No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring HoVPN

Configuring HoVPN

The HoVPN networking reduces the requirements for PE devices.

Pre-configuration Tasks

Before configuring HoVPN, complete the task of Configuring Basic BGP/MPLS IP VPN Functions.

Configuration Procedure

In addition to basic BGP/MPLS IP VPN configuration, you need to specify UPE devices on the SPE device and advertise default routes of VPN instances to the UPE devices.

When VPN services need to be transmitted over TE tunnels or when multiple tunnels need to perform load balancing to fully use network resources, you also need to complete the task of Configuring Tunnel Policies.

NOTE:

The VPN instance status obtained from a management information base (MIB) or schema is Up only if at least one interface bound to the VPN instance is Up. On an HoVPN, VPN instances on SPEs are not bound to interfaces. As a result, the VPN instance status obtained from a MIB or schema is always Down. To solve this problem, run the transit-vpn command in the VPN instance view or VPN instance IPv4 address family view of an SPE. Then, the VPN instance status obtained from a MIB or schema is always Up, no matter whether the VPN instance is bound to interfaces.

Perform the following steps on the SPE device.

Procedure

  1. Specify a UPE device.
    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run peer { ipv4-address | group-name } as-number as-number

      A UPE device is specified as the BGP peer of the SPE.

    4. Run ipv4-family vpnv4 [ unicast ]

      The BGP-VPNv4 family is displayed.

    5. Run peer { ipv4-address | group-name } enable

      The capability of exchanging BGP VPNv4 routing information with the peer is enabled.

    6. Run peer { ipv4-address | group-name } upe

      The peer is specified as the UPE of the SPE.

  2. Advertise default routes of a VPN instance.
    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run ipv4-family vpnv4

      The BGP-VPNv4 family view is displayed.

    4. Run peer { ipv4-address | group-name } default-originate vpn-instance vpn-instance-name

      The default routes of a specified VPN instance are advertised to the UPE device.

      After running the command, the SPE advertises a default route to the UPE with its local address as the next hop, regardless of whether there is a default route in the local routing table.

Verifying the Configuration

After completing the HoVPN configuration, run the display ip routing-table command on the CE devices. You can see that the local CE device does not have any route to the network segment of the remote CE interface but has a default route with the next hop as the UPE device.

Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 153443

Downloads: 369

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next