No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR650, AR1600, and AR6100 V300R003

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Auto VPN Fundamentals

Auto VPN Fundamentals

Definition

Auto VPN is a VPN technology that is used to separate the overlay network from the underlying transport network and separate service network routes from transport network routes. Auto VPN uses a mechanism similar to BGP/MPLS IP VPN. It uses BGP extension and reachability information after extension to make underlying transport networks of different sites to interwork with each other. It controls protocols and advertises routes in a unified manner through multiple VPN capabilities of BGP to transfer tunnel encapsulation information between different site networks from the data plane to the control plane.

Figure 1-2 shows the basic usage scenario of auto VPN.

Figure 1-2  Usage scenario of auto VPN

Auto VPN Routes

The format of NLRI specific to an auto VPN route is shown in Figure 1-3.

Figure 1-3  Format of NLRI specific to an auto VPN route

The description of each field is as follows.

Field

Description

NLRI Length

Length of an address prefix.

Tunnel Type

Tunnel type carried in the route.

Distinguisher

Service ID of the tunnel.

Color

ID of a PE and index of the recursive tunnel on the PE.

Endpoint

Destination node of the tunnel, 4 or 16 bytes. If the address family identifier (AFI) is IPv4, this field indicates an IPv4 address. If the AFI is IPv6, this field indicates an IPv6 address.

Tunnel Encapsulation Attribute

Tunnel Encapsulation Attribute, which is an optional transitive attribute, is added. The field is used to carry tunnel encapsulation information.

Concepts of auto VPN

  • DTLS: In an SD-WAN scenario, a CPE establishes a DTLS connection with an RR to set up a control channel, so that transport network port (TNP) information can be exchanged between the CPE and RR. The CPE-RR connection is calculated through sending and reflecting TNP information to set up a management channel, namely, a BGP peer relationship is established using the system ip between the RR and site.
  • TNP: A CPE is connected to a WAN interface of the transport network. The key information includes the site ID, transport network-ID, public IP address, private IP address, and tunnel encapsulation. The key information is delivered by the Agile Controller-Campus to the CPE. A site advertises local TNP information to the RR through the route with Tunnel Type200, and the RR reflects the routing information to another site, so that the site ID and tunnel encapsulation information can be transferred.

Auto VPN Route Advertisement Process

Auto VPN routes are advertised through the following process:

If no RR is deployed:
  1. PE1 and PE2 establish an auto VPN peer relationship.
  2. PE1 and PE2 use BGP to advertise routes.
  3. After PE1 and PE2 receive routes from each other, the system saves the tunnel encapsulation information carried in the routes.
If an RR is deployed:
  1. PE1 and PE2 each establish an auto VPN peer relationship with the RR.
  2. PE1 and PE2 use BGP to advertise routes to the RR, which then reflects the routes.
  3. After PE1 and PE2 receive routes from each other, the system saves the tunnel encapsulation information carried in the routes.
Figure 1-4  Auto VPN networking diagram

Download
Updated: 2019-04-12

Document ID: EDOC1100041799

Views: 31539

Downloads: 45

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next