2vpn
    #
    pw-template pe2pe 
     peer-address 3.3.3.9 
    #
    mpls ldp
    #
    mpls ldp remote-peer 3.3.3.9
     remote-ip 3.3.3.9 
    #
    controller E1 2/0/0 
     using e1
     clock system
    #
    interface Serial2/0/0:0 
     link-protocol tdm
     mpls l2vc pw-template pe2pe 100
    #
    interface GigabitEthernet1/0/0
     ip address 172.1.1.1 255.255.255.0
     mpls
     mpls ldp
     clock master
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • Configuration file of the P device

    #
    sysname P
    #
     clock source 0 1/0/0 priority 9 
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip address 172.1.1.2 255.255.255.0
     mpls
     mpls ldp
     clock slave
    #
    interface GigabitEthernet2/0/0
     ip address 172.2.1.1 255.255.255.0
     mpls
     mpls ldp
     clock master
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
      network 172.2.1.0 0.0.0.255
    #
    return
  • Configuration file of PE2

    #
    sysname PE2
    #
     clock source 0 1/0/0 priority 9 
    #
    mpls lsr-id 3.3.3.9
    mpls
    #
    mpls l2vpn
    #
    pw-template pe2pe 
     peer-address 1.1.1.9 
    #
    mpls ldp
    #
    mpls ldp remote-peer 1.1.1.9
     remote-ip 1.1.1.9
    #
    controller E1 2/0/0 
     using e1
     clock system
    #
    interface Serial2/0/0:0 
     link-protocol tdm
     mpls l2vc pw-template pe2pe 100
    #
    interface GigabitEthernet1/0/0
     ip address 172.2.1.2 255.255.255.0 
     mpls
     mpls ldp
     clock slave
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 172.2.1.0 0.0.0.255
    #
    return
  • Configuration file of CE2

    #
    sysname CE2
    #
    controller E1 1/0/0
     using e1
    #
    interface Serial1/0/0:0
     link-protocol ppp
     ip address 192.168.1.2 255.255.255.0
    #
    return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 141973

Downloads: 357

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next