No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Routing 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - IP Routing
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an OSPF Sham Link

Configuring an OSPF Sham Link

This section describes how to configure an OSPF sham link so that traffic between sites of the same VPN in the same OSPF area is forwarded through the OSPF intra-area route over the BGP/MPLS IP VPN backbone network.

Usage Scenario

Generally, BGP peers use BGP extended community attributes to carry routing information over the BGP/MPLS IP VPN backbone network. PEs can use the routing information to exchange inter-area routes between PEs and CEs through OSPF. OSPF sham links are unnumbered P2P links between two PEs over an MPLS VPN backbone network. The source and destination IP addresses of each sham link are IP addresses with a 32-bit mask of loopback interfaces. The loopback interfaces must be bound to a VPN instance, and routes of the two IP addresses are advertised through BGP.

On the BGP/MPLS IP VPN backbone network, if an intra-area OSPF link exists between the network segment where the local CE resides and the network segment where the remote CE resides, the route over this intra-area OSPF link is an intra-area route and has a higher priority than the inter-area route over the BGP/MPLS IP VPN backbone network. In this case, VPN traffic is always forwarded through this intra-area route. To prevent this problem, you can set up an OSPF sham link between the PEs so that the route over the MPLS IP VPN backbone network becomes an OSPF intra-area route and ensure that this route is preferentially selected.

Pre-configuration Tasks

Before configuring an OSPF sham link, complete the following tasks:

  • Configure basic BGP/MPLS IP VPN functions and configure OSPF between each PE and its corresponding CE.

  • Configure OSPF in the LAN of each CE.

Procedure

  1. Configure endpoint IP addresses for a sham link.

    Perform the following steps on PEs at both ends of the sham link:

    1. Run system-view

      The system view is displayed.

    2. Run interface loopback loopback-number

      A loopback interface is created, and its view is displayed.

      Each VPN instance must have an endpoint IP address of a sham link, and the IP address is a loopback interface IP address with a 32-bit mask in the VPN address space of a PE. Sham links of the same OSPF process can share the same endpoint IP address. The endpoint IP addresses of sham links of different OSPF processes must be different.

    3. Run ip binding vpn-instance vpn-instance-name

      A VPN instance is bound to the loopback interface.

    4. Run ip address ip-address { mask | mask-length }

      An IP address is configured for the loopback interface.

      NOTE:
      The configured IP address must have a 32-bit mask (255.255.255.255).

    5. Run commit

      The configuration is committed.

    6. Run quit

      Return to the system view.

  2. Advertise routes of the sham link's endpoint IP addresses.

    Perform the following steps on PEs at both ends of the sham link:

    1. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    2. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    3. Run import-route direct

      Import direct routes (routes of the sham link's endpoint IP addresses in this case) to BGP.

      Routes of the sham link's endpoint IP addresses are advertised as VPN IPv4 routes by BGP.

      NOTE:

      Ensure that routes of the sham link's endpoint IP addresses are not exchanged by PEs through the VPN OSPF process.

      If routes of the sham link's endpoint IP addresses are exchanged by PEs through the VPN OSPF process, each PE has two routes to the other endpoint of the sham link. One of the routes is learned through the VPN OSPF process, and the other is learned through the MP-BGP connection. Because the OSPF route has a higher priority than the BGP route, the OSPF route is selected, causing a sham link establishment failure.

    4. Run commit

      The configuration is committed.

    5. Run quit

      Return to the BGP view.

    6. Run quit

      Return to the system view.

  3. Create an OSPF sham link.

    Perform the following steps on PEs at both ends of the sham link:

    1. Run ospf process-id [ router-id router-id ] vpn-instance vpn-instance-name

      The OSPF multi-instance view is displayed.

    2. Run area area-id

      The OSPF area view is displayed.

    3. Run sham-link soure-ip-address destination-ip-address [ smart-discover | cost cost | hello hello-interval | dead dead-interval | retransmit retransmit-interval | trans-delay trans-delay-interval | [ simple [ plain plain-text | [ cipher cipher-text | cipher-text ] | { md5 | hmac-md5 | hmac-sha256 } [ key-id { plain plain-text | cipher cipher-text | cipher-text } ] | authentication-null | keychain keychain-name ] ] *

      A sham link is created.

      The authentication modes configured at the two ends must be the same. If packet authentication is configured, only the OSPF packets that pass the authentication are accepted; if the authentication fails, the OSPF neighbor relationship cannot be established.

      NOTE:

      To ensure that VPN traffic is forwarded over the MPLS backbone network, ensure that the cost of the sham link is smaller than that of the OSPF route used to forward the traffic over the user network when running the sham-link command. In most cases, you need to change the cost of the interfaces on the user network to ensure that the cost of the OSPF route used to forward the traffic over the user network is greater than that of the sham link.

Checking the Configurations

After configuring the OSPF sham link, run the following commands to check the configurations.

  • Run the display ip routing-table vpn-instance vpn-instance-name command on PEs to check the VPN routing table.
  • Run the display ip routing-table command on CEs to check the routing table.
  • Run the tracert host command on a CE to check the nodes through which data is forwarded to the remote end.
  • Run the display ospf process-id sham-link [ area area-id ] command on PEs to check whether the sham link is established.
  • Run the display ospf routing command on CEs to check OSPF routes.

# Run the display ip routing-table vpn-instance command on a PE. The following command output shows that the route to the remote CE is an OSPF route over the user network rather than the BGP route over the backbone network.

<HUAWEI> display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
 Routing Tables: vpn1
         Destinations : 10        Routes : 10
 Destination/Mask  Proto  Pre  Cost      Flags  NextHop           Interface
       5.5.5.5/32  Direct 0    0            D   127.0.0.1         LoopBack10
       6.6.6.6/32  IBGP   255  0            RD  3.3.3.9           GigabitEthernet0/2/0
       8.8.8.8/32  IBGP   255  2            RD  3.3.3.9           GigabitEthernet0/2/0
      10.1.1.0/24  OSPF   10   11           D   172.16.1.1        GigabitEthernet0/1/0
      10.2.1.0/24  OSPF   10   12           D   172.16.1.1        GigabitEthernet0/1/0
     172.16.1.0/24 Direct 0    0            D   172.16.1.2        GigabitEthernet0/1/0
     172.16.1.2/32 Direct 0    0            D   127.0.0.1         GigabitEthernet0/1/0
   172.16.1.255/32 Direct 0    0            D   127.0.0.1         GigabitEthernet0/1/0
     172.16.2.0/24 IBGP   255  0            RD  3.3.3.9           GigabitEthernet0/2/0
255.255.255.255/32 Direct 0    0            D   127.0.0.1         InLoopBack0

# Run the display ip routing-table and tracert commands on the CE. The following command outputs show that the VPN traffic to the remote end is forwarded over the backbone network.

<HUAWEI> display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : _public_
         Destinations : 15       Routes : 15        
Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface
        5.5.5.5/32  O_ASE   150  1             D   172.16.1.2      GigabitEthernet0/1/0
        6.6.6.6/32  O_ASE   150  1             D   172.16.1.2      GigabitEthernet0/1/0
        8.8.8.8/32  OSPF    10   3             D   172.16.1.2      GigabitEthernet0/1/0
       10.1.1.0/24  Direct  0    0             D   10.1.1.1        GigabitEthernet0/2/0
       10.1.1.1/32  Direct  0    0             D   127.0.0.1       GigabitEthernet0/2/0
     10.1.1.255/32  Direct  0    0             D   127.0.0.1       GigabitEthernet0/2/0
       10.2.1.0/24  OSPF    10   11            D   10.1.1.2        GigabitEthernet0/2/0
      127.0.0.0/8   Direct  0    0             D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0             D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0
     172.16.1.0/24  Direct  0    0             D   172.16.1.1      GigabitEthernet0/1/0
     172.16.1.1/32  Direct  0    0             D   127.0.0.1       GigabitEthernet0/1/0
   172.16.1.255/32  Direct  0    0             D   127.0.0.1       GigabitEthernet0/1/0
     172.16.2.0/24  OSPF    10   3             D   172.16.1.2      GigabitEthernet0/1/0
255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0
[~CE1] tracert 172.16.2.1
 traceroute to 172.16.2.1(172.16.2.1), max hops: 30 ,packet length: 40,press CTRL_C to break
 1 172.16.1.2 131 ms  2 ms  1 ms
 2 50.1.1.2 475 ms  4 ms  4 ms
 3 172.16.2.2 150 ms  3 ms  4 ms
 4 172.16.2.1 76 ms  3 ms  5 ms

# Run the display ospf process-id sham-link area command on the PE. The following command output shows that the OSPF neighbor relationship between the PE and remote CE is in Full state.

<HUAWEI> display ospf sham-link area 0
          OSPF Process 100 with Router ID 11.11.11.11
  Sham-Link: 5.5.5.5 --> 6.6.6.6
  NeighborID: 22.22.22.22,   State: Full,    GR status: Normal
  Area: 0.0.0.0
  Cost: 1 , State: P-2-P , Type: Sham
  Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1

# Run the display ospf routing command on the CE. The following command output shows that the route to the remote CE is an intra-area route.

<HUAWEI> display ospf routing
          OSPF Process 1 with Router ID 10.1.1.1
                   Routing Tables
 Routing for Network
 Destination        Cost  Type       NextHop         AdvRouter       Area
 8.8.8.8/32         3     Stub       172.16.1.2      10.2.1.2        0.0.0.0
 10.1.1.0/24        10    Direct     10.1.1.1        10.1.1.1        0.0.0.0
 10.2.1.0/24        11    Transit    10.1.1.2        10.1.1.2        0.0.0.0
 172.16.1.0/24      1     Direct     172.16.1.1      10.1.1.1        0.0.0.0
 172.16.2.0/24      3     Transit    172.16.1.2      10.2.1.2        0.0.0.0
 Routing for ASEs
 Destination        Cost      Type       Tag         NextHop         AdvRouter
 6.6.6.6/32         1         Type2      3489661028  172.16.1.2      11.11.11.11
 5.5.5.5/32         1         Type2      3489661028  172.16.1.2      22.22.22.22
 Total Nets: 7
 Intra Area: 5  Inter Area: 0  ASE: 2  NSSA: 0
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058916

Views: 34952

Downloads: 51

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next