No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Inter-AS IPv6 VPN Option B

Configuring Inter-AS IPv6 VPN Option B

In the scenario where the backbone network spans two ASs, ASBRs need to advertise VPNv6 routes through MP-EBGP.

Usage Scenario

If an ASBR can manage VPN routes but there are not enough interfaces for all inter-AS VPNs, inter-AS VPN Option B can be used. Inter-AS VPN Option B requires ASBRs to help to maintain and advertise VPNv6 routes and you need not create VPN instances on the ASBRs.

On the network shown in Figure 6-10, the interfaces connected between ASBRs do not need to be bound to the VPN. A single-hop MP-EBGP peer relationship is set up between the ASBRs to transmit all inter-AS VPN routing information.

Figure 6-10 Schematic diagram for Inter-AS IPv6 VPN Option B

Pre-configuration Tasks

Before configuring inter-AS VPN Option B, complete the following tasks:

  • Configuring an IGP for the MPLS backbone network of each AS to ensure IP connectivity of the backbone network within an AS

  • Configuring the basic MPLS functions for the MPLS backbone network of each AS and establishing an LDP LSP or TE tunnel between MP-IBGP peers

  • Configuring a VPN Instance on the PE connected to the CE and Binding Interfaces to the VPN Instance

  • Configuring an IPv6 address for the interface connecting the CE to the PE

Configuration Procedures

Figure 6-11 Flowchart for configuring inter-AS IPv6 VPN Option B

Configuring MP-IBGP Between a PE and an ASBR in the Same AS

By importing extended community attributes to BGP, MP-IBGP can advertise VPNv6 routes between the PE and the ASBR.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run bgp as-number

    The BGP view is displayed.

  3. Run peer peer-address as-number as-number

    The IBGP peer relationship is set up between the PE and ASBR in the same AS.

  4. Run peer peer-address connect-interface loopback interface-number

    The loopback interface is specified as the outbound interface of the BGP session.

  5. Run ipv6-family vpnv6 [ unicast ]

    The BGP-VPNv6 sub-address family view is displayed.

  6. Run peer peer-address enable

    The capability of VPNv6 route exchange between the PE and the ASBR is enabled.

  7. Run commit

    The configuration is committed.

Configuring MP-EBGP Between ASBRs in Different ASs

After the MP-EBGP peer relationship is established between ASBRs, an ASBR can advertise the VPNv6 routes of its AS to the other ASBR.

Context

In inter-AS IPv6 VPN Option B, you need not create VPN instances on ASBRs. The ASBR does not filter the VPNv6 routes received from the PE in the same AS based on VPN targets. Instead, it advertises the received routes to the peer ASBR through MP-EBGP.

Procedure

  1. Run system-view

    The system view of the ASBR is displayed.

  2. Run interface interface-type interface-number

    The view of the interface that connects to the peer ASBR is displayed.

  3. Run ip address ip-address { mask | mask-length }

    An IP address is configured for the interface.

  4. Run mpls

    The MPLS capability is enabled.

  5. Run commit

    The configuration is committed.

  6. Run quit

    Return to the system view.

  7. Run bgp as-number

    The BGP view is displayed.

  8. Run peer peer-address as-number as-number

    The peer ASBR is specified as an EBGP peer.

  9. Run ipv6-family vpnv6 [ unicast ]

    The BGP VPNv6 sub-address family view displayed.

  10. Run peer peer-address enable

    The capability of exchanging VPNv6 routes with the peer ASBR is enabled.

  11. Run commit

    The configuration is committed.

Controlling the Learning and Advertising of VPN Routes on ASBR

An ASBR can either save partial VPNv6 routes by filtering VPN targets through a routing policy or save all VPNv6 routes.

Context

By default, an ASBR filters the VPN targets of only the received VPNv6 routes. The routes are imported into the routing table if they pass the filtration; otherwise, they are discarded. Therefore, if no VPN instance is configured on the ASBR or no VPN target is configured for the VPN instance, the ASBR discards all the received VPNv6 routes.

An ASBR can be disabled from filtering VPN targets. After this configuration, the ASBR saves all VPNv6 routes. Additionally, a routing policy can be configured to filter VPN targets so that only partial BGP VPNv6 routes are saved.

Procedure

  1. Run system-view

    The system view of the ASBR is displayed.

  2. Run bgp as-number

    The BGP view is displayed.

  3. Run ipv6-family vpnv6 [ unicast ]

    The BGP VPNv6 sub-address family view displayed.

  4. Run undo policy vpn-target

    Filtering VPN targets of VPNv6 routes is disabled.

    In inter-AS VPN Option B mode, the ASBR does not need to store VPN instance information but must store information about all the VPNv6 routing information and advertise the routing information to the peer ASBR. In this case, the ASBR needs to import all the received VPNv6 routing information without filtering them based on VPN targets.

  5. Run quit

    Return to the BGP view.

  6. Run quit

    Return to the system view.

  7. (Optional) Configure a routing policy to filter VPN targets so that only partial BGP VPNv6 routes are saved.
    1. Perform either of the following operations as required to configure an extcommunity filter.

      • To configure a basic extcommunity filter, run the ip extcommunity-filter { basic-extcomm-filter-num | basic basic-extcomm-filter-name } { deny | permit } { rt { as-number:nn | 4as-number:nn | ipv4-address:nn } } &<1-16> command.

      • To configure an advanced extcommunity filter, run the ip extcommunity-filter { advanced-extcomm-filter-num | advanced advanced-extcomm-filter-name } { deny | permit } regular-expressioncommand.

    2. Run route-policy route-policy-name permit node node

      A routing policy is configured.

    3. Run if-match extcommunity-filter { { basic-extcomm-filter-num | adv-extcomm-filter-num } &<1-16> | basic-extcomm-filter-name | advanced-extcomm-filter-name }

      A matching rule based on the extended community filter is configured.

    4. Run quit

      Return to the system view.

    5. Run bgp as-number

      The BGP view is displayed.

    6. Run ipv6-family vpnv6 [ unicast ]

      The BGP VPNv6 sub-address family view displayed.

    7. Run peer peer-address route-policy policy-name { export | import }

      The routing policy is applied to controlling the importing and exporting of VPNv6 routes.

  8. Run commit

    The configuration is committed.

(Optional) Configuring One-Label-per-Next-Hop Label Distribution on an ASBR

To save label resources on an ASBR, configure one-label-per-next-hop label allocation on the ASBR. One-label-per-next-hop label allocation on ASBRs and one-label-per-instance label distribution on PEs must be used together.

Context

In an inter-AS VPN Option B scenario, after one-label-per-next-hop label distribution is configured on an ASBR, the ASBR assigns only one label to VPNv6 routes that share the same next hop and outgoing label. Compared with on-label-per-route label distribution, one-label-per-next-hop label distribution significantly saves label resources.

Perform the following steps on an ASBR:

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run bgp { as-number-plain | as-number-dot }

    The BGP view is displayed.

  3. Run ipv6-family vpnv6

    The BGP-VPNv6 address family view is displayed.

  4. Run apply-label per-nexthop

    One-label-per-next-hop label distribution is enabled on the ASBR.

    After one-label-per-next-hop label distribution is enabled or disabled on an ASBR, the labels assigned by the ASBR to routes change. As a result, temporary packet loss may occur.

  5. Run commit

    The configuration is committed.

Configuring Route Exchange Between a CE and a PE

BGP, the static route (including the default route), or IGP can run between a CE and a PE. You can choose any of them as required.

Procedure

  1. You can configure a routing protocol between a CE and a PE based on the actual situation. For detailed configuration procedures, see Configuring Route Exchange Between PEs and CEs.

Verifying the Configuration of Inter-AS IPv6 VPN Option B

After configuring inter-AS IPv6 VPN Option B, you can view the status of all BGP peer relationships and VPNv6 routing information on PEs or ASBRs.

Prerequisites

All the configurations about inter-AS VPN Option B are complete.

Procedure

  • Run the display bgp vpnv6 all peer command on the PE or ASBR to check the status of all BGP peer relationships.
  • Run the display bgp vpnv6 all routing-table command on the PE or ASBR to check information about VPNv6 routes.
  • Run the display ipv6 routing-table vpn-instance vpn-instance-name command on the PE to check information about the VPN routing table.
  • Run the display mpls lsp asbr [ nexthop nexthop-ipv6-address [ verbose ] ] command on the ASBR to check information about LSPs created using BGP based on received VPNv6 routes.
  • Run the display mpls lsp protocol bgp [ nexthop nexthop-ipv6-address ] [ lsr-role { egress | ingress | transit } ] [ verbose ] command to check information about LSPs created using BGP based on received IPv6 VPN routes.

Example

Run the display bgp vpnv6 all peer command on the PE or ASBR. The command output shows that the status of the BGP VPNv6 peer relationship between the PE and ASBR in the same AS is "Established". In addition, the status of the EBGP peer relationship between the directly connected ASBRs in different ASs is also "Established".

<HUAWEI> display bgp vpnv6 all peer 
 BGP local router ID : 192.1.1.1
 Local AS number : 100
 Total number of peers : 2                 Peers in established state : 2

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
  1.1.1.9         4         100       39       30     0 00:22:42 Established        1
  192.1.1.2       4         200       31       24     0 00:18:15 Established        1

Run the display bgp vpnv6 all routing-table command on the ASBR. The command output shows the VPNv6 routes on the ASBR.

<HUAWEI> display bgp vpnv6 all routing-table 
 
 BGP Local router ID is 192.1.1.1
 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete

 
 Total number of routes from all PE: 2
 Route Distinguisher: 100:1

 *>i Network  : 2001::                                   PrefixLen : 64  
     NextHop  : ::FFFF:1.1.1.9                           LocPrf    : 100 
     MED      : 0                                        PrefVal   : 0
     Label    : 17/18
     Path/Ogn :  ?
 Route Distinguisher: 200:2

 *>  Network  : 2002::                                   PrefixLen : 64  
     NextHop  : ::FFFF:192.1.1.2                         LocPrf    :   
     MED      :                                          PrefVal   : 0
     Label    : 17/17
     Path/Ogn : 200?

Run the display ipv6 routing-table vpn-instance vpn-instance-name command on the PE. The command output shows that the VPN routing table contains related VPN routes.

<HUAWEI> display ipv6 routing-table vpn-instance vpna
Routing Table : vpna
         Destinations : 4        Routes : 4         

Destination  : 2001::                                  PrefixLength : 64
NextHop      : 2001::2                                 Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : GigabitEthernet0/1/0                    Flags        : D

Destination  : 2001::2                                 PrefixLength : 128
NextHop      : ::1                                     Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : GigabitEthernet0/1/0                    Flags        : D

Destination  : 2002::                                  PrefixLength : 64
NextHop      : ::FFFF:2.2.2.9                          Preference   : 255
Cost         : 0                                       Protocol     : BGP
RelayNextHop : ::                                      TunnelID     : 0x00000000
01004c4b42
Interface    : LDP LSP                                 Flags        : RD

Destination  : FE80::                                  PrefixLength : 10
NextHop      : ::                                      Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : NULL0                                   Flags        : D

Run the display mpls lsp asbr command on the ASBR to check information about LSPs created using BGP based on received VPNv6 routes.

<HUAWEI> display mpls lsp asbr nexthop ::FFFF:1.1.1.9
-------------------------------------------------------------------------------
                 LSP Information: L3VPN IPv6 Label-Per-Nexthop LSP
-------------------------------------------------------------------------------
IndirectID          :  1862271518
Nexthop             :  ::FFFF:1.1.1.9
In Label            :  32902                 Out Label    : 32890          
In Interface        :  -----                 OutInterface : -----
Vrf6 Name           :  ASBR LSP
 
IndirectID          :  1862271518
Nexthop             :  ::FFFF:1.1.1.9
In Label            :  32903                 Out Label    : 32892          
In Interface        :  -----                 OutInterface : -----
Vrf6 Name           :  ASBR LSP

Run the display mpls lsp protocol bgp command on the ASBR or PE to check information about LSPs created using BGP based on received IPv6 VPN routes.

<HUAWEI> display mpls lsp protocol bgp-ipv6 nexthop ::FFFF:1.1.1.9 verbose
-------------------------------------------------------------------------------
                 LSP Information: L3VPN IPv6 Label-Per-Nexthop LSP
-------------------------------------------------------------------------------
  No                  :  1
  VrfIndex            :  ASBR LSP
  RD Value            :  ------
  IndirectID          :  1862271518
  Nexthop             :  ::FFFF:1.1.1.9
  In-Label            :  32902
  Out-Label           :  32890
  In-Interface        :  ------
  Out-Interface       :  ------
  LspIndex            :  32902
  Type                :  Primary
  OutSegmentIndex     :  ------
  LsrType             :  Transit
  Outgoing TunnelID   :  0x4c4b42
  Label Operation     :  SWAP
  Mpls-Mtu            :  ------
  LspAge              :  ------
  
  No                  :  2
  VrfIndex            :  ASBR LSP
  RD Value            :  ------
  IndirectID          :  1862271518
  Nexthop             :  ::FFFF:1.1.1.9
  In-Label            :  32903
  Out-Label           :  32892
  In-Interface        :  ------
  Out-Interface       :  ------
  LspIndex            :  32903
  Type                :  Primary
  OutSegmentIndex     :  ------
  LsrType             :  Transit
  Outgoing TunnelID   :  0x4c4b42
  Label Operation     :  SWAP
  Mpls-Mtu            :  ------
  LspAge              :  ------
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 31767

Downloads: 57

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next