No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Private Network IPv6 FRR

Example for Configuring Private Network IPv6 FRR

Private network IPv6 FRR can be deployed if multiple CEs at an IPv6 VPN site access the same PE. If a route from the PE to a CE is unreachable, this feature quickly switches traffic to a link from the PE to another CE.

Networking Requirements

At a VPN site, different CEs use BGP to access the same PE. The PE learns multiple IPv6 VPN routes with the same VPN prefix from the CEs. To enable the system to select a primary route and a backup route, you can deploy FRR for IPv6 routes on the private network. After this feature is configured, the PE generates a primary route and a backup route to the same destination on the private network. After that, IPv6 traffic can be quickly switched to the link where the backup route resides in case the link where the primary route resides is faulty.

On the network shown in Figure 6-28, an EBGP peer relationship is set up between the PE and each CE. There are two BGP routes from the PE to the Loopback1 interface on Device A. The optimal route resides on Link_A; the sub-optimal route resides on Link_B. It is required that IPv6 Auto FRR be deployed on the PE so that if Link_A fails, IPv6 traffic can be quickly switched to Link_B.

Figure 6-28 Configuring private network IPv6 FRR
NOTE:

Interfaces 1 and 2 in this example are GE 0/1/0 and GE 0/2/0, respectively.



Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an IGP at the VPN site to advertise the route to the Loopback1 interface on Device A to CE1 and CE2.

  2. Configure an IPv6-address-family-supporting VPN instance named vpna on the PE, and bind GE 0/1/0 and GE 0/2/0 to vpna.

  3. Establish an EBGP peer relationship between the PE and CE1, and between the PE and CE2. On CE1 and CE2, configure the IGP and BGP to import routes from each other.

  4. Enable private network IPv6 auto FRR on the PE.

Data Preparation

To complete the configuration, you need the following data:

  • VPN instance name (vpna) and attributes of the VPN instance IPv6 address family, for example, the RD (100:1) and VPN targets (100:100), on the PE

  • MEDs configured for the IGP routes imported into BGP on CE1 and CE2

Procedure

  1. Configure IPv6 addresses for the interfaces on the NEs at the VPN site.

    For configuration details, see Configuration Files in this section.

  2. Configure an IGP at the VPN site to advertise the route to the Loopback1 interface on Device A to CE1 and CE2. This example uses OSPFv3 as the IGP.

    # Configure CE1.

    [~CE1] ospfv3 1
    [*CE1-ospfv3-1] router-id 2.2.2.2
    [*CE1-ospfv3-1] quit
    [*CE1] interface gigaethernet 0/2/0
    [*CE1-GigabitEthernet0/2/0] ospfv3 1 area 0.0.0.0
    [*CE1-GigabitEthernet0/2/0] quit
    [*CE1] commit

    The configurations of CE2 and Device A are similar to the configuration of CE1. For configuration details, see Configuration Files in this section.

    After completing the configurations, run the display ipv6 routing-table command on the CEs. The command output shows that CE1 and CE2 have learned the route to the Loopback1 interface on Device A. The following example uses the command output on CE1.

    <CE1> display ipv6 routing-table
    Routing Table : _public_
             Destinations : 10        Routes : 10
    
     Destination  : ::1                             PrefixLength : 128
     NextHop      : ::1                             Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : InLoopBack0                     Flags        : D
    
     Destination  : ::FFFF:127.0.0.0                PrefixLength : 104
     NextHop      : ::FFFF:127.0.0.1                Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : InLoopBack0                     Flags        : D
     
     Destination  : ::FFFF:127.0.0.1                PrefixLength : 128
     NextHop      : ::1                             Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : InLoopBack0                     Flags        : D 
    
     Destination  : 2001:db8:0::                    PrefixLength : 64
     NextHop      : 2001:db8:0::2                   Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : GigabitEthernet0/1/0            Flags        : D
    
     Destination  : 2001:db8:0::2                   PrefixLength : 128
     NextHop      : ::1                             Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : GigabitEthernet0/1/0            Flags        : D
    
     Destination  : 2001:db8:2::                    PrefixLength : 64
     NextHop      : 2001:db8:2::1                   Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : GigabitEthernet0/2/0            Flags        : D
    
     Destination  : 2001:db8:2::1                   PrefixLength : 128
     NextHop      : ::1                             Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : GigabitEthernet0/2/0            Flags        : D
    
     Destination  : 2001:db8:3::                    PrefixLength : 64
     NextHop      : FE80::5451:0:FAC1:1             Preference   : 10
     Cost         : 3124                            Protocol     : OSPFv3
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : GigabitEthernet0/2/0            Flags        : D
    
     Destination  : 2001:db8:4::1                  PrefixLength : 128
     NextHop      : FE80::5451:0:FAC1:1             Preference   : 10
     Cost         : 1562                            Protocol     : OSPFv3
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : GigabitEthernet0/2/0            Flags        : D
    
     Destination  : FE80::                          PrefixLength : 10
     NextHop      : ::                              Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : NULL0                           Flags        : D

  3. Configure an IPv6-address-family-supporting VPN instance on each PE and bind the interface that connects a PE to a CE to the VPN instance on that PE.

    # Configure a VPN instance named vpna on the PE, and bind GE 0/1/0 and GE 0/2/0 to the instance.

    <PE> system-view
    [~PE] ip vpn-instance vpna
    [*PE-vpn-instance-vpna] ipv6-family
    [*PE-vpn-instance-vpna-af-ipv6] route-distinguisher 100:1
    [*PE-vpn-instance-vpna-af-ipv6] vpn-target 100:100
    [*PE-vpn-instance-vpna-af-ipv6] quit
    [*PE-vpn-instance-vpna] quit
    [*PE] interface gigabitethernet 0/1/0
    [*PE-GigabitEthernet0/1/0] ip binding vpn-instance vpna
    [*PE-GigabitEthernet0/1/0] ipv6 enable
    [*PE-GigabitEthernet0/1/0] ipv6 address 2001:db8:0::1 64
    [*PE-GigabitEthernet0/1/0] quit
    [*PE] interface gigabitethernet 0/2/0
    [*PE-GigabitEthernet0/2/0] ip binding vpn-instance vpna
    [*PE-GigabitEthernet0/2/0] ipv6 enable
    [*PE-GigabitEthernet0/2/0] ipv6 address 2001:db8:1::1 64
    [*PE-GigabitEthernet0/2/0] quit
    [*PE] commit

  4. Establish EBGP peer relationships between the PE and CEs.

    # Configure the PE.

    [~PE] bgp 100
    [*PE-bgp] ipv6-family vpn-instancee vpna
    [*PE-bgp6-vpna] peer 2001:db8:0::2 as-number 65410
    [*PE-bgp6-vpna] peer 2001:db8:1::2 as-number 65410
    [*PE-bgp6-vpna] quit
    [*PE-bgp] quit
    [*PE] commit

    # Configure CE1.

    [~CE1] bgp 65410
    [*CE1-bgp] peer 2001:db8:0::1 as-number 100
    [*CE1-bgp] ipv6-family unicast
    [*CE1-bgp-af-ipv6] peer 2001:db8:0::1 enable
    [*CE1-bgp-af-ipv6] quit
    [*CE1-bgp] quit
    [*CE1] commit

    The configuration of CE2 is similar to the configuration of CE1. For configuration details, see Configuration Files in this section.

    After completing the configurations, run the display bgp vpnv6 vpn-instance vpna peer command on the PE. The command output shows that the status of the EBGP peer relationship between the PE and CEs is Established.

    <PE> display bgp vpnv6 vpn-instancee vpna peer
    
     BGP local router ID : 1.1.1.1
     Local AS number : 100
     Total number of peers : 2                 Peers in established state : 2
    
      Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv
    
      2001:db8:0::2   4       65410       35       37     0 00:24:31 Established   3
      2001:db8:1::2   4       65410       41       43     0 00:24:03 Established   3

  5. Configure route exchange between OSPFv3 and BGP on the CEs.

    Configure OSPFv3 routes on the CEs and import them into BGP. To make the PE select the route along Link_A as the optimal route, ensure that the MED configured for the OSPFv3 routes imported into BGP on CE1 is smaller than that configured on CE2.

    # Configure CE1.

    [~CE1] bgp 65410
    [*CE1-bgp] ipv6-family unicast
    [*CE1-bgp-af-ipv6] import-route ospfv3 1 med 100
    [*CE1-bgp-af-ipv6] quit
    [*CE1-bgp] quit
    [*CE1] commit

    # Configure CE2.

    [~CE2] bgp 65410
    [*CE2-bgp] ipv6-family unicast
    [*CE2-bgp-af-ipv6] import-route ospfv3 1 med 500
    [*CE2-bgp-af-ipv6] quit
    [*CE2-bgp] quit
    [*CE2] commit

    # Import BGP routes into OSPFv3 on CE1.

    [~CE1] ospfv3 1
    [*CE1-ospfv3-1] import-route bgp
    [*CE1-ospfv3-1] quit
    [*CE1] commit

    # Import BGP routes into OSPFv3 on CE2.

    [*CE2] ospfv3 1
    [*CE2-ospfv3-1] import-route bgp
    [*CE2-ospfv3-1] quit
    [*CE2] commit

    After completing the configurations, run the display ipv6 routing-table vpn-instance command on the PE. The command output shows the route to the Loopback1 interface on Device A.

    <PE> display ipv6 routing-table vpn-instance vpna
    Routing Table : vpna
             Destinations : 8        Routes : 8
    
     Destination  : 2001:db8:0::                    PrefixLength : 64
     NextHop      : 2001:db8:0::1                   Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : GigabitEthernet0/1/0            Flags        : D
    
     Destination  : 2001:db8:0::1                   PrefixLength : 128
     NextHop      : ::1                             Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : GigabitEthernet0/2/0            Flags        : D
    
     Destination  : 2001:db8:1::                    PrefixLength : 64
     NextHop      : 2001:db8:1::1                   Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : GigabitEthernet0/2/0            Flags        : D
    
     Destination  : 2001:db8:1::1                   PrefixLength : 128
     NextHop      : ::1                             Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : GigabitEthernet0/1/0            Flags        : D
    
     Destination  : 2001:db8:2::                    PrefixLength : 64
     NextHop      : 2001:db8:0::2                   Preference   : 255
     Cost         : 100                             Protocol     : BGP
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : GigabitEthernet0/1/0            Flags        : D
    
     Destination  : 2001:db8:3::                    PrefixLength : 64
     NextHop      : 2001:db8:1::2                   Preference   : 255
     Cost         : 0                               Protocol     : BGP
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : GigabitEthernet0/2/0            Flags        : D
    
     Destination  : 2001:db8:4::1                   PrefixLength : 128
     NextHop      : 2001:db8:0::2                   Preference   : 255
     Cost         : 100                             Protocol     : BGP
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : GigabitEthernet0/1/0            Flags        : D
    
     Destination  : FE80::                          PrefixLength : 10
     NextHop      : ::                              Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : NULL0                           Flags        : D

  6. Enable private network IPv6 auto FRR on the PE.

    # Configure the PE.

    [~PE] bgp 100
    [~PE-bgp] ipv6-family vpn-instance vpna
    [*PE-bgp6-vpna] auto-frr
    [*PE-bgp6-vpna] quit
    [*PE-bgp] quit
    [*PE-bgp] commit
    NOTE:

    The auto-frr command run in the BGP-VPN instance IPv6 address family view is valid only for BGP routes.

  7. Verify the configuration.

    Run the display ipv6 routing-table vpn-instance command on the PE. The command output shows that the next hop to 2001:db8:4::1/128 is 2001:db8:0::2, and the PE has a backup next hop and a backup outbound interface.

    <PE> display ipv6 routing-table vpn-instance vpna 2001:db8:4::1 verbose
    Routing Table : vpna
    Summary Count : 1
    
     Destination  : 2001:db8:4::1                   PrefixLength : 128
     NextHop      : 2001:db8:0::2                  Preference   : 255
     Neighbour    : 2001:db8:0::2                   ProcessID    : 0
     Label        : NULL                            Protocol     : BGP
     State        : Active Adv                      Cost         : 100
     Entry ID     : 27                              EntryFlags   : 0x80004100
     Reference Cnt: 2                               Tag          : 0
     IndirectID   : 0x6                             Age          : 3sec 
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : GigabitEthernet0/1/0            Flags        : D
     BkNextHop    : 2001:db8:1::2                   BkInterface  : GigabitEthernet0/2/0
     BkLabel      : NULL                            BkTunnelID   : 0x0
     BkPETunnelID : 0x0                             BkIndirectID : 0x5

    Disable IPv6 on GE 0/2/0 on CE1 so that IPv6 routes cannot be transmitted over Link_A.

    [~CE1] interface Gigabitethernet0/2/0
    [*CE1-GigabitEthernet0/2/0] undo ipv6 enable
    [*CE1-GigabitEthernet0/2/0] quit
    [*CE1] commit

    Run the display ipv6 routing-table vpn-instance command again on the PE. The command output shows that the next hop to 2001:db8:4::1/128 is 2001:db8:1::2, and the PE does not have a backup next hop or a backup outbound interface.

    <PE> display ipv6 routing-table vpn-instance vpna 2001:db8:4::1 verbose
    Routing Table : vpna
    Summary Count : 1
    
     Destination  : 2001:db8:4::1                   PrefixLength : 128
     NextHop      : 2001:db8:1::2                  Preference   : 255
     Neighbour    : 2001:db8:1::2                   ProcessID    : 0
     Label        : NULL                            Protocol     : BGP
     State        : Active Adv                      Cost         : 500
     Entry ID     : 27                              EntryFlags   : 0x80004100
     Reference Cnt: 2                               Tag          : 0
     IndirectID   : 0x6                             Age          : 3sec 
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : GigabitEthernet0/2/0            Flags        : D

    Private network IPv6 FRR has taken effect.

Configuration Files

  • PE configuration file
    #
     sysname PE
    #
    ip vpn-instance vpna
     ipv6-family
      route-distinguisher 100:1
      vpn-target 100:100 export-extcommunity
      vpn-target 100:100 import-extcommunity
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip binding vpn-instance vpna
     ipv6 enable
     ipv6 address 2001:db8:0::1/64
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip binding vpn-instance vpna
     ipv6 enable
     ipv6 address 2001:db8:1::1/64
    #
    bgp 100
     #
     ipv4-family unicast
      undo synchronization
     #
     ipv6-family vpnv6
      policy vpn-target
     #
     ipv6-family vpn-instancee vpna
      auto-frr
      peer 2001:db8:0::2 as-number 65410
      peer 2001:db8:1::2 as-number 65410
    #
    return
    
  • CE1 configuration file
    #
     sysname CE1
    #
    ospfv3 1
     router-id 2.2.2.2
     import-route bgp
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ipv6 enable
     ipv6 address 2001:db8:0::2/64
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ipv6 enable
     ipv6 address 2001:db8:2::1/64
     ospfv3 1 area 0.0.0.0
    #
    interface LoopBack1
     ip address 2.2.2.2 255.255.255.255
    #
    bgp 65410
     peer 2001:db8:0::1 as-number 100
     #
     ipv4-family unicast
      undo synchronization
     #
     ipv6-family unicast
      undo synchronization
      import-route ospfv3 1 med 100
      peer 2001:db8:0::1 enable
    #
    return
  • CE2 configuration file
    #
     sysname CE2
    #
    ospfv3 1
     router-id 3.3.3.3
     import-route bgp
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ipv6 enable
     ipv6 address 2001:db8:1::2/64
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ipv6 enable
     ipv6 address 2001:db8:3::1/64
     ospfv3 1 area 0.0.0.0
    #
    interface LoopBack1
     ip address 3.3.3.3 255.255.255.255
    #
    bgp 65410
     peer 2001:db8:1::1 as-number 100
     #
     ipv4-family unicast
      undo synchronization
     #
     ipv6-family unicast
      undo synchronization
      import-route ospfv3 1 med 500
      peer 2001:db8:1::1 enable
    #
    return
  • Configuration file of Device A
    #
     sysname DeviceA
    #
    ospfv3 1
     router-id 4.4.4.4
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ipv6 enable
     ipv6 address 2001:db8:2::2/64
     ospfv3 1 area 0.0.0.0
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ipv6 enable
     ipv6 address 2001:db8:3::2/64
     ospfv3 1 area 0.0.0.0
    #
    interface LoopBack1
     ipv6 enable
     ipv6 address 2001:db8:4::1/128
     ospfv3 1 area 0.0.0.0
    #
    return
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 27514

Downloads: 53

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next