No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Access of VLL to L3VPN

Configuring the Access of VLL to L3VPN

This section describes how to configure VLLs to access L3VPN. To achieve.

Before You Start

Applicable Environment

As shown in Figure 10-18, to allow a user to access the public network or an MPLS L3VPN bearer network through an MPLS L2VPN access network, the carrier can deploy a VLL to connect the user to the public network or the MPLS L3VPN.

Figure 10-18  Networking diagram of connecting a VLL to an L3VPN

Pre-configuration Tasks

Before configuring a VLL to access an L3VPN, complete the following tasks:

  • Connecting interfaces and configuring their physical parameters so as to make their physical layer Up

  • Enabling an IGP on the MPLS access network to implement IP connectivity

  • Enabling MPLS L2VPN on UPEs and NPEs

  • Creating L2VPN tunnels between UPEs and NPEs

  • Creating LDP sessions between NPEs and UPEs

  • Creating remote LDP sessions if NPEs and UPEs are not connected directly

  • Enabling an IGP on the MPLS bearer network to implement IP connectivity

  • Configuring basic functions of L3VPN on NPEs

Data Preparation

To configure a VLL to access an L3VPN, you need the following data.

No.

Data

1

VE interface number

2

VE-Group number

3

Martini VLL: Destination IP address of the L2VC, VC ID, and VC Type

Creating an L2VE Interface

Context

Perform the following steps on NPEs. This part describes how to configure an L2VE interface that terminates the L2VPN, and how to bind the L2VE interface to the relevant VE group.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface virtual-ethernet interface-number

    A VE interface is created and the VE interface view is displayed.

  3. Run ve-group ve-group-id l2-terminate

    The VE interface is set to an L2VE interface that terminates VLL, and the interface is bound to a VE-Group.

Creating an L3VE Interface

Context

Perform the following steps on NPEs. This part describes how to configure an L3VE interface that terminates the L3VPN, and how to bind the L3VE interface to the relevant VE group.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface virtual-ethernet interface-number

    A VE interface is created and the VE interface view is displayed.

  3. Run ve-group ve-group-id l3-access

    The VE interface is set to an L3VE interface that accesses the MPLS L3VPN, and it is bound to a VE-Group.

  4. (Optional) Run either of the following commands:

    • Run l3ve track pw-state

      Associates the L3VE interface state with the PW state.

      In the L2VPN access L3VPN solution, if the primary and secondary PWs have been established and corresponding L3VE interfaces have gone Up when the primary RSG recovers, the downstream traffic may switch back to the primary RSG. However, if the downstream traffic switches back to the primary RSG before the primary/secondary PW switchover is complete, the downstream traffic may be temporarily dropped. To solve this problem, run the l3ve track pw-state command to associate the L3VE interface status with the PW status.

      This configuration is mainly used in dynamic PW scenarios.

    • Run l3ve track oam-state

      Associates the L3VE interface state with the OAM state.

      In L2VPN accessing L3VPN scenarios in which PW protection is configured, if OAM (BFD, MPLS OAM, or MPLS-TP OAM) detects that services are interrupted between an AGG and a CSG, OAM does not trigger the L3VE interface to withdraw reverse routes. Therefore, reverse traffic is still forwarded along the faulty PW until route convergence is complete, which causes traffic loss. To resolve this problem, run the l3ve track oam-state command to enable the association between the L3VE interface status and the OAM status.

      This configuration is mainly used in static PW scenarios.

Associating the L2VE Interface with a VLL

Context

Perform the following steps on NPEs. This part describes how to associate an L2VE interface with a Martini VLL or an SVC VLL. At present, an L2VE interface can only be bound to a Martini VLL or an SVC VLL.

Procedure

  • Configure the Martini VLL.
    1. Run system-view

      The system view is displayed.

    2. Run mpls l2vpn

      The MPLS L2VPN view is displayed.

    3. Run quit

      Return to the system view.

    4. Run interface virtual-ethernet interface-number.subinterface-number

      The L2VE sub-interface view is displayed.

      At present, only the L2VE sub-interface can be configured with L2VPN. The VC type of the Martini VLL for the VE sub-interface is VLAN.

    5. Run dot1q termination vid low-pe-vid

      Setting the single VLAN ID for Dot1q termination on a sub-interface.

    6. Run mpls l2vc ip-address vc-id [ [ control-word | no-control-word ] | [ raw | tagged ] | tunnel-policy policy-name ] *

      A Martini VLL is created.

      The tunnel policy for a Martini VLL defaults to LSP and no load balancing is performed. If a tunnel of another type is needed, you can specify tunnel-policy policy-name to apply the corresponding tunnel policy.

      To create a Martini VLL, you need to specify the IP address and VC ID of the destination PE. The VC IDs of PEs at both ends of the VC must be consistent.

  • Configure the SVC VLL.
    1. Run system-view

      The system view is displayed.

    2. Run mpls l2vpn

      The MPLS L2VPN is enabled.

    3. Run quit

      Return to the system view.

    4. Run interface virtual-ethernet interface-number.subinterface-number

      The L2VE sub-interface view is displayed.

    5. Run dot1q termination vid low-pe-vid

      Setting the single VLAN ID for Dot1q termination on a sub-interface.

    6. Run mpls static-l2vc { { destination ip-address | pw-template pw-template-name vc-id } * transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value [ [ tunnel-policy tnl-policy-name ] | [ { control-word | no-control-word } ] | [ { raw | tagged } ] | [ secondary ] ]*

      A static VC is created.

      NOTE:

      The parameters raw and tagged are needed only for the Ethernet link.

Configuring the Access of a User to L3VPN

Context

Perform the following steps on NPEs.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface virtual-ethernet interface-number.subinterface-number

    The L3VE interface view is displayed.

    At present, only the L2VE sub-interface can be configured with L2VPN.

  3. Run dot1q termination vid low-pe-vid

    Setting the single VLAN ID for Dot1q termination on a sub-interface.

  4. Run ip binding vpn-instance vpn-instance-name

    The L3VE interface is associated with a VPN instance.

  5. Run ip address ip-address { mask | mask-length }

    An IP address is configured for the L3VE interface.

    NOTE:

    The IP address is a private network address of MPLS L3VPN.

Verifying the configuration of Martini VLL to Access L3VPN

Context

After configuring a Martini VLL to access L3VPN successfully, you can view the binding relationship between VE interfaces and the VE group, and information about the Martini VLL.

Procedure

  • Run the display virtual-ethernet ve-group [ ve-group-id | slot slot-id ] command to check the binding relationship between VE interfaces and the VE-Group.
  • Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command to check information about a Martini VLL.
  • Run the display vll ccc [ ccc-name | type { local | remote } ] command to check the status of the local CCC.
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 142280

Downloads: 357

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next