No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - IP Multicast 01

This is NE40E V800R010C10SPC500 Configuration Guide - IP Multicast
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Inter-AS NG MVPN Option B

Configuring Inter-AS NG MVPN Option B

This section describes how to configure inter-AS NG MVPN Option B, in which ASBRs use MP-EBGP to advertise labeled VPNv4 routes.

Usage Scenario

In inter-AS NG MVPN Option B, ASBRs establish MP-BGP peer relationships and exchange VPN routes. The interfaces that connect the ASBRs do not need to be bound to VPNs. A PE and an ASBR establish an IBGP peer relationship, and two ASBRs establish an EBGP peer relationship. The public network uses non-segmented inter-AS mLDP tunnels to carry multicast VPN traffic. Figure 9-5 shows inter-AS NG MVPN Option B networking.

Figure 9-5 Inter-AS NG MVPN-Option B

Pre-configuration Tasks

Before configuring inter-AS NG MVPN Option B, complete the following tasks:

  • Configure an IGP for the MPLS backbone network of each AS to ensure IP connectivity on each backbone network.

  • Configure basic MPLS capabilities for the MPLS backbone network of each AS and establish LDP LSPs between MP-IBGP peers.

  • Configure a VPN instance on each PE connected to a CE and bind interfaces to VPN instances.

  • Assign an IP address to each CE interface that is connected to a PE.

Configuration Procedures

Figure 9-6 Flowchart for configuring inter-AS NG MVPN Option B

Configuring Global MPLS LDP Functions and Enabling MPLS LDP on Interfaces

Global LDP must be enabled on each node before LDP services can be configured in an MPLS domain.

Procedure

  • Configuring Global MPLS LDP Functions
    1. Run system-view

      The system view is displayed.

    2. Run mpls lsr-id lsr-id

      The LSR ID of the local node is configured.

      When configuring an LSR ID, note the following:
      • LSR IDs must be set before you run other MPLS commands.

      • An LSR ID must be manually configured because no default LSR ID is available.

      • The LSR ID, MVPN ID, and IP address of the BGP peer interface (usually a loopback interface) configurations must be consistent.

      • Using the IP address of a loopback interface on an LSR as an LSR ID is recommended.

        The undo mpls command deletes all MPLS configurations, including the established LDP sessions and LSPs.

    3. Run mpls

      MPLS is enabled globally, and the MPLS view is displayed.

    4. Run mpls ldp

      MPLS LDP is enabled globally, and the MPLS-LDP view is displayed.

    5. Run commit

      The configurations are committed.

  • Enabling MPLS LDP on Interfaces
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The view of the interface on which an LDP session is to be established is displayed.

    3. Run mpls

      MPLS is enabled on an interface.

    4. Run mpls ldp

      MPLS LDP is enabled on an interface.

      NOTE:

      Disabling MPLS LDP from an interface leads to interruptions of all LDP sessions on the interface and deletions of all LSPs established over these LDP sessions.

    5. Run commit

      The configurations are committed.

Configuring an Automatic mLDP P2MP Tunnel

Automatic mLDP P2MP tunnels can only transmit NG MVPN and multicast VPLS traffic.

Context

There is no need to manually specify leaf nodes before automatic mLDP P2MP tunnels are triggered.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run mpls ldp

    The MPLS-LDP view is displayed.

  3. Run mldp p2mp

    mLDP P2MP is enabled globally.

  4. (On the ASBRs and receiver PE) Run mldp recursive-fec

    The inter-AS mLDP P2MP is enabled.

  5. Run commit

    The configuration is committed.

Configuring a Static RP

To use a static Rendezvous Point (RP) in a PIM-SM domain, configure the same RP address and same address arrange of multicast groups that the RP serves on all routers in the PIM-SM domain.

Context

If a network is divided into multiple PIM-SM domains and the static RP needs to be used, configure the same static RP address on all the CEs and PEs in one PIM-SM domain to specify the range of each PIM-SM domain.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure a basic numbered ACL or a naming ACL as needed.

    • Configure a basic numbered ACL.

      1. Run acl [ number ] basic-acl-number [ match-order { auto | config } ]

        A basic numbered ACL is created, and the basic numbered ACL view is displayed.

      2. Run rule [ rule-id ] [ name rule-name ] { deny | permit } source { source-ip-address { source-wildcard | 0 } | any }

        Rules are configured for the basic numbered ACL.

    • Configure a naming ACL.

      1. Run acl name acl-name basic [ match-order { auto | config } ]

        A naming ACL is created, and the naming ACL view is displayed.

      2. Run rule [ rule-id ] [ name rule-name ] { deny | permit } source { source-ip-address { source-wildcard | 0 } | any }

        Rules are configured for the naming ACL.

    Run the rule command and set the source parameter to the multicast group range to be served by the static RP.

  3. Run quit

    Return to the system view.

  4. Run pim [ vpn-instance vpn-instance-name ]

    The PIM view is displayed.

  5. Run static-rp rp-address [ basic-acl-number | acl-name acl-name ] [ preferred ]

    A static RP is specified.

    You can run this command repeatedly to configure multiple static RPs for the router.

    • rp-address: specifies the static RP address.

    • basic-acl-number: specifies an access control list. Such a list defines the range of multicast groups that the static RP serves. If a multicast group is in the service range of more than one static RP, the multicast group is served by the static RP with the largest IP address.

    • preferred: indicates that the static RP takes precedence. If Candidate-Rendezvous Points (C-RPs) are also configured and preferred is specified in the static-rp command, routers prefer the statically specified RP; otherwise, C-RPs are preferred.

    NOTE:
    • If no ACL is configured, the static RP serves all multicast groups.
    • If an ACL is configured, the device uses configured ACL rules to filter multicast groups to be served by the static RP.
      • If a multicast group matches an ACL rule and the action is permit, the static RP serves this multicast group.
      • If a multicast group matches an ACL rule and the action is deny, the static RP does not serve this multicast group.
      • If a multicast group does not match any ACL rule or if a specified ACL does not exist or does not contain rules, the static RP serves all multicast groups.

  6. (Optional) Run source-lifetime interval

    The timeout period of multicast source entries is specified.

    Each a (S,G) entry has a timer. When the router receives a multicast packet from the source, it will reset the timer of the corresponding entry. If no multicast packet of the source is received with the timeout period, the (S,G) entry is considered invalid.

  7. Run commit

    The configuration is committed.

Configuring MP-IBGP Between a PE and an ASBR in the Same AS

By introducing extended community attributes into BGP, MP-IBGP can advertise VPNv4 routes between the PE and ASBR.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run bgp as-number

    The BGP view is displayed.

  3. Run peer peer-address as-number as-number

    The IBGP peer relationship is set up between the PE and ASBR in the same AS.

  4. Run peer peer-address connect-interface loopback interface-number

    The loopback interface is specified as the outbound interface of the BGP session.

  5. Run ipv4-family vpnv4 [ unicast ]

    The BGP-VPNv4 address family view is displayed.

  6. Run peer peer-address enable

    The function to exchange VPNv4 routes between the PE and ASBR is enabled.

    NOTE:

    In the NE40E, an ASBR can change the next-hop address of a VPNv4 route to the ASBR's address before advertising the route to a PE.

  7. Run commit

    The configuration is committed.

Configuring MP-EBGP Between ASBRs in Different ASs

After an MP-EBGP peer relationship is established between ASBRs, an ASBR can advertise the VPNv4 routes of its AS to the other ASBR.

Context

In inter-AS NG MVPN Option B, you do not need to create VPN instances on ASBRs. The ASBR does not filter the VPNv4 routes received from the PE in the same AS based on VPN targets. Instead, it advertises the received routes to the peer ASBR through MP-EBGP.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run bgp as-number

    The BGP view is displayed.

  3. Run peer peer-address as-number as-number

    The peer ASBR is specified as an EBGP peer.

  4. Run ipv4-family vpnv4 [ unicast ]

    The BGP-VPNv4 address family view is displayed.

  5. Run peer peer-address enable

    The function to exchange VPNv4 routes with the peer ASBR is enabled.

  6. Run commit

    The configuration is committed.

Configuring BGP MVPN Peers

Establish a BGP MVPN peer relationship between PEs belonging to the same MVPN, so that the PEs can use BGP to exchange BGP A-D and BGP C-multicast routes.

Context

To exchange BGP A-D and BGP C-multicast routes, different PEs on an MVPN must be able to discover other PEs on the MVPN. The discovery process is called MVPN membership auto discovery (AD). An NG MVPN uses BGP to implement this process. To support MVPN membership autodiscovery, BGP defines a new BGP-MVPN address family.

On an NG MVPN, a PE can be either a sender or receiver PE. To transmit multicast traffic from multicast sources to multicast receivers, sender PEs must establish BGP MVPN peer relationships with receiver PEs.

Perform the following steps on PEs and ASBRs.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run bgp { as-number-plain | as-number-dot }

    The BGP view is displayed.

  3. Run ipv4-family mvpn

    The BGP-MVPN address family view is displayed.

  4. (On PEs) Run policy vpn-target

    The VPN-Target filter function is enabled on PEs.

  5. (On ASBRs) Run undo policy vpn-target

    The VPN-Target filter function is disabled on ASBRs.

  6. Run peer { ipv4-address | group-name } enable

    The device is specified as a BGP MVPN peer.

  7. Run commit

    The configuration is committed.

(Optional) Configuring Intra-AS MSDP Peers

If multiple PIM-SM domains exist in an AS or multiple Rendezvous Points (RPs) serving different multicast groups exist in a PIM-SM domain, configure MSDP peer relationships between RPs (including static RPs and Candidate-Rendezvous Points (C-RPs)) and add all MSDP peers to the same mesh group.

Context

If a CE is configured as a RP, the MSDP peer should be configured on the CE and the PE that connects to the CE.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run msdp [ vpn-instance vpn-instance-name ]

    The MSDP view is displayed.

  3. Run peer peer-address connect-interface interface-type interface-number

    An MSDP peer connection is set up.

    • peer-address: specifies the IP address of a remote MSDP peer.

    • interface-type interface-number: specifies the local interface connected with the remote MSDP peer.

  4. Run commit

    The configuration is committed.

Configuring a P2MP LSP to Carry Multicast Traffic

An NG MVPN uses P2MP LSPs to carry multicast traffic. You can configure either RSVP-TE P2MP or mLDP P2MP LSPs.

Context

P2MP LSPs that carry multicast traffic can only be mLDP P2MP LSPs. mLDP P2MP LSPs are easy to configure. In networks that do not require control over destination nodes, it is usually used to carry multicast traffic if high service quality is not required. The signaling packets do not need to be periodically sent, reducing network load.

Procedure

  • Perform the following steps on a PE to be configured as a sender PE:
    1. Run system-view

      The system view is displayed.

    2. Run multicast mvpn mvpn-id

      An MVPN ID is configured.

    3. Run ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    4. Run ipv4-family

      The VPN instance IPv4 address family view is displayed.

    5. Run route-distinguisher route-distinguisher

      The RD is configured for VPN instance IPv4 address family.

    6. Run vpn-target vpn-target1 &<1-8> [ both | export-extcommunity | import-extcommunity ]

      The VPN-target extended community is configured for VPN instance IPv4 address family, the VPN instance can receive VPNv4 routes.

    7. Run multicast routing-enable

      Multicast routing is enabled in for VPN instance IPv4 address family.

    8. Run mvpnThe VPN instance IPv4 address family MVPN view is displayed.

    9. Run sender-enable

      The PE is configured as a sender PE. By default, a PE is a receiver PE.

    10. Run c-multicast signaling bgp

      BGP is configured as the signaling protocol for transmitting C-multicast routes.

    11. (Optional) Configure the PIM-SM MDT setup mode:

      • If you want PIM-SM MDTs to be set up across the public network, run the rpt-spt mode command.
      • If you want PIM-SM MDTs to be set up not across the public network, run the spt-only mode command.

      By default, PIM-SM MDTs cannot be set up.

    12. Run auto-discovery inter-as

      Inter-AS auto discovery is enabled.

    13. (Optional) Run import msdp

      The function of transmitting (S, G) entry information in Multicast Source Discovery Protocol (MSDP) Source Active (SA) messages to the remote PE through BGP Source Active A-D routes is enabled.

      If PIM-SM MDT setup is not across the public network, you can configure a PE or CE as a VPN instance's rendezvous point (RP). If a CE is configured as an RP, the CE needs to establish an MDSP peer relationship with its connected PE and transmit (S, G) entry information to the PE through MSDP SA messages. To enable this PE to transmit the (S, G) entry information to the remote PE through BGP Source Active A-D routes, run the import msdp command.

    14. Run ipmsi-tunnel

      The MVPN I-PMSI view is displayed.

    15. Run mldp (MVPN I-PMSI view)

      mLDP is used to establish an I-PMSI tunnel

    16. Run commit

      The configuration is committed.

  • Perform the following steps on a PE to be configured as a receiver PE:
    1. Run system-view

      The system view is displayed.

    2. Run multicast mvpn mvpn-id

      An MVPN ID is configured.

    3. Run ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    4. Run ipv4-family

      The VPN instance IPv4 address family view is displayed.

    5. Run route-distinguisher route-distinguisher

      The RD is configured for VPN instance IPv4 address family.

    6. Run vpn-target vpn-target1 &<1-8> [ both | export-extcommunity | import-extcommunity ]

      The VPN-target extended community is configured for VPN instance IPv4 address family, the VPN instance can receive VPNv4 routes.

    7. Run multicast routing-enable

      Multicast routing is enabled in for VPN instance IPv4 address family.

    8. Run mvpn

      The VPN instance IPv4 address family MVPN view is displayed.

    9. Run c-multicast signaling bgp

      BGP is configured as the signaling protocol for transmitting C-multicast routes.

    10. (Optional) Configure the PIM-SM MDT setup mode:

      • If you want PIM-SM MDTs to be set up across the public network, run the rpt-spt mode command.
      • If you want PIM-SM MDTs to be set up not across the public network, run the spt-only mode command.

      By default, PIM-SM MDTs cannot be set up.

    11. Run auto-discovery inter-as

      Inter-AS auto discovery is enabled.

    12. (Optional) Run export msdp

      The function of transmitting (S, G) entry information in BGP Source Active A-D routes to the RP through MSDP SA messages is enabled.

      If PIM-SM MDT setup is not across the public network, you can configure a PE or CE as a VPN instance's RP. If a CE is configured as an RP, the CE needs to establish an MDSP peer relationship with its connected PE. To enable this PE to transmit (S, G) entry information in BGP Source Active A-D routes to the CE configured as the RP, run the export msdp command.

    13. Run commit

      The configuration is committed.

Configuring PIM

Configuring PIM on a VPN allows a VPN multicast routing table to be established to guide multicast traffic forwarding.

Context

NG MVPNs also use PIM as the multicast routing protocol on the user network. PIM neighbor relationships can be established between devices only after PIM-SM is enabled on interfaces. Then a VPN multicast routing table can be established to guide multicast traffic forwarding.

Enable the PIM-SM and IGMP on the PE interfaces bound to VPN isntances and the CE interfaces.

Procedure

  1. Run system-view

    The system view is displayed.

  2. (On CE) Run multicast routing-enable

    The multicast routing is enabled.

  3. Run interface interface-type interface-number

    The interface view is displayed.

  4. Run pim sm

    PIM-SM is enabled.

  5. (On the user access interfaces of CE) Run igmp enable

    IGMP is enabled.

  6. Run commit

    The configuration is committed.

Configuring Route Exchange Between PEs and CEs

To enable CEs to communicate, the PEs and CEs must be capable of exchanging routes.

Context

In BGP/MPLS IP VPN, a routing protocol or static route must be configured between a PE and a CE to allow them to communicate and allow the CE to obtain routes to other CEs. The routing protocol can be External Border Gateway Protocol (EBGP), Internal Border Gateway Protocol (IBGP), Routing Information Protocol (RIP), Open Shortest Path First (OSPF), or Intermediate System to Intermediate System (IS-IS). Choose one of the following configurations as needed:
The routing protocol configurations on the CE and PE are different:
  • The CE is located at the client side and unaware of the VPN. Therefore, you do not need to configure VPN parameters when configuring a routing protocol on the CE.
  • The PE is located at the edge of the carrier's network. It connects to a CE and exchanges VPN routing information with other PEs. If the CEs that access a PE belong to different VPNs, the PE must maintain different VRF tables. When configuring a routing protocol on the PE, specify the name of the VPN instance to which the routing protocol applies and configure the routing protocol and Multiprotocol Border Gateway Protocol (MP-BGP) to import routes from each other.

Procedure

  • Configure EBGP between a PE and a CE.

    Perform the following steps on the PE:

    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    4. (Optional) Run as-number { as-number-plain | as-number-dot }

      An AS number is configured for the VPN instance IPv4 address family.

      A VPN instance uses the AS number of BGP by default.

      To smoothly re-assign a device to another AS or transmit different services in different instances, run the as-number command to configure a different AS number for each VPN instance IPv4 address family.

      NOTE:

      The AS number configured in the BGP-VPN instance IPv4 address family view must be different from the AS number configured in the BGP view.

    5. Run peer ipv4-address as-number as-number

      The CE is configured as a VPN peer.

    6. (Optional) Run peer { ipv4-address | group-name } ebgp-max-hop [ hop-count ]

      The maximum number of hops between the PE and its EBGP peer (the CE) is specified. This step is mandatory if the PE and CE are not directly connected.

      Generally, EBGP peers are connected by a direct physical link. If no direct physical link is available, the peer ebgp-max-hop command must be used to allow EBGP peers to establish a multi-hop TCP connection.

      If the maximum number of hops is set to 1, the PE cannot establish an EBGP connection with a peer if they are not directly connected.

    7. (Optional) Run either of the following commands:

      • import-route direct [ med med | route-policy route-policy-name ]*
      • network ipv4-address [ mask | mask-length ] [ route-policy route-policy-name ]

      The PE is enabled to import the direct routes destined for the local CE into the VRF table and advertise the routes to the remote PE.

      NOTE:

      The PE can automatically learn the direct routes destined for the local CE. The learned routes take precedence over the direct routes advertised from the local CE using EBGP. If this step is not performed, the PE does not use MP-BGP to advertise the direct routes destined for the local CE to the remote PE.

    8. (Optional) Run peer { group-name | ipv4-address } soo site-of-origin

      The Site of Origin (SoO) attribute is configured for the CE that has been specified as a VPN peer of the PE.

      Several CEs at a VPN site may establish BGP connections with different PEs. The VPN routes advertised from the CEs to the PEs may be re-advertised to the same VPN site after the routes traverse the backbone network. This may cause route loops at the VPN site.

      If the SoO attribute is configured for a specified CE, the PE adds the attribute to a route sent from the CE and advertises the route to the remote PE. The remote PE checks the SoO attribute of the route before sending it to its attached CE. If the SoO attribute is the same as the local SoO attribute on the remote PE, the remote PE does not send the route to its attached CE.

    9. (Optional) Run peer ipv4-address allow-as-loop [ number ]

      Route loops are allowed.

      This step is used in hub & spoke networking.

      Generally, BGP uses the AS number to detect route loops. On a hub & spoke network, if EBGP runs between a Hub-PE and a Hub-CE at a hub site, the route sent from the Hub-PE to the Hub-CE carries the AS number of the Hub-PE. If the Hub-CE sends a route update message to the Hub-PE, the Hub-PE will deny it because the route update message contains the AS number of the Hub-PE. To ensure proper route transmission on a hub & spoke network, configure all the BGP peers along the path (along which the Hub-CE advertises VPN routes to the Spoke-CE) to accept the routes which have the AS number repeated once.

    10. (Optional) Run peer ipv4-address substitute-as

      BGP AS number substitution is enabled.

      Perform this step on the PE in a scenario in which CEs at different sites use the same AS number.

      Enabling BGP AS number substitution may cause routing loops on a CE multi-homing network.

    11. Run commit

      The configuration is committed.

    Perform the following steps on the CE:

    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run peer ipv4-address as-number as-number

      The PE is configured as a VPN peer.

    4. (Optional) Run peer { ipv4-address | group-name } ebgp-max-hop [ hop-count ]

      The maximum number of hops between the CE and its EBGP peer (the PE) is set. This step is mandatory if the PE and CE are not directly connected.

      Generally, EBGP peers are directly connected by a physical link. If no direct physical link is available, the peer ebgp-max-hop command must be used to allow EBGP peers to establish a multi-hop TCP connection.

      If the maximum number of hops is set to 1, the CE cannot establish an EBGP connection with a peer if they are not directly connected.

    5. Run import-route { direct | static | rip process-id | ospf process-id | isis process-id } [ med med | route-policy route-policy-name ]*

      Routes of the local site are imported.

      The CE advertises the routes of its own VPN network segment to the connected PE. The PE forwards the routes to the remote CE. The type of route imported at this step may vary according to the networking mode.

    6. Run commit

      The configuration is committed.

  • Configure IBGP between a PE and a CE.

    Perform the following steps on the PE:

    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    4. Run peer ipv4-address as-number as-number

      The CE is configured as a VPN peer.

    5. (Optional) Run either of the following commands:

      • import-route direct [ med med | route-policy route-policy-name ]*
      • network ipv4-address [ mask | mask-length ] [ route-policy route-policy-name ]

      The PE is enabled to import the direct routes destined for the local CE into the VRF table and advertise the routes to the remote PE.

      NOTE:

      The PE can automatically learn the direct routes destined for the local CE. The learned routes take precedence over the direct routes advertised from the local CE using IBGP. If this step is not performed, the PE does not use MP-BGP to advertise the direct routes destined for the local CE to the remote PE.

    6. Run commit

      The configuration is committed.

    Perform the following steps on the CE:

    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run peer ipv4-address as-number as-number

      The PE is configured as a VPN peer.

    4. Run import-route { direct | static | rip process-id | ospf process-id | isis process-id } [ med med | route-policy route-policy-name ]*

      Routes of the local site are imported.

      The CE advertises the routes of its own VPN network segment to the connected PE. The PE forwards the routes to the remote CE. The type of route imported at this step may vary according to the networking mode.

    5. Run commit

      The configuration is committed.

  • Configure a static route between a PE and a CE.

    Perform the following steps on the PE:

    NOTE:

    Configuring a static route on the CE is not described here. For details about how to configure a static route, see "IPv4 Static Route Configuration" in the HUAWEI NetEngine40E Universal Service Router Configuration Guide - IP Routing.

    1. Run system-view

      The system view is displayed.

    2. Run ip route-static vpn-instance vpn-source-name destination-address { mask | mask-length } interface-type interface-number [ nexthop-address ] [ preference preference | tag tag ] *

      A static route is configured for a specified VPN instance IPv4 address family.

    3. Run bgp as-number

      The BGP view is displayed.

    4. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    5. Run import-route static [ med med | route-policy route-policy-name ]*

      The configured static route is added to the VRF table of the BGP-VPN instance IPv4 address family.

      NOTE:

      A VPN that receives routes outside it from a device other than the PE and advertises the routes to the PE is called a transit VPN. A VPN that receives only routes in it and routes advertised by the PE is called a stub VPN. Generally, a static route is used for route exchange between the CE and PE in a stub VPN only.

    6. Run commit

      The configuration is committed.

  • Configure RIP between a PE and a CE.

    Perform the following steps on the PE:

    NOTE:

    Configuring RIPv1 or RIPv2 on the CE is not described here. For details about how to configure RIP, see "RIP Configuration" in the HUAWEI NetEngine40E Universal Service Router Configuration Guide - IP Routing.

    1. Run system-view

      The system view is displayed.

    2. Run rip process-id vpn-instance vpn-instance-name

      A RIP process is created on the PE.

      A RIP process can be bound only to one VPN instance. If a RIP process is not bound to any VPN instance before it is started, this process becomes a public network process and cannot be bound to a VPN instance later.

    3. Run network network-address

      RIP is enabled on the network segment where the interface bound to the VPN instance resides.

    4. Run import-route bgp [ cost { cost | transparent } | route-policy route-policy-name ]*

      BGP routes are imported into the RIP routing table.

      After the import-route bgp command is run in the RIP view, the PE can import the VPNv4 routes learned from the remote PE into the RIP routing table and advertise them to the attached CE.

    5. Run quit

      Return to the system view.

    6. Run bgp as-number

      The BGP view is displayed.

    7. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    8. Run import-route rip process-id [ med med | route-policy route-policy-name ]*

      RIP routes are imported into the VRF table of the BGP-VPN instance IPv4 address family.

      After the import-route rip command is run in the BGP-VPN instance IPv4 address family view, the PE imports the VPN routes learned from the attached CE into the BGP routing table and advertises VPNv4 routes to the remote PE.

    9. Run commit

      The configuration is committed.

    NOTE:

    Deleting a VPN instance or disabling a VPN instance IPv4 address family will delete all the RIP processes bound to the VPN instance or the VPN instance IPv4 address family on the PE.

  • Configure OSPF between a PE and a CE.

    Configure OSPF on the CE, and the CE configuration details are not provided here. Perform the following steps on the PE:

    NOTE:

    Configuring OSPF on the CE is not described here. For details about how to configure OSPF, see "OSPF Configuration" in the HUAWEI NetEngine40E Universal Service Router Configuration Guide - IP Routing.

    1. Run system-view

      The system view is displayed.

    2. Run ospf process-id [ router-id router-id ] vpn-instance vpn-instance-name

      An OSPF process is created on the PE, and the OSPF view is displayed.

      An OSPF process can be bound to only one VPN instance. If an OSPF process is not bound to any VPN instance before it is started, this process becomes a public network process and cannot be bound to a VPN instance later.

      A router ID needs to be specified when an OSPF process is started after it is bound to a VPN instance. The router ID must be different from the public network router ID configured in the system view. If the router ID is not specified, OSPF selects the IP address of one of the interfaces bound to the VPN instance as the router ID based on a certain rule.

    3. (Optional) Run domain-id domain-id [ secondary ]

      The domain ID is configured.

      The domain ID can be an integer or in dotted decimal notation.

      Each OSPF process can be configured with two domain IDs. Different processes can have the same domain ID. There is no restriction on the domain IDs of the OSPF processes of different VPNs on a PE. The OSPF processes of the same VPN must be configured with the same domain ID to ensure proper route advertisement.

      The domain ID of an OSPF process is contained in the routes generated by this OSPF process. When OSPF routes are imported into BGP, the domain ID is added to the BGP VPN routes and forwarded as the BGP extended community attribute.

    4. (Optional) Run route-tag tag

      The VPN route tag is configured.

    5. Run import-route bgp [ cost cost | route-policy route-policy-name | tag tag | type type ] *

      BGP routes are imported.

    6. Run area area-id

      The OSPF area view is displayed.

    7. Run network ip-address wildcard-mask

      OSPF is enabled on the network segment where the interface bound to the VPN instance resides.

      A network segment belongs to only one area. The area to which each OSPF interface belongs must be specified.

      OSPF can run on an interface properly only when the following conditions are met:

      • The mask length of the IP address of the interface is longer than or equal to that specified in the network command.

      • The primary IP address of the interface is on the network segment specified in the network command.

      By default, OSPF advertises a route destined for the 32-bit address of the loopback interface, irrespective of the mask length configured on the loopback interface.

    8. Run quit

      The OSPF view is displayed.

    9. Run quit

      Return to the system view.

    10. Run bgp as-number

      The BGP view is displayed.

    11. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    12. Run import-route ospf process-id [ med med | route-policy route-policy-name ] *

      OSPF routes are imported into the VRF table of the BGP-VPN instance IPv4 address family.

    13. Run commit

      The configuration is committed.

    NOTE:
    Deleting a VPN instance or disabling a VPN instance IPv4 address family will delete all the OSPF processes bound to the VPN instance or the VPN instance IPv4 address family on the PE.

  • Configure IS-IS between a PE and a CE.

    Perform the following steps on the PE:

    NOTE:

    Configuring IS-IS on the CE is not described here. For details about how to configure IS-IS, see "IS-IS Configuration" in the HUAWEI NetEngine40E Universal Service Router Configuration Guide - IP Routing.

    1. Run system-view

      The system view is displayed.

    2. Run isis process-id vpn-instance vpn-instance-name

      An IS-IS process is created on the PE, and the IS-IS view is displayed.

      An IS-IS process can be bound to only one VPN instance. If an IS-IS process is not bound to any VPN instance before it is started, this process becomes a public network process and cannot be bound to a VPN instance later.

    3. Run network-entity net

      The network entity title (NET) is configured.

      A NET specifies the current IS-IS area address and the system ID of the router.

    4. (Optional) Run is-level { level-1 | level-1-2 | level-2 }

      The IS-IS level of the router is specified.

      Configure the device level based on the network planning. If no device level is configured, IS-IS establishes separate neighbor relationships for Level-1 and Level-2 devices and maintains two identical LSDBs, consuming excessive system resources.

    5. Run import-route bgp [ cost-type { external | internal } | cost cost | tag tag | route-policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ] *

      BGP routes are imported.

      If the IS-IS level is not specified in the command, BGP routes will be imported into the Level-2 IS-IS routing table.

    6. Run quit

      Return to the system view.

    7. Run interface interface-type interface-number

      The view of the interface bound to the VPN instance is displayed.

    8. Run isis enable [ process-id ]

      IS-IS is enabled on the interface.

    9. Run quit

      Return to the system view.

    10. Run bgp as-number

      The BGP view is displayed.

    11. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    12. Run import-route isis process-id [ med med | route-policy route-policy-name ] *

      IS-IS routes are imported into the VRF table of the BGP-VPN instance IPv4 address family.

    13. Run commit

      The configuration is committed.

    NOTE:

    Deleting a VPN instance or disabling a VPN instance IPv4 address family will delete all the IS-IS processes bound to the VPN instance or the VPN instance IPv4 address family on the PE.

  • Configure a direct route between a PE and a CE.

    A direct route can be configured between a PE and a CE only if the CE is a host and connected to the PE using a VLANIF interface. Note that the direct route only needs to be configured on the PE.

    Perform the following steps on the PE:

    1. Run system-view

      The system view is displayed.

    2. Run ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    3. Run ipv4-family

      The VPN instance IPv4 address family view is displayed.

    4. Run arp vlink-direct-route advertise [ route-policy route-policy-name | route-filter route-filter-name ]

      ARP Vlink direct routes are advertised.

      After the parameter route-policy route-policy-name or route-filter route-filter-name is specified in the arp vlink-direct-route advertise command, only filtered ARP Vlink direct routes are advertised.

    5. Run quit

      Return to the VPN instance view.

    6. Run quit

      Return to the system view.

    7. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    8. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    9. Run import-route direct [ med med | route-policy route-policy-name ]*

      The direct route to the local CE is imported.

      After the direct route to the local CE is imported to the VPN routing table, the local PE use MP-BGP to advertise the direct route to the remote PE. This allows the remote CE to access the local CE.

    10. Run commit

      The configuration is committed.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055017

Views: 40730

Downloads: 97

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next