No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR650, AR1600, and AR6100 V300R003

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring EVPN Services

Configuring EVPN Services

Currently, only an EVPN can be used as a service network for auto VPN.

Context

On an auto VPN network, an EVPN needs to be configured between PEs to function as a service network.

Procedure

  • Configure a VPN instance.
    1. Run system-view

      The system view is displayed.

    2. Run ip vpn-instance vpn-instance-name

      A VPN instance is created, and the VPN instance view is displayed.

    3. (Optional) Run evpn vn-id vn-id

      A vn-id to is binded to the VPN instance.

    4. Run ipv4-family

      The IPv4 address family is enabled in the VPN instance, and the VPN instance IPv4 address family view is displayed.

    5. Run route-distinguisher route-distinguisher

      A route distinguisher (RD) is configured for the VPN instance.

      A VPN instance takes effect only after an RD is configured for it. The RDs of different VPN instances on the same PE must be different.

    6. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] evpn

      EVPN-VPN targets are configured for the VPN instance.

      EVPN-VPN targets are BGP extended community attributes used to control the receiving and advertisement of EVPN routes. A maximum of eight EVPN-VPN targets can be configured using the vpn-target evpn command at a time. To configure more EVPN-VPN targets in the EVPN instance address family, run the vpn-target evpn command several times.

    7. Run export route-policy route-policy-name evpn

      The VPN instance IPv4 address family is associated with the route-policy created when the Color attribute is set. In this manner, the routes advertised to the EVPN address family carry the Color attribute for tunnel recursion.

    8. (Optional) Run import route-policy policy-name evpn

      The VPN instance IPv4 address family is associated with an import route-policy to filter the EVPN routes imported from the EVPN address family.

      To precisely control EVPN routes, an import route-policy must also be configured. An import route-policy filters routes that are received from the EVPN address family.

    9. Run quit

      Return to the VPN instance view.

    10. Run quit

      Return to the system view.

  • Configure a BGP-EVPN peer. If no RR is deployed, perform the following steps on each PE. If an RR is deployed, perform the following steps on each PE and the RR.
    1. Run bgp as-number

      The BGP view is displayed.

    2. Run l2vpn-family evpn

      The BGP-EVPN address family is enabled, and the BGP-EVPN address family view is displayed.

    3. Run peer { ipv4-address | group-name } enable

      The capability to exchange EVPN routes with a peer or peer group is enabled.

    4. Run peer { ipv4-address | group-name } advertise encap-type sd-wan

      The device is enabled to advertise SD-WAN tunnel routes to the BGP-EVPN peer.

    5. (Optional) Run peer ipv4-address group group-name

      The BGP-EVPN peer is added to a peer group.

      Adding BGP-EVPN peers to a peer group simplifies BGP network configuration and management.

    6. Run peer { group-name | ipv4-address } route-policy route-policy-name export

      A route-policy is specified for the BGP-EVPN peer or peer group to advertise only specified routes.

      • EVPN routes can be advertised only after this command is run.
      • Only an existing route-policy can be specified in this command.

    7. (Optional) Run peer { ipv4-address | group-name } route-policy route-policy-name import

      A route-policy is specified for the BGP-EVPN peer or peer group to receive only specified routes.

      To precisely control EVPN routes, an import route-policy must also be configured. An import route-policy filters routes that are received from other BGP-EVPN peers or peer groups.

    8. (Optional) Run undo policy vpn-target

      The device is disabled from filtering received EVPN routes based on EVPN-VPN targets.

Download
Updated: 2019-04-12

Document ID: EDOC1100041799

Views: 31736

Downloads: 45

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next