No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring BGP AS Number Substitution

Example for Configuring BGP AS Number Substitution

Networking Requirements

As shown in Figure 7-54, CE1 and CE2 belong to the same VPN. CE1 connects to PE1, and CE2 connects to PE2. Both CE1 and CE2 use AS number 600.

The PEs and CEs need to set up EBGP peer relationships to allow communication between VPN users.

Figure 7-54  Networking diagram for configuring BGP AS number substitution

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure OSPF between the P and PEs to ensure IP connectivity on the backbone network.

  2. Configure basic MPLS capabilities and MPLS LDP on the P and PEs to set up MPLS LSP tunnels for VPN data transmission on the backbone network.

  3. Set up an MP-IBGP peer relationship between PEs to exchange VPNv4 routes.

  4. Configure a VPN instance and set the VPN target to 1:1 on PE1 and PE2 so that users in the VPN can communicate with each other. Bind the VPN instance to the PE interfaces connected to CEs to provide access for VPN users.

  5. Set up EBGP peer relationships between the PEs and CEs and import routes of the CEs into routing tables of the PEs.

  6. Configure BGP AS number substitution on the PEs to enable them to accept routes with the local AS number.

Procedure

  1. Configure basic BGP/MPLS IP VPN functions.

    The configurations include the following:

    • Configure OSPF on the MPLS backbone network so that the PEs and P can learn the routes to the loopback interface of each other.

    • Configure basic MPLS capabilities and MPLS LDP on the backbone network to set up MPLS LSPs.

    • Set up an MP-IBGP peer relationship between PEs to exchange VPNv4 routes.

    • Configure the VPN instance of VPN1 on PE2 and bind the VPN instance to the interface connected to CE2.

    • Configure the VPN instance of VPN1 on PE1 and bind the VPN instance to the interface connected to CE1.

    • Set up BGP peer relationships between PE1 and CE1 and between PE2 and CE2 to import routes of CEs to PEs.

    For detailed configuration, refer to Example for Configuring BGP/MPLS IP VPN.

    After the configuration is complete, run the display ip routing-table command on CE2 to check the routing table. The routing table on CE2 contains the route to the network segment (10.1.1.0/24) of interface that connects CE1 to PE1 but contains no route to the VPN (10.3.1.0/24) of CE1. This is the same on CE1.

    [CE2] display ip routing-table
    Route Flags:
    R - relay, D - download to fib
    ------------------------------------------------------------------------------
    Routing Tables: Public
             Destinations : 11        Routes : 11
      Destination/Mask  Proto  Pre  Cost     Flags  NextHop         Interface
           10.1.1.0/24  EBGP   255  0        D      10.2.1.2        GigabitEthernet1/0/0
           10.2.1.0/24  Direct 0    0        D      10.2.1.1        GigabitEthernet1/0/0
           10.2.1.1/32  Direct 0    0        D      127.0.0.1       GigabitEthernet1/0/0
         10.2.1.255/32  Direct 0    0        D      127.0.0.1       GigabitEthernet1/0/0
           127.0.0.0/8  Direct 0    0        D      127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct 0    0        D      127.0.0.1       InLoopBack0
    127.255.255.255/32  Direct 0    0        D      127.0.0.1       InLoopBack0
           10.4.1.0/24  Direct 0    0        D      10.4.1.1        GigabitEthernet2/0/0
           10.4.1.1/32  Direct 0    0        D      127.0.0.1       GigabitEthernet2/0/0
         10.4.1.255/32  Direct 0    0        D      127.0.0.1       GigabitEthernet2/0/0
    255.255.255.255/32  Direct 0    0        D      127.0.0.1       InLoopBack0

    Run the display ip routing-table vpn-instance command on the PEs to check the routing table of the VPN instance. The VPN routing table has routes to the VPN of the CEs.

    The information displayed on PE2 is used as an example.

    [PE2] display ip routing-table vpn-instance vpn1
    Route Flags:
    R - relay, D - download to fib
    ------------------------------------------------------------------------------
    Routing Tables: vpn1
              Destinations : 7        Routes : 7
      Destination/Mask  Proto  Pre  Cost     Flags  NextHop         Interface
           10.1.1.0/24  IBGP   255  0        RD     1.1.1.9         GigabitEthernet2/0/0
           10.2.1.0/24  Direct 0    0        D      10.2.1.2        GigabitEthernet1/0/0
           10.2.1.2/32  Direct 0    0        D      127.0.0.1       GigabitEthernet1/0/0
         10.2.1.255/32  Direct 0    0        D      127.0.0.1       GigabitEthernet1/0/0
           10.3.1.0/24  IBGP   255  0        RD     1.1.1.9         GigabitEthernet2/0/0
           10.4.1.0/24  EBGP   255  0        D      10.2.1.1        GigabitEthernet1/0/0
    255.255.255.255/32  Direct 0    0        D      127.0.0.1       InLoopBack0

    Run the display bgp routing-table peer received-routes command on CE2. The command output shows that CE2 did not accept the route to 10.3.1.0/24.

    [CE2] display bgp routing-table peer 10.2.1.2 received-routes
                                                                                    
     BGP Local router ID is 10.2.1.1                                                
     Status codes: * - valid, > - best, d - damped,                                 
                   h - history,  i - internal, s - suppressed, S - Stale            
                   Origin : i - IGP, e - EGP, ? - incomplete                        
                                                                                    
                                                                                    
     Total Number of Routes: 2                                                      
          Network            NextHop        MED        LocPrf    PrefVal Path/Ogn   
                                                                                    
     *>   10.1.1.0/24        10.2.1.2                              0      100?      
          10.2.1.0/24        10.2.1.2        0                     0      100?    

  2. Configure BGP AS number substitution.

    Configure BGP AS number substitution on the PEs.

    # Configure PE2. PE2 is used as an example.

    [PE2] bgp 100
    [PE2-bgp] ipv4-family vpn-instance vpn1
    [PE2-bgp-vpn1] peer 10.2.1.1 substitute-as
    [PE2-bgp-vpn1] quit
    [PE2-bgp] quit
    

    Check the routing information accepted by CE2 and routing table on CE2.

    [CE2] display bgp routing-table peer 10.2.1.2 received-routes
                                                                                    
     BGP Local router ID is 10.2.1.1                                                
     Status codes: * - valid, > - best, d - damped,                                 
                   h - history,  i - internal, s - suppressed, S - Stale            
                   Origin : i - IGP, e - EGP, ? - incomplete                        
                                                                                    
                                                                                    
     Total Number of Routes: 3                                                      
          Network            NextHop        MED        LocPrf    PrefVal Path/Ogn   
                                                                                    
     *>   10.1.1.0/24        10.2.1.2                              0      100?      
          10.2.1.0/24        10.2.1.2        0                     0      100?      
     *>   10.3.1.0/24        10.2.1.2                              0      100 100?  
    
    [CE2] display ip routing-table
    Route Flags:
    R - relay, D - download to fib
    ------------------------------------------------------------------------------
    Routing Tables: Public
             Destinations : 12        Routes : 12
      Destination/Mask  Proto  Pre  Cost       Flags  NextHop         Interface
           10.1.1.0/24  EBGP   255  0          D      10.2.1.2        GigabitEthernet1/0/0
           10.2.1.0/24  Direct 0    0          D      10.2.1.1        GigabitEthernet1/0/0
           10.2.1.1/32  Direct 0    0          D      127.0.0.1       GigabitEthernet1/0/0
         10.2.1.255/32  Direct 0    0          D      127.0.0.1       GigabitEthernet1/0/0
           10.3.1.0/24  EBGP   255  0          D      10.2.1.2        GigabitEthernet1/0/0
           127.0.0.0/8  Direct 0    0          D      127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct 0    0          D      127.0.0.1       InLoopBack0
    127.255.255.255/32  Direct 0    0          D      127.0.0.1       InLoopBack0  
           10.4.1.0/24  Direct 0    0          D      10.4.1.1        GigabitEthernet2/0/0
           10.4.1.1/32  Direct 0    0          D      127.0.0.1       GigabitEthernet2/0/0
         10.4.1.255/32  Direct 0    0          D      127.0.0.1       GigabitEthernet2/0/0
    255.255.255.255/32  Direct 0    0          D      127.0.0.1       InLoopBack0

    After configuring BGP AS number substitution on PE1, you can find that CE1 and CE2 can successfully ping each other.

    [CE1] ping –a 10.3.1.1 10.4.1.1
      PING 10.4.1.1: 56  data bytes, press CTRL_C to break                         
        Reply from 10.4.1.1: bytes=56 Sequence=1 ttl=252 time=2 ms                 
        Reply from 10.4.1.1: bytes=56 Sequence=2 ttl=252 time=1 ms                 
        Reply from 10.4.1.1: bytes=56 Sequence=3 ttl=252 time=2 ms                 
        Reply from 10.4.1.1: bytes=56 Sequence=4 ttl=252 time=2 ms                 
        Reply from 10.4.1.1: bytes=56 Sequence=5 ttl=252 time=2 ms                 
                                                                                    
      --- 10.4.1.1 ping statistics ---                                             
        5 packet(s) transmitted                                                     
        5 packet(s) received                                                        
        0.00% packet loss                                                           
        round-trip min/avg/max = 1/1/2 ms      

Configuration Files

  • CE1 configuration file

    #
     sysname CE1
    #
    interface GigabitEthernet1/0/0
     ip address 10.1.1.1 255.255.255.0
    #
    interface GigabitEthernet2/0/0
     ip address 10.3.1.1 255.255.255.0
    #
    bgp 600
     peer 10.1.1.2 as-number 100
     #
     ipv4-family unicast
      undo synchronization
      import-route direct
      peer 10.1.1.2 enable
    #
    return
  • PE1 configuration file

    #
     sysname PE1
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
     mpls lsr-id 1.1.1.9
     mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip binding vpn-instance vpn1
     ip address 10.1.1.2 255.255.255.0
    #
    interface GigabitEthernet2/0/0
     ip address 20.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #  
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 3.3.3.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 3.3.3.9 enable
     #
     ipv4-family vpn-instance vpn1
      peer 10.1.1.1 as-number 600
      peer 10.1.1.1 substitute-as
      import-route direct
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 20.1.1.0 0.0.0.255
    #
    return
  • P configuration file

    #
     sysname P
    #
     mpls lsr-id 2.2.2.9
     mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip address ip address 20.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address ip address 30.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #  
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 30.1.1.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
     sysname PE2
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 100:2
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
     mpls lsr-id 3.3.3.9
     mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip binding vpn-instance vpn1
     ip address 10.2.1.2 255.255.255.0
    #
    interface GigabitEthernet2/0/0
     ip address 30.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #  
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.9 enable
     #
     ipv4-family vpn-instance vpn1
      peer 10.2.1.1 as-number 600
      peer 10.2.1.1 substitute-as
      import-route direct
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 30.1.1.0 0.0.0.255
    #
    return
  • CE2 configuration file

    #
     sysname CE2
    #
    interface GigabitEthernet1/0/0
     ip address 10.2.1.1 255.255.255.0
    #
    interface GigabitEthernet2/0/0
     ip address 10.4.1.1 255.255.255.0
    #
    bgp 600
     peer 10.2.1.2 as-number 100
     #
     ipv4-family unicast
      undo synchronization
      import-route direct
      peer 10.2.1.2 enable
    #
    return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 143603

Downloads: 361

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next