No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR650, AR1600, and AR6100 V300R003

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Routing Auto VPN Traffic Through a Hub-CE Device

Routing Auto VPN Traffic Through a Hub-CE Device

Service Description

When a carrier provides services over a network with a Hub-PE device and a Hub-CE device deployed, traffic is expected to pass through both of the two devices.

Figure 1-8  Routing auto VPN traffic through a Hub-CE device

Networking Description

On the network shown in Figure 1-8, to transmit traffic through the Hub-PE device and then forward it to the Hub-CE device, the following configurations need to be performed on the RR and Hub-PE device:

  • Enable the RR to modify the path attribute of BGP routes based on an export route-policy.
  • Configure a route-policy named evpn_export_policy.
  • Specify the RTs and Color extcommunity attributes of PE1 and PE2 in the route-policy to filter routes.
  • Apply the Color value of the Hub-PE device to the matched routes and change the next hop to the Hub-PE device.
  • Change the VN ID of the matched routes to the VN ID of vpn_out on the Hub-PE device to guide subsequent route lookup and traffic forwarding.
  • Create two VPN instances (vpn_in and vpn_out) on the Hub-PE device. The EVPN-VPN target received by vpn_in is the same as that advertised by PE1. The EVPN-VPN target advertised by vpn_out is different from that received by vpn_out and is the same as that received by PE2.
  • On the Hub-PE device, set the number of times that the local AS number can be repeated to 1.

Because the Color value of the routes received by PE2 is the same as the Color value of the Hub-PE device, traffic is recursively sent to the tunnel between PE1 and the Hub-PE device for transmission. Because the VN ID in the routes received by PE2 is the same as the VN ID of vpn_out on the Hub-PE device, the Hub-PE device searches the vpn_out routing table for a route. Traffic is forwarded to the Hub-PE device through the Hub-CE device and then sent to PE2 through the tunnel between the Hub-PE device and PE2.

Download
Updated: 2019-04-12

Document ID: EDOC1100041799

Views: 31581

Downloads: 45

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next