No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR650, AR1600, and AR6100 V300R003

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring DSVPN QoS

Example for Configuring DSVPN QoS

Networking Requirements

A large enterprise has the headquarters (Hub) and multiple branches (Spoke1 and Spoke2 in this example). The Hub and Spokes are interconnected through DSVPN.

The enterprise needs to control Hub access traffic of the Spokes to prevent bandwidth congestion and jitter in the Hub. To meet this requirement, configure DSVPN QoS.

Figure 3-26  Configuring DSVPN QoS

Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure DSVPN for interconnection between the Spokes and Hub.

  2. Configure DSVPN QoS on the Hub for QoS management on traffic of the Spokes.

    • Configure an NHRP group on the Spokes.
    • Configure matching rules for traffic classification based on the NHRP group, traffic policing, and traffic shaping on the Hub.
NOTE:
V300R003C10 and later versions support this configuration.

Procedure

  1. Configure IP addresses for interfaces.

    Configure IP addresses for interfaces on each Router.

    # Configure IP addresses for interfaces of the Hub.

    <Huawei> system-view
    [Huawei] sysname Hub
    [Hub] interface GigabitEthernet 1/0/0
    [Hub-GigabitEthernet1/0/0] ip address 1.1.1.10 255.255.255.0
    [Hub-GigabitEthernet1/0/0] quit
    [Hub] interface tunnel 0/0/0
    [Hub-Tunnel0/0/0] ip address 172.16.1.1 255.255.255.0
    [Hub-Tunnel0/0/0] quit
    [Hub] interface loopback 0
    [Hub-LoopBack0] ip address 192.168.0.1 255.255.255.0
    [Hub-LoopBack0] quit
    

    Configure IP addresses for interfaces of Spoke1 and Spoke2 according to Figure 3-26. The configuration is similar to that of the Hub.

  2. Configure reachable public network routes between Routers.

    Configure OSPF on each Router to provide reachable public network routes.

    # Configure OSPF on the Hub.

    [Hub] ospf 2 router-id 1.1.1.10
    [Hub-ospf-2] area 0.0.0.1
    [Hub-ospf-2-area-0.0.0.1] network 1.1.1.0 0.0.0.255
    [Hub-ospf-2-area-0.0.0.1] quit
    [Hub-ospf-2] quit
    

    # Configure OSPF on Spoke1.

    [Spoke1] ospf 2 router-id 1.1.2.10
    [Spoke1-ospf-2] area 0.0.0.1
    [Spoke1-ospf-2-area-0.0.0.1] network 1.1.2.0 0.0.0.255
    [Spoke1-ospf-2-area-0.0.0.1] quit
    [Spoke1-ospf-2] quit
    

    # Configure OSPF on Spoke2.

    [Spoke2] ospf 2 router-id 1.1.3.10
    [Spoke2-ospf-2] area 0.0.0.1
    [Spoke2-ospf-2-area-0.0.0.1] network 1.1.3.0 0.0.0.255
    [Spoke2-ospf-2-area-0.0.0.1] quit
    [Spoke2-ospf-2] quit
    

  3. Configure basic OSPF functions.

    # Configure the Hub.

    [Hub] ospf 1 router-id 172.16.1.1
    [Hub-ospf-1] area 0.0.0.0
    [Hub-ospf-1-area-0.0.0.0] network 172.16.1.0 0.0.0.255
    [Hub-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
    [Hub-ospf-1-area-0.0.0.0] quit
    [Hub-ospf-1] quit
    

    # Configure Spoke1.

    [Spoke1] ospf 1 router-id 172.16.1.2
    [Spoke1-ospf-1] area 0.0.0.0
    [Spoke1-ospf-1-area-0.0.0.0] network 172.16.1.0 0.0.0.255
    [Spoke1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
    [Spoke1-ospf-1-area-0.0.0.0] quit
    [Spoke1-ospf-1] quit
    

    # Configure Spoke2.

    [Spoke2] ospf 1 router-id 172.16.1.3
    [Spoke2-ospf-1] area 0.0.0.0
    [Spoke2-ospf-1-area-0.0.0.0] network 172.16.1.0 0.0.0.255
    [Spoke2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
    [Spoke2-ospf-1-area-0.0.0.0] quit
    [Spoke2-ospf-1] quit
    
    NOTE:

    Here, each Spoke has one subnet. If the subnet environment changes, you only need to configure dynamic route attributes on the local device.

  4. Configure tunnel interfaces.

    On the Hub and Spokes, set the OSPF network type to P2MP for interconnection between the Spokes and Hub. Enable NHRP redirect on the Hub. Configure the Hub's static NHRP peer entries and enable NHRP shortcut on Spoke1 and Spoke2.

    # Configure a tunnel interface and OSPF route attributes and enable NHRP redirect on the Hub.
    [Hub] interface tunnel 0/0/0
    [Hub-Tunnel0/0/0] tunnel-protocol gre p2mp
    [Hub-Tunnel0/0/0] source GigabitEthernet 1/0/0
    [Hub-Tunnel0/0/0] nhrp entry multicast dynamic
    [Hub-Tunnel0/0/0] ospf network-type p2mp
    [Hub-Tunnel0/0/0] nhrp redirect
    [Hub-Tunnel0/0/0] quit
    
    # Configure a tunnel interface, OSPF route attributes, and the Hub's static NHRP peer entry, and enable NHRP shortcut on Spoke1.
    [Spoke1] interface tunnel 0/0/0
    [Spoke1-Tunnel0/0/0] tunnel-protocol gre p2mp
    [Spoke1-Tunnel0/0/0] source GigabitEthernet 1/0/0
    [Spoke1-Tunnel0/0/0] nhrp entry 172.16.1.1 1.1.1.10 register
    [Spoke1-Tunnel0/0/0] ospf network-type p2mp
    [Spoke1-Tunnel0/0/0] nhrp shortcut
    [Spoke1-Tunnel0/0/0] quit
    
    # Configure a tunnel interface, OSPF route attributes, and the Hub's static NHRP peer entry, and enable NHRP shortcut on Spoke2.
    [Spoke2] interface tunnel 0/0/0
    [Spoke2-Tunnel0/0/0] tunnel-protocol gre p2mp
    [Spoke2-Tunnel0/0/0] source GigabitEthernet 1/0/0
    [Spoke2-Tunnel0/0/0] nhrp entry 172.16.1.1 1.1.1.10 register
    [Spoke2-Tunnel0/0/0] ospf network-type p2mp
    [Spoke2-Tunnel0/0/0] nhrp shortcut
    [Spoke2-Tunnel0/0/0] quit
    

  5. Configure DSVPN QoS.

    # Configure traffic policing and shaping on the Hub.

    [Hub] traffic classifier test
    [Hub-classifier-test] if-match nhrp-group spoke
    [Hub-classifier-test] quit
    [Hub] traffic behavior test
    [Hub-behavior-test] car cir 1024 cbs 192512 pbs 320512 green pass yellow pass red discard
    [Hub-behavior-test] gts cir pct 60 queue-length 100
    [Hub-behavior-test] statistic enable
    [Hub-behavior-test] quit
    [Hub] traffic policy p1
    [Hub-trafficpolicy-p1] classifier test behavior test
    [Hub-trafficpolicy-p1] quit
    [Hub] interface tunnel 0/0/0
    [Hub-Tunnel0/0/0] traffic-policy p1 inbound
    [Hub-Tunnel0/0/0] traffic-policy p1 outbound
    [Hub-Tunnel0/0/0] quit
    

    # Configure an NHRP group on Spoke1.

    [Spoke1] interface tunnel 0/0/0
    [Spoke1-Tunnel0/0/0] nhrp group spoke
    [Spoke1-Tunnel0/0/0] quit
    

    # Configure an NHRP group on Spoke2.

    [Spoke2] interface tunnel 0/0/0
    [Spoke2-Tunnel0/0/0] nhrp group spoke
    [Spoke2-Tunnel0/0/0] quit
    

  6. Verify the configuration.

    • The Spokes can ping the Hub and each other successfully. For example, you can run the ping -a 192.168.1.1 192.168.2.1 on Spoke1 to ping the private address of Spoke2.

      [Spoke1] ping -a 192.168.1.1 192.168.2.1
        PING 192.168.2.1: 56  data bytes, press CTRL_C to break
          Reply from 192.168.2.1: bytes=56 Sequence=1 ttl=254 time=4 ms
          Reply from 192.168.2.1: bytes=56 Sequence=2 ttl=255 time=2 ms
          Reply from 192.168.2.1: bytes=56 Sequence=3 ttl=255 time=2 ms
          Reply from 192.168.2.1: bytes=56 Sequence=4 ttl=255 time=9 ms
          Reply from 192.168.2.1: bytes=56 Sequence=5 ttl=255 time=2 ms
      
        --- 192.168.2.1 ping statistics ---
          5 packet(s) transmitted
          5 packet(s) received
          0.00% packet loss
          round-trip min/avg/max = 2/3/9 ms
      
    • When the Hub's outgoing traffic exceeds the peak burst traffic 320512 bytes, traffic statistics show that traffic loss occurs. When the bandwidth percentage exceeds 60%, the rate of outgoing packets is controlled to ensure that packets are sent at an even rate.

Configuration Files

  • Hub configuration file

    #
    sysname Hub
    #
    traffic classifier test operator or
     if-match nhrp-group  spoke
    #
    traffic behavior test
     car cir 1024 cbs 192512 pbs 320512 mode color-blind green pass yellow pass red discard
     gts cir pct 60 queue-length 100
     statistic enable
    #
    traffic policy p1
     classifier test behavior test precedence 5
    #
    interface GigabitEthernet1/0/0
     ip address 1.1.1.10 255.255.255.0
    # 
    interface LoopBack0
     ip address 192.168.0.1 255.255.255.0
    # 
    interface Tunnel0/0/0
     ip address 172.16.1.1 255.255.255.0
     tunnel-protocol gre p2mp
     source GigabitEthernet1/0/0
     traffic-policy p1 inbound
     traffic-policy p1 outbound 
     ospf network-type p2mp
     nhrp redirect
     nhrp entry multicast dynamic
    # 
    ospf 1 router-id 172.16.1.1
     area 0.0.0.0
      network 172.16.1.0 0.0.0.255
      network 192.168.0.0 0.0.0.255
    # 
    ospf 2 router-id 1.1.1.10
     area 0.0.0.1
      network 1.1.1.0 0.0.0.255
    # 
    return
    
  • Spoke1 configuration file

    #
    sysname Spoke1
    # 
    interface GigabitEthernet1/0/0
     ip address 1.1.2.10 255.255.255.0
    # 
    interface LoopBack0
     ip address 192.168.1.1 255.255.255.0
    # 
    interface Tunnel0/0/0
     ip address 172.16.1.2 255.255.255.0
     tunnel-protocol gre p2mp
     source GigabitEthernet1/0/0
     ospf network-type p2mp
     nhrp shortcut
     nhrp entry 172.16.1.1 1.1.1.10 register
     nhrp group spoke
    # 
    ospf 1 router-id 172.16.1.2
     area 0.0.0.0
      network 172.16.1.0 0.0.0.255
      network 192.168.1.0 0.0.0.255
    # 
    ospf 2 router-id 1.1.2.10
     area 0.0.0.1
      network 1.1.2.0 0.0.0.255
    # 
    return
    
  • Spoke2 configuration file

    #
    sysname Spoke2
    # 
    interface GigabitEthernet1/0/0
     ip address 1.1.3.10 255.255.255.0
    # 
    interface LoopBack0
     ip address 192.168.2.1 255.255.255.0
    # 
    interface Tunnel0/0/0
     ip address 172.16.1.3 255.255.255.0
     tunnel-protocol gre p2mp
     source GigabitEthernet1/0/0
     ospf network-type p2mp
     nhrp shortcut
     nhrp entry 172.16.1.1 1.1.1.10 register
     nhrp group spoke
    # 
    ospf 1 router-id 172.16.1.3
     area 0.0.0.0
      network 172.16.1.0 0.0.0.255
      network 192.168.2.0 0.0.0.255
    # 
    ospf 2 router-id 1.1.3.10
     area 0.0.0.1
      network 1.1.3.0 0.0.0.255
    # 
    return
    
Download
Updated: 2019-04-12

Document ID: EDOC1100041799

Views: 31367

Downloads: 43

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next