No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring EVPN VPWS over MPLS Functions

Configuring EVPN VPWS over MPLS Functions

To allow traffic communication between an AC interface on the user side and a P2P MPLS LDP tunnel interface on the network side, you can configure EVPN VPWS over MPLS so that the two interfaces can be bound to each other.

Usage Scenario

EVPN VPWS provides a P2P L2VPN service solution based on the EVPN service architecture. Regarding this solution, a P2P MPLS tunnel is established between PEs and traverses the backbone network. By binding the AC interface on the user side to the P2P MPLS tunnel on the network side, traffic can be transmitted between the AC interface and the P2P MPLS tunnel. As a result, traffic that enters the AC interface is forwarded directly to the peer PE through the P2P MPLS tunnel. This solution provides a simple Layer 2 packet forwarding mode for the connection between AC interfaces at both ends, avoiding the need to search MAC address entries. This service solution is named Ethernet Line (E-Line).

The basic EVPN VPWS architecture has the following components:

  • AC: access circuit. An AC is an independent link or circuit that connects a CE to a PE. An AC interface can be a physical interface or a logical interface. AC attributes include the encapsulation type, maximum transmission unit (MTU), and interface parameters of a specified link type.
  • VPWS instance: virtual private wire service instance. Each VPWS instance corresponds to an AC interface, indicating an Ethernet private line (EPL) or Ethernet virtual private line (EVPL) access.
  • EVI: EVPN instance. Deployed on an edge PE, an EVI contains services that have the same access-side or network-side attributes. Routes are transmitted based on the RD and RTs configured in each EVI.
  • Tunnel: tunnel on the network side.
Figure 11-11 Configuring EVPN VPWS over MPLS functions

Pre-configuration Tasks

Before configuring EVPN VPWS over MPLS, enable route reachability on an IPv4 network.

Configuration Procedures

Figure 11-12 Flowchart for configuring EVPN VPWS over MPLS

Configuring EVPN Functions

EVPN VPWS provides a P2P L2VPN service solution based on the EVPN service architecture. Before configuring EVPN VPWS over MPLS, you must configure EVPN functions.

Configuration Procedures

To configure EVPN functions, see Configuring Common EVPN Functions.

Configuring an EVPL Instance

Before binding an AC interface on the user side to an MPLS tunnel interface on the network side, you must create an EVPL instance.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run evpn vpn-instance vpn-instance-name

    An EVPN instance is created, and its view is displayed.

  3. Run route-distinguisher route-distinguisher

    An RD is configured for the EVPN instance.

    An EVPN instance takes effect only after the RD is configured. The RDs of different EVPN instances on a PE must be different.

    NOTE:

    After being configured, an RD cannot be modified, but can be deleted. After you delete the RD of an EVPN instance, the VPN targets of the EVPN instance will also be deleted.

  4. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

    VPN targets are configured for the EVPN instance.

    A VPN target is a BGP extended community attribute. It is used to control the receiving and advertisement of EVPN routes. A maximum of eight VPN targets can be configured using a vpn-target command. To configure more VPN targets for an EVPN instance address family, run the vpn-target command several times.

    NOTE:

    The RT used by an Ethernet segment route is generated based on the middle six bytes of the ESI. For example, if the ESI is 0011.1001.1001.1001.1002, then the Ethernet segment route uses 11.1001.1001.10 as its RT.

  5. Run quit

    Return to the system view.

  6. Run evpl instance evpl-id mpls-mode

    An EVPL instance is created, and its view is displayed.

  7. Run evpn binding vpn-instance vpn-instance-name

    The EVPL instance is bound to an EVPN instance for a specified VPWS.

    By default, an EVPL instance is not bound to an EVPN instance.

  8. Run commit

    The configuration is committed.

Configuring an AC Interface

In MPLS E-Line scenarios, a Layer 2 sub-interface can function as an AC interface, and traffic encapsulation can be configured on the AC interface to transmit different types of data packets.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number.subnum mode l2

    A Layer 2 sub-interface is created, and the sub-interface view is displayed.

    By default, no Layer 2 sub-interface is configured.

    NOTE:

    Before running this command, ensure that the Layer 2 main interface does not have the port link-type dot1q-tunnel command configuration. If the configuration has existed, run the undo port link-type command to delete it.

  3. Run evpl instance evpl-id

    An EVPL instance is bound to the Layer 2 sub-interface.

    By default, no EVPL instance is bound to a Layer 2 sub-interface.

  4. Run commit

    The configuration is committed.

Configuring an MPLS LDP Tunnel

EVPN E-Line uses P2P MPLS LDP tunnels to traverse the backbone network. This section describes how to configure an MPLS LDP tunnel.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run mpls lsr-id lsr-id

    The LSR ID of the local node is configured.

    When configuring an LSR ID, note the following:
    • Configuring an LSR ID is the prerequisite of all MPLS configurations.

    • An LSR ID must be manually configured because no default LSR ID is available.

    • Use the IP address of a loopback interface on an LSR as an LSR ID.

      The undo mpls command deletes all MPLS configurations, including the established LDP sessions and LSPs.

  3. Run mpls

    MPLS is enabled globally, and the MPLS view is displayed.

    By default, MPLS is disabled globally.

  4. Run mpls ldp

    MPLS LDP is enabled globally, and the MPLS-LDP view is displayed.

    By default, LDP is disabled globally.

  5. Run quit

    Return to the system view.

  6. Run interface interface-type interface-number

    The view of the interface on which an LDP session is to be established is displayed.

  7. Run mpls

    MPLS is enabled on an interface.

  8. Run mpls ldp

    MPLS LDP is enabled on an interface.

    By default, MPLS LDP is disabled on an interface.

    NOTE:

    Disabling MPLS LDP from an interface leads to interruptions of all LDP sessions on the interface and deletions of all LSPs established over these LDP sessions.

  9. Run commit

    The configuration is committed.

(Optional) Configuring DF Election

In an EVPN-VPWS over MPLS scenario where a CE is multi-homed to PEs in single-active mode and no E-Trunk is configured, you can enable designated forwarder (DF) election on the multi-homing PEs to determine the primary and backup DFs.

Context

The following figure shows the EVPN VPWS multi-homing scenario. CE1 is dual-homed to PE1 and PE2, and MPLS LDP tunnels are established between PE1 and PE3 and between PE2 and PE3 so that CE1 and CE2 can communicate with each other. When PEs work in single-active mode and no E-Trunk is configured, to prevent CE1 from receiving duplicate traffic from both PE1 and PE2, DF election must be enabled on PE1 and PE2 so that a primary DF is selected to forward BUM traffic. This helps save network resources.

Figure 11-13 Configuring DF election

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run evpl instance evpl-id mpls-mode

    An EVPL instance is created, and its view is displayed.

  3. Run local-service-idservice-id remote-service-id service-id

    The device is enabled to transmit packets carrying local and remote service IDs.

  4. Run quit

    Return to the system view.

  5. Run evpn

    The global EVPN configuration view is created and displayed.

  6. Run vpws-df-election type service-id

    Service ID-based DF election is configured.

    NOTE:

    In addition to configuring service ID-based DF election, you can configure VLAN-based DF election using the df-election type vlan command.

  7. Run commit

    The configuration is committed.

(Optional) Configuring FRR

In an EVPN VPWS over MPLS scenario where multi-homing in single-active mode is enabled, you can configure fast reroute (FRR) to prevent traffic loss on the primary PE in case of a fault.

Usage Scenario

The following figure shows the EVPN VPWS over MPLS scenario where CE1 is dual-homed to PE1 and PE2 in single-active mode. PE3 forwards traffic only to the primary PE according to the primary/backup DF status of PE1 and PE2. If PE1 is the primary DF, the path marked red between CE1 and CE2 is the primary path, and path marked blue is the backup path. To prevent a fault on the primary path from causing a traffic loss, FRR must be configured.

In normal conditions, downstream traffic on PE3 is sent to PE1. After local and remote FRR functions are configured on PE1 and PE2, if PE1 detects a link fault between itself and CE1, PE1 forwards traffic to PE2, and then PE2 forwards traffic to CE1. After remote FRR is enabled on PE3, if PE3 detects a link fault between itself and PE1, PE3 quickly switches traffic to PE2, and then PE2 forwards traffic to CE1.

Figure 11-14 Configuring FRR

Procedure

  • Configure local and remote FRR functions on PE1 and PE2.
    1. Run system-view

      The system view is displayed.

    2. Run evpn vpn-instance vpn-instance-name vpws

      The view of an EVPN instance for a VPWS is displayed.

    3. Run local-remote frr enable

      Local and remote FRR functions are enabled in the EVPN instance.

      NOTE:

      In addition to enabling local and remote FRR functions in an EVPN instance, you can enable local and remote FRR functions globally using the local-remote vpws-frr enable command in the global EVPN view.

    4. Run commit

      The configuration is committed.

  • Configure remote FRR on PE3.
    1. Run system-view

      The system view is displayed.

    2. Run evpn vpn-instance vpn-instance-name vpws

      The view of an EVPN instance for the VPWS is displayed.

    3. Run remote frr [enable | disable ]

      Remote FRR is enabled in the EVPN instance.

      NOTE:

      In addition to enabling remote FRR in the EVPN instance view, you can also enable remote FRR globally using the remote vpws-frr enable command in the global EVPN view. By default, if the remote frr enable command is not run in the VPWS-EVPN instance view, the remote vpws-frr enable command configuration in the global view takes effect. If both the remote frr enable command and the remote vpws-frr enable command are run, the remote frr enable command configuration takes effect.

    4. Run commit

      The configuration is committed.

Verifying the Configuration of EVPN VPWS over MPLS Functions

After configuring EVPN VPWS over MPLS functions, check the configurations.

Prerequisites

EVPN VPWS over MPLS has been configured.

Procedure

  • Run the display bgp evpn evpl brief command to check brief information about all EVPL instances.
  • Run the display bgp evpn evpl instance-id instance-id command to check information about a specified EVPL instance.

Example

Run the display bgp evpn evpl command. The command output shows brief information about all EVPL instances.

<HUAWEI> display bgp evpn evpl brief
Total EVPLs: 2     1 Up     1 Down

EVPL ID : 1
State : Up
Tunnel Type : VXLAN 
Interface : Eth-trunk1.1

EVPL ID : 100
State : Down
Tunnel Type : LSP
Interface : GigabitEthernet 3/0/0.1

Run the display bgp evpn evpl instance-id instance-id command. The command output shows information about a specified EVPL instance.

<HUAWEI> display bgp evpn evpl instance-id 1
Total EVPLs: 1      1 Up     0 Down

EVPL ID : 1
State : up
Tunnel Type : LSP 
Interface : Ethernet3/0/1
Tunnel ID : 5000002
Out Interface : Ethernet3/0/0
Local MTU : 1500
Local Control Word : false
Local Redundancy Mode : all-active
Local DF State : primary
Local ESI : 0000.0000.0000.0000.0000
Remote Redundancy Mode : all-active
Remote Primary DF Number : 1
Remote Backup DF Number : 0
Remote None DF Number : 0
Peer IP : 2.2.2.2
 Origin Nexthop IP : 2.2.2.2
 DF State : primary
 Remote MTU : 1500
 Remote Control Word : false
 Remote ESI : 0001.0002.0003.0004.0005
 Last Interface UP Timestamp : 2017-8-24 2:43:36:495
Last Designated Primary Timestamp : --
Last Designated Backup Timestamp : 2017-8-24 2:43:33:808
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 32051

Downloads: 59

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next